Anon136
Legendary
Offline
Activity: 1722
Merit: 1217
|
|
January 25, 2014, 07:47:40 PM |
|
However a piece of tape over the camera is simple and foolproof.
They can still hear you fart from the camera's mic though! well its foolproof for being looked at
|
Rep Thread: https://bitcointalk.org/index.php?topic=381041If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
|
|
|
salsacz
|
|
January 25, 2014, 07:49:16 PM |
|
|
|
|
|
wastedbit
Newbie
Offline
Activity: 10
Merit: 0
|
|
January 25, 2014, 07:49:46 PM |
|
new 9 digit vanity account: 640915453 {"hallmark":"0eef079d88b20e41c1ac1f0ad7ece8ef94d34a27096d048ed96207ffd5b21f750a0049726f6c6c5568617465640000008a2d330193dfc7fe4c327db84be870b50ec9dc5d7182722f7711db721f7f0f9cc246383d0a94d485da999d1131ad49817ffe2605b07c7b670cfb98c4211e2fcf75e06af443"}
Which vanity engine are you using, the Java version? Reason that I ask is that some are suspecting the vanity engine in thefts. If the java client, have you also reviewed this code? The code I looked at only has the following imports: import java.math.BigInteger; import java.nio.charset.Charset; import java.security.MessageDigest; <- SHA256 conversion routine import java.security.SecureRandom; import java.util.Arrays; import java.util.Random; import java.util.concurrent.atomic.AtomicInteger; import java.util.concurrent.atomic.AtomicLong; import java.util.regex.Pattern;
|
|
|
|
Kattywampus
Newbie
Offline
Activity: 35
Merit: 0
|
|
January 25, 2014, 07:50:41 PM |
|
Update 3 - Bitcoin Conference Miami Just had lunch with one of the organizers for the Austin, Texas Bitcoin conference, Jeremy, on March 5-6. Just happened to meet him in the food line and asked if he would like to join me Smiley http://texasbitcoinconference.com/We spoke a bit about the conference and they are shooting to be the largest Bitcoin conference in history. I think we need to get a speaker lined up and get them to this conference. Having this contact should help us get our foot in the door and really spread the word about Nxt. ****Action Item**** If I could get the communities help in finding a speaker to represent us at this conference, I will make contact with Jeremy to see if we can get a spot. Thanks again for everyone's help and will keep updating with more news as it happens!
|
|
|
|
Damelon
Legendary
Offline
Activity: 1092
Merit: 1010
|
|
January 25, 2014, 07:51:04 PM |
|
Condition: New
|
|
|
|
v39453
Newbie
Offline
Activity: 22
Merit: 0
|
|
January 25, 2014, 07:51:30 PM |
|
The example password "Tammy's#18bdayBIGpartyDroppedshibesweaterinpoolGMasonUsoon:(3yearsislong" on that page is weak. Generating a NXT password is basically the same problem as creating a Bitcoin private key. bitaddress.org is to my knowledge a fairly trusted site. You can take the private key it generates and use it as your password. The human brain should not be used to generate a password because it is not a good source of randomness.
|
|
|
|
opticalcarrier
|
|
January 25, 2014, 07:57:05 PM |
|
new 9 digit vanity account: 640915453 {"hallmark":"0eef079d88b20e41c1ac1f0ad7ece8ef94d34a27096d048ed96207ffd5b21f750a0049726f6c6c5568617465640000008a2d330193dfc7fe4c327db84be870b50ec9dc5d7182722f7711db721f7f0f9cc246383d0a94d485da999d1131ad49817ffe2605b07c7b670cfb98c4211e2fcf75e06af443"}
Which vanity engine are you using, the Java version? Reason that I ask is that some are suspecting the vanity engine in thefts. If the java client, have you also reviewed this code? The code I looked at only has the following imports: import java.math.BigInteger; import java.nio.charset.Charset; import java.security.MessageDigest; <- SHA256 conversion routine import java.security.SecureRandom; import java.util.Arrays; import java.util.Random; import java.util.concurrent.atomic.AtomicInteger; import java.util.concurrent.atomic.AtomicLong; import java.util.regex.Pattern; I modified jean-lucs java vanity generator to make it search for short accounts. Im sure its safe since fromhim
|
|
|
|
opticalcarrier
|
|
January 25, 2014, 08:00:39 PM |
|
Has anyone here contacted theymos yet about looking for that ip address that was on the thiefs digex acount?
|
|
|
|
|
Zahlen
Member
Offline
Activity: 98
Merit: 10
|
|
January 25, 2014, 08:01:47 PM |
|
The example password "Tammy's#18bdayBIGpartyDroppedshibesweaterinpoolGMasonUsoon:(3yearsislong" on that page is weak. Generating a NXT password is basically the same problem as creating a Bitcoin private key. bitaddress.org is to my knowledge a fairly trusted site. You can take the private key it generates and use it as your password. The human brain should not be used to generate a password because it is not a good source of randomness. KeePass estimates 324 bit entropy for that passphrase. That's more bits than a NXT account with public key. I'm not for trusting third party sites or software to do generation, though others may feel differently. I do welcome different views on the wiki Feel free to register (PM joefox, the wiki admin) and edit, or comment in the talk page. EDIT: Well, now that we've talked so much about that phrase, it's certainly become weak
|
|
|
|
wastedbit
Newbie
Offline
Activity: 10
Merit: 0
|
|
January 25, 2014, 08:02:28 PM |
|
Client 0.5.10 stood on the local machine. My purse number 378082518108298527. Coin purse went to 13664022353450653976. Password length of 32 characters (5 words). Use uppercase and lowercase letters. Client rocked by reference to the first village, https://bitcointalk.org/index.php?topic=345619.msg4690322 # msg4690322 Hash check. This is getting more and more disturbing! What's happening? Cracking 5 words is cracking 5 x 1 word lol.... It isn't. Other than that, i feel like this is appearing far too often for it to be random. 5xxk NXT stolen 108k NXT stolen 12,5k NXT stolen All have the same pattern (thus being not related to EpicThomas) Before we go into panic modes, wasn't the red line of them all that they used passwords that weren't really strong? This account also purchased aliases, albeit 4 days prior. I'm wondering if a webpage can get a listing of your url history? When you register an alias, the secretphrase is in plain text in the URL. Purging history after an alias purchase should always be done. Also, don't buy alias on your main account.
|
|
|
|
Alias
Full Member
Offline
Activity: 127
Merit: 100
Money be green
|
|
January 25, 2014, 08:04:29 PM |
|
The example password "Tammy's#18bdayBIGpartyDroppedshibesweaterinpoolGMasonUsoon:(3yearsislong" on that page is weak. Generating a NXT password is basically the same problem as creating a Bitcoin private key. bitaddress.org is to my knowledge a fairly trusted site. You can take the private key it generates and use it as your password. The human brain should not be used to generate a password because it is not a good source of randomness. KeePass estimates 324 bit entropy for that passphrase. That's more bits than a NXT account with public key. I'm not for trusting third party sites or software to do generation, though others may feel differently. I do welcome different views on the wiki Feel free to register (PM joefox, the wiki admin) and edit, or comment in the talk page. Try this - www.passwordcard.org/enPerhaps a dedicated open source NXT password card generator would be a useful tool for the community.
|
In times of change, it is the learners who will inherit the earth, while the learned will find themselves beautifully equipped for a world that no longer exists.
|
|
|
|
xyzzyx
Sr. Member
Offline
Activity: 490
Merit: 250
I don't really come from outer space.
|
|
January 25, 2014, 08:13:42 PM |
|
This account also purchased aliases, albeit 4 days prior. I'm wondering if a webpage can get a listing of your url history?
I don't know Javascript, but: http://www.w3schools.com/jsref/obj_history.aspThe history object contains the URLs visited by the user (within a browser window).
The history object is part of the window object and is accessed through the window.history property.
Note: There is no public standard that applies to the history object, but all major browsers support it.
|
"An awful lot of code is being written ... in languages that aren't very good by people who don't know what they're doing." -- Barbara Liskov
|
|
|
wastedbit
Newbie
Offline
Activity: 10
Merit: 0
|
|
January 25, 2014, 08:14:30 PM |
|
I modified jean-lucs java vanity generator to make it search for short accounts. Im sure its safe since fromhim
Thanks! That is what I was using too. I'd suggest sending your changes to Jean-Lucs and asking him to create a source fork for short names (you probably just changed a few lines of code). Then, you can post his link for your completion.
|
|
|
|
coolmist
Newbie
Offline
Activity: 56
Merit: 0
|
|
January 25, 2014, 08:15:32 PM |
|
I don't think vanity generators are secure.
Since the number generation algorithms aren't truly random there will probably be a few addresses that are generated by two individuals with similar environmental variables. A hacker with a powerful computer could generate 1000 shortened addresses and try opening each one until he hits an active account.
|
|
|
|
Zahlen
Member
Offline
Activity: 98
Merit: 10
|
|
January 25, 2014, 08:16:39 PM |
|
Thanks for the suggestion. But, quoting from the site: Your PasswordCard has a unique grid of random letters and digits on it. The rows have different colors, and the columns different symbols. All you do is remember a combination of a symbol and a color, and then read the letters and digits from there. It couldn't be simpler!
That "unique grid" is supposedly generated by a code like ba625143531f714e that's chosen by the user. Sounds good, but what's the algo for generating the grid? If I were an attacker running the site, I would make resulting cards have only a limited number of different rows and columns. Still numerous enough to evade statistical analysis from buyers, but easy enough for an attacker to exhaust. Van gens also introduce an attack vector: someone could upload a spoofed generator.
|
|
|
|
kronicblazer
|
|
January 25, 2014, 08:17:31 PM |
|
Hey guys... haven't checked NxT in awhile, but I had some giveaways before. Was just wondering if a proper client is out yet? Or what is the easiest way for me to set up NxT properly. I tried a few weeks ago, but I could not get the online site/client with java to sync. Any help would be great. Thx
I use windows 7
|
|
|
|
Ebrelus
|
|
January 25, 2014, 08:17:47 PM |
|
Will there be a feature of freezing account for a given time and code a trigger to send it after that time into certain other accounts automaticly? Looking for a possibility of safe storring NXTs owned by many holders in order to make group interest shares possible.
|
|
|
|
TwinWinNerD
Legendary
Offline
Activity: 1680
Merit: 1001
CEO Bitpanda.com
|
|
January 25, 2014, 08:18:23 PM |
|
I don't think vanity generators are secure.
Since the number generation algorithms aren't truly random there will probably be a few addresses that are generated by two individuals with similar environmental variables. A hacker with a powerful computer could generate 1000 shortened addresses and try opening each one until he hits an active account.
have you used it? You can use your own passphrase prefix
|
|
|
|
|