gimre
Legendary
 Offline
Activity: 866
Merit: 1002
|
 |
February 09, 2014, 08:00:30 PM |
|
There is no way you can patch Crypto.sign. (or it would be bloody dumb)
Why do u think so? Let's say you have leaking tap. Patching Crypto.sign is like putting bucket under the tap instead of fixing the tap itself... |
|
|
|
scor2k
Legendary
Offline
Activity: 1005
Merit: 1002
work hard, die young (c)
|
|
February 09, 2014, 08:01:42 PM |
|
Hello! My project is Wordpress plugin, that allow log in with NXT token. Plugin name nxtAuth . How it's works: - Click on the image with NXT logo and enter valid NXT token
- If NXT server online and token valid - you log in to site with subscriber account
- On the Wordpress settings page you can change address of NXT server. By default - localhost
ToDo: - Adding modal jQuery window
- Add User page with additional Info, such as transactions, etc
- Integrate with my AM project - http://nxtdb.info
How to test: - Go to http://nxtdb.info and click "Authenticate with NXT token" in header
- On the top-right corner click logo and enter valid (or not) NXT token for site: nxtdb.info
- Or you can install this plugin on your Wordpress blog. Find nxtAuth plugin, install and activate it.
Bug report: If you find some bug, send me PM with description and I pay you 100 NXT  P.S. Sorry for my bad english |
|
|
|
|
l8orre
Legendary
Offline
Activity: 1186
Merit: 1018
|
|
February 09, 2014, 08:11:39 PM |
|
For raspi (model B) use settings:
SNl 0:34 /usr/bin/java -Xms128m -Xmx756m -jar start.jar STOP.PORT=7873 S
works fine - a common error I made usually is to set it at 450/450 or so - that limits the heap space to 450MB, which is NOT enough!
Xms128 is the MINIMUM heap size,
Xmx756 is the MAXIMUM, presto!
|
|
|
|
|
gimre
Legendary
Offline
Activity: 866
Merit: 1002
|
|
February 09, 2014, 08:13:08 PM |
|
Signing on the client side is already implemented in the android client and the code is open source. The only problem is the desktop client communicates over browser so the signing should be java script, But anyway I honestly don't know how this is related.
With MPK you can have one public key that is able to generate other public keys without touching the private keys. Because they are linked from the seed in a certain way, Both chains (Private key chain, public key chain), will generate corresponding keys in a sequence.
A very good example is AcceptBit.com which is a private key free POS system.
The MPK functionality is VERY important to my new exchange, Also I believe it to be a key element in the automation of decentralized markets, At gateway level.
- Lophie
p.s: There is no way to do this in NXT, I am lacking proper knowledge to surpass the dam of different curve functions between Bitcoin and NXT...
Signing on the client side is already implemented in the android client and the code is open source. The only problem is the desktop client communicates over browser so the signing should be java script, Signing in JS has been done, there was bounty for it. I was thinking more about it, and it wouldn't be as straightforward as I thought, mainly because curve25519 is not bijective. (But it would still be partially doable...) But anyway I honestly don't know how this is related.
It is related, since it's easy to do it on actual PRIVATE key, but most APIs in NRS, do not operate on PRIVATE key, but on a password, that is passed to SHA and the output is your actual PRIVATE key. This additional step (sha) makes it currently currently impossible. (well it would be possible, it hash function would be transitive, but transitive hash function, wouldn't have much sense  ) So YOU are able to generate derived public keys and user is able to generate derived private keys, BUT is there a client that accepts actual PRIVATE key and not password? |
|
|
|
Anon136
Legendary
Offline
Activity: 1722
Merit: 1217
|
|
February 09, 2014, 08:30:49 PM |
|
So 2 questions.
1) What is the tecnical term for the assets that will be issued on the asset exchange. Specifically what is the technical term for this type of financial instrument? I know they will be a type of security but they are not futures. When the us treasury issued promissory notes redeemable for gold or silver they called them certificates. Is "certificate" the most accurate term? I, with my silver bullion gateway, would be issuing "silver bullion certificates"?
2) Even if we know what the technical term is than we probably shouldn't call it that. We may solicit unwanted attention from financial regulators. So what are we going to call them?
|
Rep Thread: https://bitcointalk.org/index.php?topic=381041If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited? |
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
February 09, 2014, 08:34:10 PM |
|
There is no way you can patch Crypto.sign. (or it would be bloody dumb)
Why do u think so? Let's say you have leaking tap. Patching Crypto.sign is like putting bucket under the tap instead of fixing the tap itself... Public source code contains such comment: /* Signature generation primitive, calculates (x-h)s mod q
* v [out] signature value
* h [in] signature hash (of message, signature pub key, and context data)
* x [in] signature private key
* s [in] private key for signing
* returns true on success, false on failure (use different x or h)
*/
Why don't u want to use different x? |
|
|
|
|
|
Bitventurer
|
|
February 09, 2014, 08:34:27 PM |
|
Hello! My project is Wordpress plugin, that allow log in with NXT token. Plugin name nxtAuth . How it's works: - Click on the image with NXT logo and enter valid NXT token
- If NXT server online and token valid - you log in to site with subscriber account
- On the Wordpress settings page you can change address of NXT server. By default - localhost
ToDo: - Adding modal jQuery window
- Add User page with additional Info, such as transactions, etc
- Integrate with my AM project - http://nxtdb.info
How to test: - Go to http://nxtdb.info and click "Authenticate with NXT token" in header
- On the top-right corner click logo and enter valid (or not) NXT token for site: nxtdb.info
- Or you can install this plugin on your Wordpress blog. Find nxtAuth plugin, install and activate it.
Bug report: If you find some bug, send me PM with description and I pay you 100 NXT P.S. Sorry for my bad english this guy needs to get some bounty ... |
SP8DE - The Game of Chance. Changed.
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
February 09, 2014, 08:36:48 PM |
|
So 2 questions.
1) What is the tecnical term for the assets that will be issued on the asset exchange. Specifically what is the technical term for this type of financial instrument? I know they will be a type of security but they are not futures. When the us treasury issued promissory notes redeemable for gold or silver they called them certificates. Is "certificate" the most accurate term? I, with my silver bullion gateway, would be issuing "silver bullion certificates"?
2) Even if we know what the technical term is than we probably shouldn't call it that. We may solicit unwanted attention from financial regulators. So what are we going to call them?
I would call it "token". |
|
|
|
|
gimre
Legendary
Offline
Activity: 866
Merit: 1002
|
|
February 09, 2014, 08:38:01 PM |
|
There is no way you can patch Crypto.sign. (or it would be bloody dumb)
Why do u think so? Let's say you have leaking tap. Patching Crypto.sign is like putting bucket under the tap instead of fixing the tap itself... Public source code contains such comment: /* Signature generation primitive, calculates (x-h)s mod q
* v [out] signature value
* h [in] signature hash (of message, signature pub key, and context data)
* x [in] signature private key
* s [in] private key for signing
* returns true on success, false on failure (use different x or h)
*/
Why don't u want to use different x? That will STILL not solve the underlying problem and errors will occasionally occur. (It's x-h that matters) (Also it wouldn't be that simple, as most likely also verify would have to be changed...) |
|
|
|
|
|
|
lophie
|
|
February 09, 2014, 08:41:39 PM |
|
Signing on the client side is already implemented in the android client and the code is open source. The only problem is the desktop client communicates over browser so the signing should be java script, But anyway I honestly don't know how this is related.
With MPK you can have one public key that is able to generate other public keys without touching the private keys. Because they are linked from the seed in a certain way, Both chains (Private key chain, public key chain), will generate corresponding keys in a sequence.
A very good example is AcceptBit.com which is a private key free POS system.
The MPK functionality is VERY important to my new exchange, Also I believe it to be a key element in the automation of decentralized markets, At gateway level.
- Lophie
p.s: There is no way to do this in NXT, I am lacking proper knowledge to surpass the dam of different curve functions between Bitcoin and NXT...
Signing on the client side is already implemented in the android client and the code is open source. The only problem is the desktop client communicates over browser so the signing should be java script, Signing in JS has been done, there was bounty for it. I was thinking more about it, and it wouldn't be as straightforward as I thought, mainly because curve25519 is not bijective. (But it would still be partially doable...) But anyway I honestly don't know how this is related.
It is related, since it's easy to do it on actual PRIVATE key, but most APIs in NRS, do not operate on PRIVATE key, but on a password, that is passed to SHA and the output is your actual PRIVATE key. This additional step (sha) makes it currently currently impossible. (well it would be possible, it hash function would be transitive, but transitive hash function, wouldn't have much sense ) So YOU are able to generate derived public keys and user is able to generate derived private keys, BUT is there a client that accepts actual PRIVATE key and not password? But the whole point is isolation of private keys!. Ok I will just give away my implementation idea here to explain, So basically the exchange market is 100% cold because it doesn't even hold pre-generated address pool to assign to users. It only holds a single master public key. Whenever a user asks for thier deposit address a single invocation of addrGen(MPubK, userid) would always generate instantly the same address (Note that there is no private keys involved here!), On the secure super duper server that does not directly communicate to the exchange the coins can be spent by addrPrivGen(MPrivk, userid) <-(Not that addrPrivGen takes significantly more time since you actually have to generate from 1 up to userid number of private keys, but that private key will be able to spend the coins in that address). The dangers of exposing MPK are only limited to expose all possible public keys in the sequence. Note that this idea is DONE bitcoin side... with oh many new ideas coming this way |
Will take me a while to climb up again, But where is a will, there is a way...
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
February 09, 2014, 08:42:44 PM |
|
That will STILL not solve the underlying problem and errors will occasionally occur. (It's x-h that matters)
(Also it wouldn't be that simple, as most likely also verify would have to be changed...)
I think that it does solve the problem and verify() does not need to be changed. |
|
|
|
|
S3MKi
Legendary
Offline
Activity: 1554
Merit: 1016
|
|
February 09, 2014, 09:00:34 PM |
|
Hello! My project is Wordpress plugin, that allow log in with NXT token. Plugin name nxtAuth . How it's works: - Click on the image with NXT logo and enter valid NXT token
- If NXT server online and token valid - you log in to site with subscriber account
- On the Wordpress settings page you can change address of NXT server. By default - localhost
ToDo: - Adding modal jQuery window
- Add User page with additional Info, such as transactions, etc
- Integrate with my AM project - http://nxtdb.info
How to test: - Go to http://nxtdb.info and click "Authenticate with NXT token" in header
- On the top-right corner click logo and enter valid (or not) NXT token for site: nxtdb.info
- Or you can install this plugin on your Wordpress blog. Find nxtAuth plugin, install and activate it.
Bug report: If you find some bug, send me PM with description and I pay you 100 NXT P.S. Sorry for my bad english this guy needs to get some bounty ... Agree. |
|
|
|
|
|
Bitventurer
|
|
February 09, 2014, 09:09:57 PM |
|
or we can imput the same mix like on olimpicgames : the Game has changed" , from TRON but your one is sorry : лaжa we need agrresivity, agrRresive marketing |
SP8DE - The Game of Chance. Changed.
|
|
|
brooklynbtc
Sr. Member
Offline
Activity: 336
Merit: 250
AKA jefdiesel
|
|
February 09, 2014, 09:13:29 PM |
|
my advice:
HODL!
 |
|
|
|
gimre
Legendary
Offline
Activity: 866
Merit: 1002
|
|
February 09, 2014, 09:27:04 PM |
|
That will STILL not solve the underlying problem and errors will occasionally occur. (It's x-h that matters)
(Also it wouldn't be that simple, as most likely also verify would have to be changed...)
I think that it does solve the problem and verify() does not need to be changed. You are right, that it probably wouldn't require changes in verify, but in such case... I was thinking about it for a while, and tell me, HOW exactly would you like to alter x value? a) values passed to Curve25519.sign and Curve25519.verify are in PACKED form ok, that one, doesn't have much meaning... b) x still needs to be valid priv key and Y it's corresponding public key (I call this pair "session key", as it's generated based on message and secret key) c) you need to make sure that (x-h) will NOT be "negative" in the meaning defined by 'xmath': Note that there isn't actually such a thing as positive or negative in
a finite field, but you should just pick some definition. My favorite
is to define elements with the least significant bit set (when fully
reduced) to be negative, and non-zero elements with the least
significant bit clear (when fully reduced) to be positive. This makes
sure that if x is positive then -x (= p-x) is negative and vice versa.
- xmath
PS, you know, that thanks to this change, we could most likely get rid of that stupid loop inside Transaction.sign... |
|
|
|
|
rriky92
|
|
February 09, 2014, 09:30:19 PM |
|
|
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
February 09, 2014, 09:30:53 PM |
|
You are right, that it probably wouldn't require changes in verify, but in such case... I was thinking about it for a while, and tell me, HOW exactly would you like to alter x value? a) values passed to Curve25519.sign and Curve25519.verify are in PACKED form b) x still needs to be valid priv key and Y it's corresponding public key (I call this pair "session key", as it's generated based on message and secret key) c) you need to make sure that (x-h) will NOT be "negative" in the meaning defined by 'xmath': Note that there isn't actually such a thing as positive or negative in
a finite field, but you should just pick some definition. My favorite
is to define elements with the least significant bit set (when fully
reduced) to be negative, and non-zero elements with the least
significant bit clear (when fully reduced) to be positive. This makes
sure that if x is positive then -x (= p-x) is negative and vice versa.
- xmath
If I got an incorrect signature I would use another ephemeral key. Edit: About "HOW exactly" - I would use SHA256(privateKey + message + nonce) instead of SHA256(privateKey + message). |
|
|
|
|
|
Bitventurer
|
|
February 09, 2014, 09:36:00 PM |
|
can anyone please post here the last design with the cells , of NXT ? from Fartih
|
SP8DE - The Game of Chance. Changed.
|
|
|
|
