coolmist
Newbie
Offline
Activity: 56
Merit: 0
|
|
January 18, 2014, 10:45:53 PM |
|
Omg, someone cleared 3 of my accounts.... I used 256bit keys generated by Keepass 2. I am using NRS 0.5.8 that installed today and downloaded from nxtcrypto.org. I am using Windows 7 Professional and am running Avira and Microsoft Security Essentials. The NXT was transferred about half an hour ago, also while i was forging. My PC was running unlocked but i can be 99.99% sure that no one had access to it physically. So I don't really know how this happend?!? It can't be bruteforce right? My accounts: 8423671173148912884 107,217 12345678612257264594 71 13486646175575465553 998 The NXT are now in this account: 696356957947686421 Balance Total : 108,286 NXT Fuck me... Btw the password of the third account was for example: af5c73ca7cf5f25ffa3b6b1689f40aaf60fd040b0de298c1ca661f8602d38311 Any chance of seeing these NXT again? This is not a fully secure password. This looks very much like a Hex number. Only lower case a to f and Numbers. Something like that, even as long as it is, is cracked rather fast. It seems someone out there is brute forcing with number chains. I had an account which had another rather serious flaw in choice of password. It was luckily not hacked. There is no way this can be right. If that was a true random hex number with that many digits there is no way it could be cracked easily. Can someone else input on this? There is no way this can be right. If that was a true random hex number with that many digits there is no way it could be cracked easily. Can someone else input on this?
it is virtually uncrackable if truly random. But random number generators do not generate truly random numbers...
|
|
|
|
|
|
|
|
|
The network tries to produce one block per 10 minutes. It does this by automatically adjusting how difficult it is to produce blocks.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
EvilDave
|
|
January 18, 2014, 10:46:31 PM |
|
......10 unknown accounts, don't like the idea of putting a lock mechanism into the code. Unless the lock is actually a properly planned feature, we shouldn't finagle the code just for one-off situations.
Just changed my mind, after reading the above posts. Implement the lock, and use it in cases like this. Either it's a real hack, or someone trying to game the community. Result will be the same, no possibilty to get the NXT out into BTC or fiat. And for fucks sake, stop using software to generate passwords. Use yr brain, thats what it's there for.
|
|
|
|
relm9
|
|
January 18, 2014, 10:50:49 PM |
|
There is no way this can be right. If that was a true random hex number with that many digits there is no way it could be cracked easily. Can someone else input on this?
The second and third accounts had no 256-bit public key (no transactions out) so someone possibly could have accessed them via a collision. As someone else mentioned though as all three accounts were accessed (basically at the same time) it may be more likely he has malware on his machine.
|
|
|
|
TwinWinNerD
Legendary
Offline
Activity: 1680
Merit: 1001
CEO Bitpanda.com
|
|
January 18, 2014, 10:54:18 PM |
|
Thank you guys for the responses.
I just looked into my keepass 2 and i was using the following feature: 256-Bit Hex key Generator (Built-in). I never realized this is no truly random password because i didn't read the word "hex" ....
Does this make the password totally unsafe???
|
|
|
|
instacalm
|
|
January 18, 2014, 10:55:48 PM |
|
Thank you guys for the responses.
I just looked into my keepass 2 and i was using the following feature: 256-Bit Hex key Generator (Built-in). I never realized this is no truly random password because i didn't read the word "hex" ....
Does this make the password totally unsafe???
No
|
|
|
|
Secondleo
|
|
January 18, 2014, 10:56:18 PM |
|
Omg, someone cleared 3 of my accounts.... I used 256bit keys generated by Keepass 2. I am using NRS 0.5.8 that installed today and downloaded from nxtcrypto.org. I am using Windows 7 Professional and am running Avira and Microsoft Security Essentials. The NXT was transferred about half an hour ago, also while i was forging. My PC was running unlocked but i can be 99.99% sure that no one had access to it physically. So I don't really know how this happend?!? It can't be bruteforce right? My accounts: 8423671173148912884 107,217 12345678612257264594 71 13486646175575465553 998 The NXT are now in this account: 696356957947686421 Balance Total : 108,286 NXT Fuck me... Btw the password of the third account was for example: af5c73ca7cf5f25ffa3b6b1689f40aaf60fd040b0de298c1ca661f8602d38311 Any chance of seeing these NXT again? This is not a fully secure password. This looks very much like a Hex number. Only lower case a to f and Numbers. Something like that, even as long as it is, is cracked rather fast. It seems someone out there is brute forcing with number chains. I had an account which had another rather serious flaw in choice of password. It was luckily not hacked. There is no way this can be right. If that was a true random hex number with that many digits there is no way it could be cracked easily. Can someone else input on this? Yes, actually the password is very long. It's late, I didn't see the obvious With three cracked accounts it is really much more likely there is an infection somewhere. Password composition is very poor nevertheless.
|
|
|
|
jl777
Legendary
Offline
Activity: 1176
Merit: 1132
|
|
January 18, 2014, 10:56:55 PM |
|
Thank you guys for the responses.
I just looked into my keepass 2 and i was using the following feature: 256-Bit Hex key Generator (Built-in). I never realized this is no truly random password because i didn't read the word "hex" ....
Does this make the password totally unsafe???
The likeliest explanation is that there is a keylogger on your computer. Assuming all three accts had different passwords. No password is strong enough if there is a keylogger on your computer. James
|
|
|
|
TwinWinNerD
Legendary
Offline
Activity: 1680
Merit: 1001
CEO Bitpanda.com
|
|
January 18, 2014, 10:57:40 PM |
|
Omg, someone cleared 3 of my accounts.... I used 256bit keys generated by Keepass 2. I am using NRS 0.5.8 that installed today and downloaded from nxtcrypto.org. I am using Windows 7 Professional and am running Avira and Microsoft Security Essentials. The NXT was transferred about half an hour ago, also while i was forging. My PC was running unlocked but i can be 99.99% sure that no one had access to it physically. So I don't really know how this happend?!? It can't be bruteforce right? My accounts: 8423671173148912884 107,217 12345678612257264594 71 13486646175575465553 998 The NXT are now in this account: 696356957947686421 Balance Total : 108,286 NXT Fuck me... Btw the password of the third account was for example: af5c73ca7cf5f25ffa3b6b1689f40aaf60fd040b0de298c1ca661f8602d38311 Any chance of seeing these NXT again? had you used online wallet? or local client? always local client. @anon why do you say windows is the problem? I used it for >2 years and never had any problems ect. Also i never type the keys always copypaste them, so would a keylogger really get these passwords? Damn.... I guess i have to format my PC and setup a new OS. Atleast my BTC are in cold storage and still safe.
|
|
|
|
jl777
Legendary
Offline
Activity: 1176
Merit: 1132
|
|
January 18, 2014, 10:57:58 PM |
|
There is no way this can be right. If that was a true random hex number with that many digits there is no way it could be cracked easily. Can someone else input on this?
The second and third accounts had no 256-bit public key (no transactions out) so someone possibly could have accessed them via a collision. As someone else mentioned though as all three accounts were accessed (basically at the same time) it may be more likely he has malware on his machine. Does the destination acct have a public key yet?
|
|
|
|
marcus03
|
|
January 18, 2014, 10:59:38 PM |
|
There is no way this can be right. If that was a true random hex number with that many digits there is no way it could be cracked easily. Can someone else input on this?
The second and third accounts had no 256-bit public key (no transactions out) so someone possibly could have accessed them via a collision. As someone else mentioned though as all three accounts were accessed (basically at the same time) it may be more likely he has malware on his machine. Does the destination acct have a public key yet? Nope.
|
|
|
|
EvilDave
|
|
January 18, 2014, 11:00:29 PM |
|
Errr...the hex string in question is just a big number in decimal: 3.39197779385E+27 is what it converts back to. Might be possible that someone is running a bruteforce attack on all the numbers, but seeing that 3 accounts on the same PC were compromised at the same time, malware/trojan is a much more likely explanation.
Getting a feeling of deja-vu here, feels like the EpicThomas story again
Are there any trojans out there with the ability to read copy/pasted text ? Not very up to date with the magical world of malware.
|
|
|
|
jl777
Legendary
Offline
Activity: 1176
Merit: 1132
|
|
January 18, 2014, 11:01:10 PM |
|
There is no way this can be right. If that was a true random hex number with that many digits there is no way it could be cracked easily. Can someone else input on this?
The second and third accounts had no 256-bit public key (no transactions out) so someone possibly could have accessed them via a collision. As someone else mentioned though as all three accounts were accessed (basically at the same time) it may be more likely he has malware on his machine. Does the destination acct have a public key yet? Nope. So it fits the pattern of the prior hack. The unsolved one before the tainted download. NXT ends up in darkNXT acct and sits there. James
|
|
|
|
TwinWinNerD
Legendary
Offline
Activity: 1680
Merit: 1001
CEO Bitpanda.com
|
|
January 18, 2014, 11:02:19 PM |
|
Errr...the hex string in question is just a big number in decimal: 3.39197779385E+27 is what it converts back to. Might be possible that someone is running a bruteforce attack on all the numbers, but seeing that 3 accounts on the same PC were compromised at the same time, malware/trojan is a much more likely explanation.
Getting a feeling of deja-vu here, feels like the EpicThomas story again
I downloaded this software today, and the download matches the hash shown on the site. http://www.nxtcrypto.org/nxt-coin/client-download
|
|
|
|
instacalm
|
|
January 18, 2014, 11:05:50 PM |
|
Errr...the hex string in question is just a big number in decimal: 3.39197779385E+27 is what it converts back to. Might be possible that someone is running a bruteforce attack on all the numbers, but seeing that 3 accounts on the same PC were compromised at the same time, malware/trojan is a much more likely explanation.
Getting a feeling of deja-vu here, feels like the EpicThomas story again
I downloaded this software today, and the download matches the hash shown on the site. http://www.nxtcrypto.org/nxt-coin/client-downloadIf so, this indicates that your client was not the problem. Either your OS is infected or somebody somehow got access to your passwords. How did/do you store the passwords?
|
|
|
|
Secondleo
|
|
January 18, 2014, 11:07:52 PM |
|
Errr...the hex string in question is just a big number in decimal: 3.39197779385E+27 is what it converts back to. Might be possible that someone is running a bruteforce attack on all the numbers, but seeing that 3 accounts on the same PC were compromised at the same time, malware/trojan is a much more likely explanation.
Getting a feeling of deja-vu here, feels like the EpicThomas story again
Are there any trojans out there with the ability to read copy/pasted text ? Not very up to date with the magical world of malware.
You made a mistake somewhere. Converting Hex to Dec will make the string even longer. Something over E+70. It should be safe with this length.
|
|
|
|
BitcoinForumator
Legendary
Offline
Activity: 1120
Merit: 1000
|
|
January 18, 2014, 11:08:32 PM |
|
Apart from this jump today because of Bter.com, the price is depressingly not going anywhere - actually moving down.
You would think that NXT would gain a momentum by now, that it be proven that it's not a scam and that that would reflect in price, but no - it's not doing anything.
There should be more hype, more demand...
Tell me honestly you don't fell the same way? (put aside todays move)
|
|
|
|
TwinWinNerD
Legendary
Offline
Activity: 1680
Merit: 1001
CEO Bitpanda.com
|
|
January 18, 2014, 11:08:37 PM |
|
Errr...the hex string in question is just a big number in decimal: 3.39197779385E+27 is what it converts back to. Might be possible that someone is running a bruteforce attack on all the numbers, but seeing that 3 accounts on the same PC were compromised at the same time, malware/trojan is a much more likely explanation.
Getting a feeling of deja-vu here, feels like the EpicThomas story again
I downloaded this software today, and the download matches the hash shown on the site. http://www.nxtcrypto.org/nxt-coin/client-downloadIf so, this indicates that your client was not the problem. Either your OS is infected or somebody somehow got access to your passwords. How did/do you store the passwords? Passwords are stored in a Keepass 2 database that is locked by a masterpassword that is >50 digits long. I have 2 USB backups of that file and one that sits on my computer.
|
|
|
|
salsacz
|
|
January 18, 2014, 11:10:10 PM |
|
TwinWinNerD: check browser history - where did you download NRS? check download history - where did you download it exactly? really no nxtcripto.org..? check hash of downloaded client
|
|
|
|
punkrock
|
|
January 18, 2014, 11:10:17 PM |
|
If this story is true, someone has to be remotely on your PC to get the passes out of KeePass. That's not possible through console. How do you type in the master password of Keepass? If you type it manually, a Keylogger might be the problem. If someone got your master password, he only has to download your .kdb-file and you're completely fucked.
|
|
|
|
Secondleo
|
|
January 18, 2014, 11:10:29 PM |
|
Apart from this jump today because of Bter.com, the price is depressingly not going anywhere - actually moving down.
You would think that NXT would gain a momentum by now, that it be proven that it's not a scam and that that would reflect in price, but no - it's not doing anything.
There should be more hype, more demand...
Tell me honestly you don't fell the same way? (put aside todays move)
More than 50% increase since yesterday? I don't see your point... Wait a couple of days and see how it works out. edit: Asking "Why am I not rich yet" After a max of two month seems kinda cute
|
|
|
|
|