Bitcoin Forum
November 19, 2024, 04:33:43 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: « 1 ... 1488 1489 1490 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 [1538] 1539 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572 1573 1574 1575 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588 ... 2557 »
  Print  
Author Topic: NXT :: descendant of Bitcoin - Updated Information  (Read 2761608 times)
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2142
Merit: 1010

Newbie


View Profile
February 07, 2014, 04:37:18 PM
 #30741

But if the bug has been fixed you sure could tell us which part of the code was altered.
I am interested in taking a look at the changes.

Jean-Luc altered it. I'm not so familiar with the refactored version to find this change.
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1086


Ian Knowles - CIYAM Lead Developer


View Profile WWW
February 07, 2014, 04:40:41 PM
 #30742


Why the rush?  Oh - let me take a guess - a bunch of new accounts praising another new account that is trying to get "investment". Wink

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
xyzzyx
Sr. Member
****
Offline Offline

Activity: 490
Merit: 250


I don't really come from outer space.


View Profile
February 07, 2014, 04:42:39 PM
 #30743

rofl. i completely missed that thread where i was mentioned like a dozen times

U should monetize ur reputation. If u were a fiat gateway operator for Asset Exchange, u would help the community a lot. I would accept dollars issued by u without any doubt. Think of such a business plz...

Anon136,

If you do consider fiat gateway, iDeal might be something to look into for accepting Euros. 

http://www.ideal.nl/banken/?lang=eng-GB

I had asked in this thread earlier if anyone had any experience with it, and a member did PM me to tell me that he used it and that it was awesome.  If you're interested, I can ask him to PM you, also, to get an idea of how it is used.

He gave me this link:

http://www.bitcoinvergelijker.nl/

But I don't speak Dutch so I only got a vague idea of what is said there.

"An awful lot of code is being written ... in languages that aren't very good by people who don't know what they're doing." -- Barbara Liskov
Jesse James
Newbie
*
Offline Offline

Activity: 29
Merit: 0


View Profile
February 07, 2014, 04:48:16 PM
 #30744

Critical bug disclosure

Few days ago the guy who found a vulnerability in Blockchain.Info and picked the secret phrase of Nxt genesis account found a security flaw in NRS cryptographic algorithm.

...

I can't explain details of the flaw, coz it's out of my area of expertise. U can contact him directly via nextcoin.org forum.

I'm the guy.  I just created a thread providing more technical details https://nextcoin.org/index.php/topic,3884.0.html and to answer questions.  I don't really check this forum/thread so posting there is the best way to reach me.
BitcoinForumator
Legendary
*
Offline Offline

Activity: 1120
Merit: 1000


View Profile
February 07, 2014, 04:48:23 PM
 #30745

NXT-E.COM  IPO

wow!!! try it quickly!

https://bitcointalk.org/index.php?topic=453580.0

Anon136
Legendary
*
Offline Offline

Activity: 1722
Merit: 1217



View Profile
February 07, 2014, 04:48:55 PM
 #30746

rofl. i completely missed that thread where i was mentioned like a dozen times

U should monetize ur reputation. If u were a fiat gateway operator for Asset Exchange, u would help the community a lot. I would accept dollars issued by u without any doubt. Think of such a business plz...

I was planning on being the silver bullion gateway but I could also do fiat.

Rep Thread: https://bitcointalk.org/index.php?topic=381041
If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
IveBeenBit
Sr. Member
****
Offline Offline

Activity: 449
Merit: 250



View Profile
February 07, 2014, 04:51:50 PM
 #30747

Although the Nxt Asset Exchange will be a useful addition I think that we are missing something that could be much more useful (and perhaps a "killer" addition) and that is "atomic cross-chain crypto-currency transfers" (some of you would recall I've already mentioned it).

...

It wouldn't work fast enough to do "day trading" but for those not in a huge rush the promise of 100% secure transactions with only minimal blockchain fees would be pretty appealing.

What do you guys think?


Given the history of crypto exchanges failing or stealing money, and what's happening with Mt Gox right now, you are right that this would be a killer app.

I know JL777 was really pushing it, but he seems like he really pushes a lot of ideas, so not sure if he's still interested.

I'm not all that technical so I can't help build such a thing. What can we do to make this happen?
dimirfu
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
February 07, 2014, 04:52:07 PM
 #30748


Why the rush?  Oh - let me take a guess - a bunch of new accounts praising another new account that is trying to get "investment". Wink



new accounts?  you guess? oh !donot  be  so  Sensitive!! befor you say that  ,you should test it first.All this  are not what you think
Passion_ltc
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500


Crypti Community Manager


View Profile
February 07, 2014, 04:55:30 PM
 #30749

NXT-E.COM  IPO

wow!!! try it quickly!

https://bitcointalk.org/index.php?topic=453580.0

CAUTION! Might be a scam! I risked it, but you never know..

pinarello
Full Member
***
Offline Offline

Activity: 266
Merit: 100


NXT is the future


View Profile
February 07, 2014, 04:57:35 PM
 #30750

rofl. i completely missed that thread where i was mentioned like a dozen times

U should monetize ur reputation. If u were a fiat gateway operator for Asset Exchange, u would help the community a lot. I would accept dollars issued by u without any doubt. Think of such a business plz...

I was planning on being the silver bullion gateway but I could also do fiat.

THAT would be interesting silver for NXT!

brooklynbtc
Sr. Member
****
Offline Offline

Activity: 336
Merit: 250

AKA jefdiesel


View Profile
February 07, 2014, 04:59:07 PM
 #30751

rofl. i completely missed that thread where i was mentioned like a dozen times

U should monetize ur reputation. If u were a fiat gateway operator for Asset Exchange, u would help the community a lot. I would accept dollars issued by u without any doubt. Think of such a business plz...

I was planning on being the silver bullion gateway but I could also do fiat.

Does anyone have any thoughts on US based fiat exchange? Seems you have all the FINCEN registration to go through.
What does localbitcoins do? Fly under the radar? I bought my first Btc in person from localbitcoins, from a daytrader literally on wall street.

I will gladly make myself available as a New York based fiat exchange, but trying to sort the legality.

SN
S   U   P   E   R    N   E   T
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   
Uniting cryptocurrencies, Rewarding talent, Sharing benefits..

Blockchain Technology.

msin
Legendary
*
Offline Offline

Activity: 1470
Merit: 1004


View Profile
February 07, 2014, 05:02:19 PM
 #30752

Weekend project, let's build a DNS system guys!

Here is what I propose, we encode HTML webpages in base64, the base64 is then truncated and sent. the transaction ID's are retrieved and a master file with the locations (and format) of the truncated html is formed. The masterfile is returned and can be used to access the data.

Multiple master files can be formed (due to 1k data limit) and put into one, etc... unlimited amounts of data could be stored this way.

If a dynamic webpage is needed an account could be created and reserved for "hosting" the latest message sent by this account could be the updated website data. Accounts could be used as domain names in a customized browser.

I already have the truncation programs written, but who wants to join me and make this work?

I have a 100k nxt budget for this project (can be increased).

PM me if you are interested.

+1, this would be great if we can get a few people helping.
Anon136
Legendary
*
Offline Offline

Activity: 1722
Merit: 1217



View Profile
February 07, 2014, 05:02:27 PM
 #30753

rofl. i completely missed that thread where i was mentioned like a dozen times

U should monetize ur reputation. If u were a fiat gateway operator for Asset Exchange, u would help the community a lot. I would accept dollars issued by u without any doubt. Think of such a business plz...

I was planning on being the silver bullion gateway but I could also do fiat.

Does anyone have any thoughts on US based fiat exchange? Seems you have all the FINCEN registration to go through.
What does localbitcoins do? Fly under the radar? I bought my first Btc in person from localbitcoins, from a daytrader literally on wall street.

I will gladly make myself available as a New York based fiat exchange, but trying to sort the legality.

yea idk anything about governments and their crazy edicts. im definitely not going to try to comply with the ever changing whims of thousands of disorganized but well armed sociopaths. if there is a big risk associated with being a fiat gateway than ill just do silver bullion only.

Rep Thread: https://bitcointalk.org/index.php?topic=381041
If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
dimirfu
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
February 07, 2014, 05:03:13 PM
 #30754

NXT-E.COM  IPO

wow!!! try it quickly!

https://bitcointalk.org/index.php?topic=453580.0

CAUTION! Might be a scam! I risked it, but you never know..


know what?  donot say invest it until  you  like the Experience of the Transaction。
Passion_ltc
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500


Crypti Community Manager


View Profile
February 07, 2014, 05:03:59 PM
 #30755

NXT-E.COM  IPO

wow!!! try it quickly!

https://bitcointalk.org/index.php?topic=453580.0

CAUTION! Might be a scam! I risked it, but you never know..


know what?  donot say invest it until  you  like the Experience of the Transaction。
Please what? Cheesy

achimsmile
Legendary
*
Offline Offline

Activity: 1225
Merit: 1000


View Profile
February 07, 2014, 05:06:53 PM
 #30756

Below is the message doctorevil sent to inform captain picard, cfb, and opticalc!

We must get this guy to join us as dev!


The disclosure CfB recently announced on the BCT thread might leave some with questions regarding the exact details.  Here's what I sent CfB, Jean-Luc, and OpticalC earlier:

-Gentlemen-

All versions of NXT are currently vulnerable to a transaction replay attack.

I've tested this exploit successfully (TXs 16383865633576457223 and 6120913904145250080).

This message has only been sent to you 3 (Jean-Luc, opticalc and CfB); however, I plan to eventually make a public disclosure.

Specifics:

Anyone on the network can create 15 replicas of a transaction that verify OK but which have distinct transaction ids.  This has to do with a phenomenon called signature malleability.  Given a valid signature X0, anyone (not just the original signer) can create 15 additional distinct signatures X1, X2 ... X15 which all verify correctly. 

The only circumstances in which a transaction can not be replayed are if:

(1) the sender's balance is too low or
(2) the transaction deadline has expired

Example exploit scenario:

BTER currently has a 40M+ NXT wallet it sends withdrawals from.  If I was evil, I could transfer 100k NXT back and forth between myself and BTER.  Lets say I do this 10 times.  A few hours later I could create 15 replays of each withdrawal transaction, netting 1.5M NXT.  If I was super evil I could send the replays immediately after each withdrawal, redepositing the new NXT and growing the heist exponentially.  One could drain their entire 40M wallet in 3 round trips starting with just 12500 NXT.  Eviler still, one could also replay recent transactions flowing into BTER from depositors in order to steal their funds as well, swelling the total catch beyond 40M.

Several possible fixes come to mind:

(1) define a canonical signature representation (bitcoin's approach)
(2) exclude the signature field when calculating the transaction id (probably too sweeping a change at this point)
(3) explicitly check for replays in processTransactions (a bit of a kludge)

The math:

The output of Curve25519.sign is v.  This value essentially acts like an element in a finite field who's order is the same as the curve group order (2252+2124).  So for any v, you can add 2252+2124 and arrive at a value that is equivalent as far as the underlying field math is concerned.  NXT encodes v using 256 bits (32 bytes).  Since 2256 is significantly larger than the group order, there are ~16 distinct 256-bit encodings of each field element.  Because everyone knows the group order and v is part of the signature, anyone can generate the other encodings to perform this attack.

In closing, I just want to say that it hurts my evil heart not to exploit this.

-Dr. Evil-

This was quickly followed up with some back and forth with CfB where I provided him actual code for the exploit (which I'll elide here for obvious reasons) and a discussion of the plan for how to rollout a fix (which they implemented within hours of initially communicating with them).

He also threw me 10 BTC, which I didn't really expect but greatly appreciated.  I got all of jack shit (other than a warm fuzzy) when I privately revealed to blockchain.info a RNG bug that had already lead to multiple documented thefts.

I'm happy to answer in this thread any remaining technical questions the community might have about the nature of the flaw.
greyw00lf
Full Member
***
Offline Offline

Activity: 126
Merit: 100


View Profile
February 07, 2014, 05:09:03 PM
 #30757

... Right now is not quite the right time, but when nexern releases his client (along with the AE), we should have a very simple to install client as well as be able to show off the power of decentralized exchanges. ...
btw. anyone knows the status of nexerns client?

edit: ok found some info about it:
correct, this is not a problem for new users or users without unicode keyphrases but don't know how many e.g. chinese users we have now using chinese symbols as keyphrase.
anyway, i am finishing apphub now. it was already planed to include unicode into hive and apphub is part of this.

Is it possible to postpone release a little so other AE client devs catch u?

it's already postponed because i need a little more time to test AE and include the DNA i mentioned before
but since i intend to start 1. march with hive my intension is to realease apphub latest end month, better
a week earlier.

greyw00lf
Full Member
***
Offline Offline

Activity: 126
Merit: 100


View Profile
February 07, 2014, 05:17:10 PM
 #30758

Below is the message doctorevil sent to inform captain picard, cfb, and opticalc!

We must get this guy to join us as dev!
+1

Passion_ltc
Hero Member
*****
Offline Offline

Activity: 714
Merit: 500


Crypti Community Manager


View Profile
February 07, 2014, 05:17:27 PM
 #30759

... Right now is not quite the right time, but when nexern releases his client (along with the AE), we should have a very simple to install client as well as be able to show off the power of decentralized exchanges. ...
btw. anyone knows the status of nexerns client?

edit: ok found some info about it:
correct, this is not a problem for new users or users without unicode keyphrases but don't know how many e.g. chinese users we have now using chinese symbols as keyphrase.
anyway, i am finishing apphub now. it was already planed to include unicode into hive and apphub is part of this.

Is it possible to postpone release a little so other AE client devs catch u?

it's already postponed because i need a little more time to test AE and include the DNA i mentioned before
but since i intend to start 1. march with hive my intension is to realease apphub latest end month, better
a week earlier.

Are there more info regarding DNA and hive? What are those?

opticalcarrier
Full Member
***
Offline Offline

Activity: 238
Merit: 100



View Profile
February 07, 2014, 05:19:46 PM
 #30760

ok ill go ahead and ask the question, what does "Failed to accept block received from X, blacklisting" mean?  What if it is a peer that I have very good reason to suspect is not evil?
Pages: « 1 ... 1488 1489 1490 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527 1528 1529 1530 1531 1532 1533 1534 1535 1536 1537 [1538] 1539 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572 1573 1574 1575 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588 ... 2557 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!