landomata
Legendary
Offline
Activity: 2184
Merit: 1000
|
|
January 01, 2014, 08:41:38 PM |
|
Isn't the party line not to use the word 'official' any more? Official doesn;t have to mean centralized
|
|
|
|
laowai80
Member
Offline
Activity: 98
Merit: 10
|
|
January 01, 2014, 08:43:26 PM |
|
How to check SHA256 checksum ? and what should I expect ? I and to check my client right now .
in linux type: sha256sum filename.zip
|
|
|
|
landomata
Legendary
Offline
Activity: 2184
Merit: 1000
|
|
January 01, 2014, 08:44:24 PM |
|
Are these randomly generated passwords stored by the generating service in some centralized database?
|
|
|
|
rickyjames
|
|
January 01, 2014, 08:45:14 PM |
|
Look, ask Graviton about all of the Other People's NXT from Dgex he's got combined for storage into one of the biggest NXT accounts in the blockchain. Graviton, which would let you sleep better at night - the current NXT account setup, or the current NXT account setup plus an additional account withdrawal freeze code capability?
|
|
|
|
opticalcarrier
|
|
January 01, 2014, 08:46:10 PM |
|
I have devised a method for us VPS admins to maintain a running list of wellKnownPeers. We can do it outside the scope of this thread over on forums.nxtcrypto.org https://forums.nxtcrypto.org/viewtopic.php?f=39&t=229The gist of the method The last post with "SIGNOFF" in the thread will have the latest list. So basically, if you wish to update the running list we will maintain here, don't ever hit QUOTE on the last post in this topic to do so unless that last poster has gone back and verified that their post is 100% current by going back and editing their post and putting SIGNOFF at the bottom outside of the quote. Then you quote their post, add your data, remove their SIGNOFF message, hit submit, then go see if you should edit your message with SIGNOFF or if you should replace your post with NOT IN TIME.
|
|
|
|
utopianfuture
Sr. Member
Offline
Activity: 602
Merit: 268
Internet of Value
|
|
January 01, 2014, 08:46:17 PM |
|
How to check SHA256 checksum ? and what should I expect ? I and to check my client right now .
in linux type: sha256sum filename.zip In Window 7 ?
|
|
|
|
NxtChg
|
|
January 01, 2014, 08:49:01 PM |
|
I added the second check for secret phrase before send money exactly to increase security, so that even if you account is unlocked in the browser you still need to enter your password again.
So can the client itself send money if the wallet is unlocked? Without that additional check? What worries me most is the possibility of a bug in the client, which would allow the attacker to instruct it to send money directly. And since the client is already exposed to the outside world through firewall and its IP is known, it can be a really nasty threat.
|
|
|
|
laowai80
Member
Offline
Activity: 98
Merit: 10
|
|
January 01, 2014, 08:49:06 PM |
|
How to check SHA256 checksum ? and what should I expect ? I and to check my client right now .
in linux type: sha256sum filename.zip In Window 7 ? I only have windows 8 around, but looks like it doesn't have sha256sum.exe program, have to download it from somewhere, you could google it, but then again, make sure you don't download a trojan There are online services too, that you can upload the file too and they'll provide the sha256sum.
|
|
|
|
intel
Member
Offline
Activity: 98
Merit: 10
|
|
January 01, 2014, 08:49:13 PM |
|
How to check SHA256 checksum ? and what should I expect ? I and to check my client right now .
in linux type: sha256sum filename.zip In Window 7 ? Download HashTab
|
|
|
|
eid
|
|
January 01, 2014, 08:49:23 PM |
|
Am I right in thinking that the person who runs the Nxt install thread which this thread links to, is the same guy who stole some of the Nxt bounty funds recently?
Also, can someone point me towards a safe place to download the next client. I'd like to sell my small stake.
Thanks.
|
|
|
|
utopianfuture
Sr. Member
Offline
Activity: 602
Merit: 268
Internet of Value
|
|
January 01, 2014, 08:50:30 PM |
|
How to check SHA256 checksum ? and what should I expect ? I and to check my client right now .
in linux type: sha256sum filename.zip In Window 7 ? Download HashTabWhat should I expect when run the file ?
|
|
|
|
intel
Member
Offline
Activity: 98
Merit: 10
|
|
January 01, 2014, 08:51:30 PM |
|
How to check SHA256 checksum ? and what should I expect ? I and to check my client right now .
in linux type: sha256sum filename.zip In Window 7 ? Download HashTabWhat should I expect when run the file ? There 'll be a new tab when clicking right-mouse -> properties Also, you can select required checksum algorithms:
|
|
|
|
xyzzyx
Sr. Member
Offline
Activity: 490
Merit: 250
I don't really come from outer space.
|
|
January 01, 2014, 08:53:11 PM Last edit: January 02, 2014, 04:53:10 AM by xyzzyx |
|
How to check SHA256 checksum ? and what should I expect ? I want to check my client right now .
If you're running Windows, an online calculator would be easiest: Edit: http://onlinemd5.com/ (thanks to utopianfuture) or http://hash.online-convert.com/sha256-generatorIf you're running OS X, a SHA-256 can be calculated using the openssl command in an open terminal (the terminal is located in /Applications/Utilities). The openssl command would look something like this: openssl sha256 [FILE_NAME] If you're running GNU/Linux, the program sha256sum is standard on most versions of the OS. Using the sha256sum command in a terminal would look something like this: sha256sum [FILE_NAME]
|
"An awful lot of code is being written ... in languages that aren't very good by people who don't know what they're doing." -- Barbara Liskov
|
|
|
rickyjames
|
|
January 01, 2014, 08:56:41 PM |
|
I added the second check for secret phrase before send money exactly to increase security, so that even if you account is unlocked in the browser you still need to enter your password again.
So can the client itself send money if the wallet is unlocked? Without that additional check? What worries me most is the possibility of a bug in the client, which would allow the attacker to instruct it to send money directly. And since the client is already exposed to the outside world through firewall and its IP is known, it can be a really nasty threat. If a hacker has ALREADY gotten your main account password once to get in the account in the first place, having to type it AGAIN is no additional security at all. This only prevents somebody physically in front of your keyboard from ripping you off. This is absolutely a concern and why a withdrawal verification/unfreeze password shouldn't enable the LOCAL CLIENT/SERVER do something, it should be COMBINED WITH SOMETHING PERVIOUSLY PUT ON BLOCKCHAIN that is processed by THE REMOTE SERVER PROCESSING THE BLOCK to enable the withdrawal. The latter is MUCH MORE SECURE. The first time a local client is hacked in NXT (and you should assume this WILL happen) then NXT has a HUGE PR problem....
|
|
|
|
utopianfuture
Sr. Member
Offline
Activity: 602
Merit: 268
Internet of Value
|
|
January 01, 2014, 08:57:16 PM |
|
How to check SHA256 checksum ? and what should I expect ? I and to check my client right now .
in linux type: sha256sum filename.zip In Window 7 ? Download HashTabWhat should I expect when run the file ? There 'll be a new tab when clicking right-mouse -> properties Also, you can select required checksum algorithms: What's hash comparison ? the hash of the authentic file ?
|
|
|
|
opticalcarrier
|
|
January 01, 2014, 08:57:20 PM Last edit: January 01, 2014, 10:01:32 PM by opticalcarrier |
|
Isn't the party line not to use the word 'official' any more? Official doesn;t have to mean centralized Regardless, at this point all client dev is in 1 place, so it is currently centralized. They may as well for now just post 1 place. We are trying to use the NXT Foundations' sites for this purpose (www/info/forums). The goal right now is for the latest client to always be posted at info.nxtcrypto.org/client.zip www.nxtcrypto.org/client.zipforums.nxtcrypto.org/client.zip Not all links have been updated yet though, so continue to use http://info.nxtcrypto.org/nxt-client-0.4.8.zipMaybe the announcement for new client releases can be in this thread with the sha256 checksum and a link to those 3 downloads, then someone at admin/forums/www can then update the sites with the sha256 info?
|
|
|
|
intel
Member
Offline
Activity: 98
Merit: 10
|
|
January 01, 2014, 08:59:09 PM |
|
What's hash comparison ? the hash of the authentic file ?
This guide 'll help you.
|
|
|
|
utopianfuture
Sr. Member
Offline
Activity: 602
Merit: 268
Internet of Value
|
|
January 01, 2014, 09:03:21 PM |
|
What's hash comparison ? the hash of the authentic file ?
This guide 'll help you. I understand about comparing hash. But I can't locate the hash of the authentic file ? is the hash from the first page of this thread good ?
|
|
|
|
Jean-Luc
|
|
January 01, 2014, 09:06:05 PM |
|
I added the second check for secret phrase before send money exactly to increase security, so that even if you account is unlocked in the browser you still need to enter your password again.
So can the client itself send money if the wallet is unlocked? Without that additional check? The server (the java process) stores the user secret phrase for as long as your account is unlocked. But there is no API request that you can make to force it to use that phrase for sending money, unless you also send the secret phrase in the request again. The client (the browser) does not store the secret phrase. Before 0.4.8, when doing send money from the browser, it would identify itself to the server using a random session id generated by javascript. I didn't like that and this is why I removed that possibility and added the requirement for secret phrase on the send money dialog too.
|
|
|
|
intel
Member
Offline
Activity: 98
Merit: 10
|
|
January 01, 2014, 09:10:08 PM |
|
What's hash comparison ? the hash of the authentic file ?
This guide 'll help you. I understand about comparing hash. But I can't locate the hash of the authentic file ? is the hash from the first page of this thread good ? http://info.nxtcrypto.org/nxt-client-0-4-8-released/You 'll find SHA256 sum provided by developer with every release of NXT Client. Compare it with a hash of downloaded file.
|
|
|
|
|