l8orre
Legendary
Offline
Activity: 1181
Merit: 1018
|
|
January 31, 2014, 08:16:56 AM |
|
@CfB - I have a question. What is the api call 'broadcastTransaction' used for ? forgot if it was discussed before. sry..
It's used to resend transactions lost in limbo. THANKS!
|
|
|
|
|
|
|
|
"Bitcoin: mining our own business since 2009" -- Pieter Wuille
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
TwinWinNerD
Legendary
Offline
Activity: 1680
Merit: 1001
CEO Bitpanda.com
|
|
January 31, 2014, 08:17:33 AM |
|
well, let's hope this is not the "end" of our journey ...he means competing for position 1! Ok then! I don't even mind position 2 behind doge, if that means our Marketcap is higher than the 10bn of BTC now haha
|
|
|
|
Eadeqa
|
|
January 31, 2014, 08:33:02 AM |
|
No one needs more than 128-bits. The public signature system curve25519 itself is not stronger than 128-bits, so if someone really wants to brute force, they might just as well try it on curve25519 instead of user's password. 128-bit cannot be brute forced. http://en.wikipedia.org/wiki/Brute-force_attackThere is a physical argument that a 128-bit symmetric key is computationally secure against brute-force attack. The so-called Landauer limit implied by the laws of physics sets a lower limit on the energy required to perform a computation of kT · ln 2 per bit erased in a computation, where T is the temperature of the computing device in kelvins, k is the Boltzmann constant, and the natural logarithm of 2 is about 0.693. No irreversible computing device can use less energy than this, even in principle.[2] Thus, in order to simply flip through the possible values for a 128-bit symmetric key (ignoring doing the actual computing to check it) would theoretically require 2128 − 1 bit flips on a conventional processor. If it is assumed that the calculation occurs near room temperature (~300 K) the Von Neumann-Landauer Limit can be applied to estimate the energy required as ~1018 joules, which is equivalent to consuming 30 gigawatts of power for one year. This is equal to 30×109 W×365×24×3600 s = 9.46×1017 J or 262.7 TWh (more than 1/100th of the world energy production).[citation needed] The full actual computation – checking each key to see if you have found a solution – would consume many times this amount.
Im not saying that we need it, i was refering to the fact that if he wants to implement it, i would prefer a bigger library over a longer phrase ! I know, I was just saying that there are a lot of silly suggestions about passwords here and on the wiki about making 30, 50 or even 70 char passwords! This is silly. There is no need for higher than 128 bit strength password. Ed25519 signature verification system used by Nxt itsef isn't stronger than 128-bit http://ed25519.cr.yp.to/" This system has a 2^128 security target; breaking it has similar difficulty to breaking NIST P-256, RSA with ~3000-bit keys, strong 128-bit block ciphers, etc."
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1009
Newbie
|
|
January 31, 2014, 08:35:27 AM |
|
Ed25519 signature verification system used by Nxt itsef isn't stronger than 128-bit http://ed25519.cr.yp.to/" This system has a 2^128 security target; breaking it has similar difficulty to breaking NIST P-256, RSA with ~3000-bit keys, strong 128-bit block ciphers, etc." Few corrections: - Nxt uses KCDSA based on Curve25519, not Ed25519. - P-256, unlike Curve25519, maybe insecure ( http://safecurves.cr.yp.to)
|
|
|
|
l8orre
Legendary
Offline
Activity: 1181
Merit: 1018
|
|
January 31, 2014, 08:46:03 AM |
|
@CfB: I have 41 api calls so far. Would the prototype for the 'getAccount' call (number42) look like this: # 42 self.getAccount= { "requestType" : "getAccount" , \ "account" : "ACCNUM" } thanks for putting it in!
ps: reason why I am asking is that the TESTNET is bitching again about 'too many connection requests' - even on my first attempt today ...
|
|
|
|
Eadeqa
|
|
January 31, 2014, 08:49:04 AM |
|
I always liked the idea, but the problem might be that users will pick those combinations that are easier to remember and there goes your entropy.
You can generate the words randomly for the user! Sure, but my fear is that users will keep generating secrets until they get one that is easy to remember. Make all 1626 words easy, very very easy, so everyone will look just as easy as the other. It doesn't matter what words are in the dictionary, as entropy remains 128-bit with 12 words. "users will keep generating secrets until they get one that is easy to remember." Even if a user is generating 1 trillion combinations a second (to find the one he/she likes the best) , it will take them 10830285071923307579 YEARS to go through the list. Let them keep "generating" it until they find the one they like. It doesn''t matter. All the words in the dictionary should be easy (like "dog" "night" "sun" etc) . Different people might like different words, so what? 128 bit a BIG number ... By the way, if you do use this (or any other system) make sure to force the user to retype the pass phrase once on the next screen. That will guarantee that the user has saved it or memorized it. You should try it on Electrum https://electrum.org/download.htmlto see how it works
|
|
|
|
Passion_ltc
|
|
January 31, 2014, 08:55:08 AM |
|
Jackpot! Forged a block with 85 NXT inside. If NXT gets big this is a nice sum for something I get for doing nothing.
|
|
|
|
NxtChg
|
|
January 31, 2014, 08:59:37 AM |
|
Funny thing. Lyaffe made a challenge with guessing a passphrase https://nextcoin.org/index.php/topic,3718.0.htmlI decided to simplify rules, created an account with simple passphrase and sent 100 Nxt to that account. The passphrase was an answer to the question: "I'm a big fun of soap operas and have no idea about security.". Guess what. Someone stole 100 Nxt before I even managed to post the question What the hell? How is that possible?
|
|
|
|
marcus03
|
|
January 31, 2014, 09:02:02 AM |
|
No one needs more than 128-bits. The public signature system curve25519 itself is not stronger than 128-bits, so if someone really wants to brute force, they might just as well try it on curve25519 instead of user's password.
Ok, the generated secret now consists of 20 characters from the following set of characters: ['a'..'z','A'..'Z','0'..'9','''','!','"','#','$','%','&','(',')','*','+',',','-','.','/',':',';','<','=','>','?','@','[','\',']','^','_','`','{','|','}','~']. 96 different characters (space removed, since it gets truncated too easily at the beginning and end). Entropy: ln(96^20)/ln 2 => 131 bit
|
|
|
|
NxtChg
|
|
January 31, 2014, 09:02:59 AM |
|
jl777, would you calm down? You look like a crazy, agitated maniac.
You wrote like 100 posts while I slept, on both forums, all about the same useless idea to use old zerocoin code.
What are you, an automated typing machine? Geez...
|
|
|
|
TwinWinNerD
Legendary
Offline
Activity: 1680
Merit: 1001
CEO Bitpanda.com
|
|
January 31, 2014, 09:05:10 AM |
|
Funny thing. Lyaffe made a challenge with guessing a passphrase https://nextcoin.org/index.php/topic,3718.0.htmlI decided to simplify rules, created an account with simple passphrase and sent 100 Nxt to that account. The passphrase was an answer to the question: "I'm a big fun of soap operas and have no idea about security.". Guess what. Someone stole 100 Nxt before I even managed to post the question What the hell? How is that possible? It is already known that there is a bot running that checks the balances of very simple passwords. If you send some NXT to accounts of passphrases "1" or smthg, it will be gone within 45 seconds!
|
|
|
|
EvilDave
|
|
January 31, 2014, 09:06:22 AM |
|
Solar powered NXT node for conferences!Berlin conference first! I want to support the next conferences with a RasPI completly solar powered in a nice box. - RasPI model B - Wlan USB Stick with preconfigured DHCP settings (just turn on wifi tethering on your mobile phone with SSID: NXT, PW: RasPI-NXT) - Solar panel on top of the box - 2x Li-Ion battery powerbank (up to 4x 18650 Li-Ion recharchable batterys each) (up to 27'200mAh! It will be able to run NXT node up to 30 hours without Sun!) .....snip....If the community like it, I can send it to one of the Berlin conference people. Well, please resend to me when finished Todo: - testing odroid U3 + XU - measure power consumption of all parts, batteries and solar panel to optimice power usage for offgrid solar NXT nodes - make a list off all pars + weblinks to shops - howto - ... Greets, eb Nice work, ebereon. Putting a solar RaspPi NXT node on display at the conferences will give us a unique talking/selling point for NXT, so I think that we need to prioritise these as promo material. So, 3 points to begin with: Ebereon: can u put more of these together for both Berlin and Amsterdam canferences ? I have some conference experience and the chances of just one system surviving 2 conferences is minimal..... To everyone else: Is their a friendly whale who can finance Ebereon ? Or can he get some NXT from the promo fund for this? Can we start dedicated conference threads on another forum, just to give us a central point for the prep work ? Heres Amsterdam: https://nextcoin.org/index.php/topic,2277.0.htmlLast thought for the moment on conferences.....we need some large(ish) infographics/pretty pictures for a table display, at least A3 sized, preferably larger, fairly solid and freestanding, so ideas for that will be welcome. On other topics: this has to be a record amount of time between comments in this thread
An hour ? Bloody hell, thats almost dead..... So, because Utopian is a Nxt support, it's okay for him to create a clone?
It's OK to clone even for u as long as u don't try to scam ppl. +1, Beyonce shoots, he scores....
|
|
|
|
Eadeqa
|
|
January 31, 2014, 09:09:19 AM |
|
Funny thing. Lyaffe made a challenge with guessing a passphrase https://nextcoin.org/index.php/topic,3718.0.htmlI decided to simplify rules, created an account with simple passphrase and sent 100 Nxt to that account. The passphrase was an answer to the question: "I'm a big fun of soap operas and have no idea about security.". Guess what. Someone stole 100 Nxt before I even managed to post the question What the hell? How is that possible? His password was "santabarbara" About 19,600,000 results (on google search) for "santabarbara" Maybe someone has Rainbow table and a bot setup so whenever a new account is created that exists in hackers database, the money is transferred automatically.
|
|
|
|
nxtru
Newbie
Offline
Activity: 37
Merit: 0
|
|
January 31, 2014, 09:11:35 AM |
|
ANNOUNCEMENT Nxt Net Application http://95.85.8.113:9000/nxtnetP.S. I'm surprised nobody tried to upload a torrent file; I recall someone wanted this feature very much. I think its cause no one got how to do. With an step by step how to it would get more drive... so is this a torrent explorer like piratebay? It's better: it can't be shutdown by authorities because data is stored in Nxt blockchain. If people are interested I can release a desktop app similar to the web app that connects directly to NRS node.
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1009
Newbie
|
|
January 31, 2014, 09:13:05 AM |
|
@CfB: I have 41 api calls so far. Would the prototype for the 'getAccount' call (number42) look like this...
Yes.
|
|
|
|
NxtChg
|
|
January 31, 2014, 09:17:57 AM |
|
As you know some of us are working on NxtCash, an anonymity system for Nxt. There are a few questions that concern everybody, so I'd like to discuss them here.
So, to prevent unlimited blockchain growth we probably need to introduce a mandatory coin TTL (time-to-live) with max limit of, say, 6 months or 1 year.
We can also tie min transaction fee for minting a coin to TTL, for example: 1 month = 1 NXT, 2 months = 2 NXT, etc.
What do you think, gentlemen?
P.S. Not sure how purging will work technically, but probably the block forger will be able to issue "cleanOldCoin" transactions and get an additional fee if there is a surplus in the main NxtCash account.
For this it might be better to store coin timestamps as max blockchain height.
|
|
|
|
NxtChg
|
|
January 31, 2014, 09:21:11 AM |
|
His password was "santabarbara"
About 19,600,000 results (on google search) for "santabarbara"
Maybe someone has Rainbow table and a bot setup so whenever a new account is created that exists in hackers database, the money is transferred automatically.
Oh, sorry, I thought the question was his passphrase Still, 12 symbols are so easily cracked? That's some serious brute-forcing... Maybe some bitcoin miners repurposed their GPUs?
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1009
Newbie
|
|
January 31, 2014, 09:26:56 AM |
|
Would anyone sell DOGEs for NXTs?
(Shameless attempt to see if market manipulation works)
|
|
|
|
Eadeqa
|
|
January 31, 2014, 09:28:07 AM Last edit: January 31, 2014, 09:47:27 AM by Eadeqa |
|
His password was "santabarbara"
About 19,600,000 results (on google search) for "santabarbara"
Maybe someone has Rainbow table and a bot setup so whenever a new account is created that exists in hackers database, the money is transferred automatically.
Oh, sorry, I thought the question was his passphrase Still, 12 symbols is not safe now? That's some serious brute-forcing... Maybe some bitcoin miners repurposed their GPUs? "santabarbara" is one word with 19 million google results. Someone has obviously pre computed the hashes of common passwords, so he is not brute forcing it on the spot. They already exist in attacker's database, The bot just checks if the account already exists in it's pre computed database. If the password was sanTabarbara it might not have existed in attacker's database.
|
|
|
|
TwinWinNerD
Legendary
Offline
Activity: 1680
Merit: 1001
CEO Bitpanda.com
|
|
January 31, 2014, 09:30:33 AM |
|
Who is the owner of the blockexplorer? The "statistics" page shows a chart of the daily fees. I would like to see this data, but there was a day with 500.000 NXT fee that just fucks up the whole data. Would it be possible to make a log chart? http://87.230.14.1/nxt/nxt.cgi?action=40&sub=4
|
|
|
|
|