Eadeqa
|
|
February 10, 2014, 06:09:01 AM |
|
I give 99% that fix of Curve25519 is safe, but the rest 1% doesn't let me to use the fix coz this part is the most critical part of Nxt. So without a formal proof I'll stick to loop inside Crypto.sign.
Last one from me: There's nothing to prove, math stays the same, it's the implementation that's wrong not the math,. All the math is already in the file in the comments, those comments were made by this "xmath" dude from sci.crypt (I assume this is Matthijs van Duin). Do you have link Matthijs van Duin comments? Maybe that will convince CFB if you posted the link to Matthijs van Duin
|
|
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
miKnutty
|
|
February 10, 2014, 06:35:10 AM |
|
Too bad we don't have real world people mentioned in real world press releases like this.
Don't forget that we r decentralized. When u find such people - don't make them the leaders. I understand the difference between leaders and spokespeople. I think NXT needs spokespeople. Preferably cute females. Or old guys willing to make a fool of themselves in front of a crowd at the Texas Bitcoin Conference. But with so much of the NXT Secret Plan still under wraps, it's really hard for spokespeople to know just what to say... My wife is pretty hot. I might be able to get her to do some things. She has listened to me talk about Nxt enough that she knows just as much as I do. now it's getting interesting video time
|
|
|
|
Eadeqa
|
|
February 10, 2014, 06:43:07 AM |
|
Last one from me: There's nothing to prove, math stays the same, it's the implementation that's wrong not the math,. All the math is already in the file in the comments, those comments were made by this "xmath" dude from sci.crypt (I assume this is Matthijs van Duin).
"doctorevil" thinks the patch is kosher https://nextcoin.org/index.php/topic,3915.msg37082.html#msg37082Given his history, we should take his advice and apply the patch.
|
|
|
|
bitcoinpaul
|
|
February 10, 2014, 06:46:21 AM |
|
Why should we rush things when one smart guy says "It looks totally kosher to me."?
|
|
|
|
|
gimre
Legendary
Offline
Activity: 866
Merit: 1002
|
|
February 10, 2014, 06:52:54 AM Last edit: February 10, 2014, 07:22:48 AM by gimre |
|
if ((v[31] & 0x80) != 0) { mula_small(v, v , 0, ORDER, 32, 1); }
Don't do this. The time required to run the code should NEVER depend on input data. This makes timing attacks possible (depending how to the methods are used). If this is fixed it should be incorporated into main client. You want to say, alternative USING LOOP to find proper x is better? (on a sidenote, current implementation of Curve most likely IS susceptible to timing attack, but that shouldn't be a problem - network lag would screw your timings a lot) edit oh and also that: NOW, signing is actually: v * temp, where temp is related ONLY to PUBLIC key. (v is dependent ONLY on the data) ... (whatever old one leaks is up to you, I know it doesn't, cause it's NOT related directly to private key)
seems doctorevil said the same: Iruu's mention of a possible timing attack doesn't really apply to the patch. The impact on the timing of sign() that the changes make only leak data about values that are already public.
|
|
|
|
l8orre
Legendary
Offline
Activity: 1181
Merit: 1018
|
|
February 10, 2014, 06:59:17 AM |
|
Too bad we don't have real world people mentioned in real world press releases like this.
Don't forget that we r decentralized. When u find such people - don't make them the leaders. Hey CfB - did I miss that getTrades call, or did you just put that in yeseteday!?! This is an extremely valuable function to have, I was up and about to implement it client side !! Luckily I did not yet
|
|
|
|
newcn
|
|
February 10, 2014, 07:06:11 AM |
|
I just made a statistic about nxt balance distribution. the current percentage of top100/top500/top1000/top2000 acounts are 82.7%、96.6%、98.9%、99.7%, respectivey, the variation curves is as follow: there're about 22k nxt accounts for the time being, among these accounts, there're 15k whose balance are more than 0. among the 15k accounts, more than 60 percent have less than 10 balance:
|
BTC:1NzzfeHCgN8fF6mSG1UeBFCVd2cxKbGyHk NXT:13187911577562526278
|
|
|
^[GS]^
Member
Offline
Activity: 112
Merit: 10
|
|
February 10, 2014, 07:10:50 AM |
|
I have a great idea!They could do a button or API function to cancel a transfer before the 800 confirmations (half the 1440 maturity)?? this could be very useful in cases of hacking of accounts or simply because the user has repented. I think it's very possible, you just have to create the function. Please! would be a great feature!Regards!
|
|
|
|
bitcoinpaul
|
|
February 10, 2014, 07:34:02 AM |
|
I have a great idea!They could do a button or API function to cancel a transfer before the 800 confirmations (half the 1440 maturity)?? this could be very useful in cases of hacking of accounts or simply because the user has repented. I think it's very possible, you just have to create the function. Please! would be a great feature!Regards! I think this is bad. Later, by sending transaction to the next forging trusted node, you want instant transactions. This wouldn't be possible with your idea, would it?
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1009
Newbie
|
|
February 10, 2014, 07:34:28 AM |
|
Hey CfB - did I miss that getTrades call, or did you just put that in yeseteday!?! This is an extremely valuable function to have, I was up and about to implement it client side !! Luckily I did not yet It was added ~1 week ago. But it was in AE client devs version only.
|
|
|
|
bitcoinpaul
|
|
February 10, 2014, 07:35:25 AM |
|
The guy seems brilliant and trustworthy. But he said "It looks...". I don't know if we should rush things.
|
|
|
|
longzai1988
Member
Offline
Activity: 77
Merit: 10
|
|
February 10, 2014, 07:47:37 AM |
|
Anyone here has any idea regarding the username and password for nxt db implemented by Jean-Luc, wanted to have a glance into it.
*Still waiting for his reply.
|
sweet & happy cryptocurrency , cheers NXT : NXT-HSBE-8PWL-CUCD-BHUD6 BTCD : RTaMoRXsA7uCv869dX1TfCZmHw4ExbMVmQ
|
|
|
Hacer88
Member
Offline
Activity: 80
Merit: 10
|
|
February 10, 2014, 07:56:43 AM |
|
I have to pay my bills and at this point I have to either work on my ideas by myself since nobody will constructively help me or accept some external projects that I have been offered.
James
Edit: I hope people here will think I at least did some good by helping getting the unclaimed NXT released to the three committees. I feel that was a big positive, but then again I am probably wrong about that too.
Hi James, You're the only one together with CfB that is thinking outside the box here. I really like to read those Ideas. Maybe it's not the right time to built all these Ideas, because the developers have to finish all the core features that NXT has promised to everyone. When they are finished with that. They can work with your ideas, I think.
|
NXT - NEM - NAS - NFD
|
|
|
Labteck
|
|
February 10, 2014, 07:58:33 AM |
|
I can't see "next block will be forged in...X time" in 0.72 java windows client... this is normal?
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1009
Newbie
|
|
February 10, 2014, 07:59:09 AM |
|
I can't see "next block will be forgedin...X time" in 0.72 java client... this is normal? Yes, if ur effective balance is 0.
|
|
|
|
Labteck
|
|
February 10, 2014, 08:01:26 AM |
|
is not the case.I can se the balance higher than 0 in blockchain
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1009
Newbie
|
|
February 10, 2014, 08:02:30 AM |
|
is not the case.I can se the balance higher than 0 in blockchain
PM me with ur account id.
|
|
|
|
Mario123
|
|
February 10, 2014, 08:03:52 AM |
|
I have to pay my bills and at this point I have to either work on my ideas by myself since nobody will constructively help me or accept some external projects that I have been offered.
James
Edit: I hope people here will think I at least did some good by helping getting the unclaimed NXT released to the three committees. I feel that was a big positive, but then again I am probably wrong about that too.
Hi James, You're the only one together with CfB that is thinking outside the box here. I really like to read those Ideas. Maybe it's not the right time to built all these Ideas, because the developers have to finish all the core features that NXT has promised to everyone. When they are finished with that. They can work with your ideas, I think. I hope I get this story right. jl777 is posting ideas and develops them as far as he can and the community just ignores his efforts? People, wake up! jl777 is exactly the kind of guy Nxt needs to go beyond what it is now. We need thinkers and visionary.
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1009
Newbie
|
|
February 10, 2014, 08:06:01 AM |
|
Anyone here has any idea regarding the username and password for nxt db implemented by Jean-Luc, wanted to have a glance into it.
*Still waiting for his reply.
Try sa/sa
|
|
|
|
|