gimre
Legendary
Offline
Activity: 866
Merit: 1002
|
|
January 23, 2014, 01:53:07 PM |
|
- it also may mean: "I might respond within a few months, but for $16000 I might respond within a few days" :-)
Doesn't it bother you, guys, that paying a large sum of money for a crypto review is... well... kinda smells bad? we could also set up a reward of 20 BTC for anyone who finds a flaw in the code and provides mathematical proof. actually BloodyRookie did nice analysis of probable bug in Curve.sign() : https://bitcointalk.org/index.php?topic=397183.msg4645132#msg4645132
|
|
|
|
|
|
The Bitcoin network protocol was designed to be extremely flexible. It can be used to create timed transactions, escrow transactions, multi-signature transactions, etc. The current features of the client only hint at what will be possible in the future.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
nexern
|
|
January 23, 2014, 01:55:25 PM |
|
Would it be possible that you implement some "Basic" indicators and charting (drawing) functions? Build in charting software. Like Meta Trader.
marcus03, great job! here is a very nice c++ TA lib for solaris. it's open source and works very well. should fit fine with your code. http://ta-lib.org/ps: some candlestick patterns needs a review (have to check with my code which ones) but all other indicators are proved and giving correct results.
|
|
|
|
gimre
Legendary
Offline
Activity: 866
Merit: 1002
|
|
January 23, 2014, 02:00:50 PM |
|
Thanks CfB, I think this is important. In fact, my opinion is that "Pay-to-256bit-address" should be required to send to address for the first time. There is a lot of NXT out there at the moment with only 64bit protection just sitting there waiting for someone to work on trying to get it. I also think it is critical and a high priority that we put in protection against typos ASAP so people don't risk sending their NXT to nowhere. (this: http://wiki.nxtcrypto.org/wiki/New_Address_Format) Even with only 64bits it's not that easy. if one would like to force it, he needs: - 1. generate random pass
- 2. generate public key + secret/priv key pair
- 3. SHA256 public key, get 8 bytes
- 4. matches something interesting? nope? goto step 1
PS (reversing the process is highly improbable) TIP: Why no one has "hacked" account number 100000 yet? http://87.230.14.1/nxt/nxt.cgi?action=3000&acc=100000
|
|
|
|
S3MKi
Legendary
Offline
Activity: 1540
Merit: 1016
|
|
January 23, 2014, 02:08:54 PM |
|
nexern, i'm waiting your client
|
|
|
|
BloodyRookie
|
|
January 23, 2014, 02:10:43 PM |
|
About the security review:
Putting: s is the public key for signing Z is the context data (signer public key or certificate, etc)
Original: m = hash(Z, message) x = hash(m, s) keygen25519(Y, NULL, x); h = m XOR hash(Y); sign25519(v, h, x, s); output (v,r) as the signature
Nxt: Z is omitted m = hash(message); x = hash(m, s); keygen25519(Y, null, x); h = hash(m, Y); Curve25519.sign(v, h, x, s); output (v,h) as the signature
Is the question whether the change from h = m XOR hash(Y) to h = hash(m, Y) is risking the security? Or what is the real question?
|
Nothing Else Matters NEM: NALICE-LGU3IV-Y4DPJK-HYLSSV-YFFWYS-5QPLYE-ZDJJ NXT: 11095639652683007953
|
|
|
CIYAM
Legendary
Offline
Activity: 1890
Merit: 1078
Ian Knowles - CIYAM Lead Developer
|
|
January 23, 2014, 02:13:59 PM Last edit: January 23, 2014, 02:39:14 PM by CIYAM Open |
|
we could also set up a reward of 20 BTC for anyone who finds a flaw in the code and provides mathematical proof.
My 5 BTC contribution pledge was strictly conditional so please don't start treating it as "our" funds. In answer to those questioning the paying for such a review understand that: i) a person with a "name" in crypto is not going to risk losing that name over 20BTC. ii) a person with the relevant skills and expertise would be likely being paid a lot so in order for them to be able to dedicate their time a decent financial incentive (not in NXT) needs to be offered. Also some maths that some anonymous forum members have come up with is not what at least my 5 BTC is for. Bitcoin's security was much heralded after Kaspersky's review - we need someone of the same caliber to do the same for Nxt.
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1009
Newbie
|
|
January 23, 2014, 02:15:44 PM |
|
About the security review:
Putting: s is the public key for signing Z is the context data (signer public key or certificate, etc)
Original: m = hash(Z, message) x = hash(m, s) keygen25519(Y, NULL, x); h = m XOR hash(Y); sign25519(v, h, x, s); output (v,r) as the signature
Nxt: Z is omitted m = hash(message); x = hash(m, s); keygen25519(Y, null, x); h = hash(m, Y); Curve25519.sign(v, h, x, s); output (v,h) as the signature
Is the question whether the change from h = m XOR hash(Y) to h = hash(m, Y) is risking the security? Or what is the real question?
The question: Is NRS crypto algo strong enough?
|
|
|
|
BloodyRookie
|
|
January 23, 2014, 02:16:41 PM |
|
Is the original algo strong enough?
|
Nothing Else Matters NEM: NALICE-LGU3IV-Y4DPJK-HYLSSV-YFFWYS-5QPLYE-ZDJJ NXT: 11095639652683007953
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1009
Newbie
|
|
January 23, 2014, 02:18:29 PM |
|
Is the original algo strong enough?
Seems so.
|
|
|
|
bitcoinpaul
|
|
January 23, 2014, 02:22:18 PM |
|
Is the original algo strong enough?
Seems so. So what do we want to get reviewed, btw? Please be precise.
|
|
|
|
ginilorenz
Newbie
Offline
Activity: 5
Merit: 0
|
|
January 23, 2014, 02:22:44 PM |
|
Is the original algo strong enough?
Seems so. Oh wunderbar I will just transfer all of my money into NXT based on this well thought out statement.
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1009
Newbie
|
|
January 23, 2014, 02:22:51 PM |
|
Is the original algo strong enough?
Seems so. So what do we want to get reviewed, btw? Please be precise. Crypto and Curve25519 classes code.
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1009
Newbie
|
|
January 23, 2014, 02:23:53 PM |
|
Oh wunderbar I will just transfer all of my money into NXT based on this well thought out statement.
Do u know Rule #1 of a cryptoinvestor?
|
|
|
|
BloodyRookie
|
|
January 23, 2014, 02:24:01 PM |
|
Is the original algo strong enough?
Seems so. Well the question was asked a few years ago. If D.J.Bernstein would have known a flaw, he probably would have noted that.
|
Nothing Else Matters NEM: NALICE-LGU3IV-Y4DPJK-HYLSSV-YFFWYS-5QPLYE-ZDJJ NXT: 11095639652683007953
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1009
Newbie
|
|
January 23, 2014, 02:25:37 PM |
|
Well the question was asked a few years ago. If D.J.Bernstein would have known a flaw, he probably would have noted that.
U confuse modified Curve25519-based EC-KCDSA algo and its implementation.
|
|
|
|
Fatih87SK
|
|
January 23, 2014, 02:25:59 PM |
|
Oh wunderbar I will just transfer all of my money into NXT based on this well thought out statement.
Do u know Rule #1 of a cryptoinvestor? Rule #1 is post 'Interested!' at announcements :p
|
|
|
|
punkrock
|
|
January 23, 2014, 02:27:16 PM |
|
I really hope some developers out there will re-writing marcus03's client to make it open source. Any plans for this?
|
|
|
|
brooklynbtc
Sr. Member
Offline
Activity: 336
Merit: 250
AKA jefdiesel
|
|
January 23, 2014, 02:29:01 PM |
|
Attention Devs, Senior members, and Stake holders, I have a proposal for Real World marketing purposes and have written an outline with costs here; https://nextcoin.org/index.php/topic,3441.msg32673.html#msg32673 Proposal brief: Informative postcards to be handed out at conventions and other crypto gatherings, with bullet point NXT features, an easy to follow URL containing more details, a walk through to install the latest NXT client with hash sum, and most importantly a secure, redeemable code to instantly obtain a "premium amount" of coins, ie 20NXT The marketing project will be open to all interested parties who wish to apply for and distribute cards at their event. Cards will be customized with date and location, and shipped at no cost to them. Sign up data will be saved and reported upon, analyzing interest per event, and promotion efforts. I am currently looking for partners to handle: Web and Database Programming European and Asian Translations European and Asian Distribution Funding Thanks and looking forward to your replies!
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1009
Newbie
|
|
January 23, 2014, 02:29:19 PM |
|
Offtopic: I have just generated 1 LAK in my browser! Took 7 hours.
|
|
|
|
salsacz
|
|
January 23, 2014, 02:33:08 PM Last edit: January 23, 2014, 02:45:37 PM by salsacz |
|
Have new candidate for the encryption review: Julian Assange , the guy is a living legend and he is a cryptographer imagine he would be saing good stuff about nxt... here he talks a lot about bitcoin and namecoin , i think he will really appreciate the Alias system http://wikileaks.org/Transcript-Meeting-Assange-Schmidt?nocachePS : and may be accept donations in nxt for wikileaks The BIG question is: Can Wikileaks be somehow hosted on the Nxt blockchain? Or can we use our super decentralized DNS technology to help Wikileaks?Bump? I did some research and there is often mentioned this contact in Julian's press releases: trevor@fitzgibbonmedia.com(Julian mentioned has assistants that are sending him only some chosen letters) So in case of Pin doesn't want to take a bus from Ghent to London, we have at least this email + Gavin MacFadyen Director of the Centre for Investigative Journalism in London. Supporter of WikiLeaks and personal friend of Julian Assange +44 (0) 20 7040 8526, gavin@tcij.orgKristinn Hrafnsson is the official WikiLeaks representative. He can be contacted for interviews or comment on: Phone: +35 4821 7121
|
|
|
|
|