NXT :: descendant of Bitcoin - Updated Information

[ChuckOne]

Don't know if anyones posted this here yet....but there's another password cracker going thru the NXT blockchain:

https://bitcointalk.org/index.php?topic=506298.msg5580350#msg5580350

There's a reference in the thread above to a 1 megaNXT account with a 4 character password. Smells like FUD to me, but have a look for yourselves.....I'm going to carry on plowing thru this thread.

Best comment in that thread:

You just opened a Pandora's Box ...

Perhaps Nxt can actually be "mined", after all.  Grin


Seriously though, this is pretty scary. You can brute force the ENTIRE network at once. It's the equivalent of someone walking though the neighborhood (at high speed) checking every door for a weak lock and methodically steal EVERYTHING from anyone who has the wrong kind of lock.

It would be nice to be able to tie your account to a MAC address if you want to, or to a list of MAC addresses. 2FA might help as well but don't see that as feasible at the core level.

Tying an account to a MAC address is also not possible.

[casx]

www.Nextcoin24.org is online! A german page about nextcoins!

this page will contains forum, user chat, newest downloads and more in the future!

we will be the biggest german community for nextcoins!

if u like the page.. donations will be welcome ! 3072073612488429892


casx !

[BrianNowhere]

Seriously though, this is pretty scary. You can brute force the ENTIRE network at once. It's the equivalent of someone walking though the neighborhood (at high speed) checking every door for a weak lock and methodically steal EVERYTHING from anyone who has the wrong kind of lock.

It would be nice to be able to tie your account to a MAC address if you want to, or to a list of MAC addresses. 2FA might help as well but don't see that as feasible at the core level.

Anyone can run a cracker on anything - that doesn't mean it can be broken.
There is a variation called vanitygen to look for nice account numbers
Tries lots of passwords until it finds one that matches your parameters
I wanted a shorter account number which is the one in my signature so I wrote a script to find me one, 5 digits shorter than my original one.
People can easily write a cracker but will it work ? - read the posts on password length and entropy...
I read the other thread... its juvenile.

I'm sure someone has already calculated the hash for "Peanuts" which is account 11002691385236070570, put any NXT in that account, a bot will see the TX on the block chain and nick the NXT probably.

I've run 10m passwords through NRS to see if I can break it - didn't,  I did do it randomly to see if i could get a password collision.
I could have run a smarter cracker but I didn't see the point its not my job to find people who have used weak passwords.

Since there's no username/password combination, a hacker does not need to target an account to crack it. They can set up a cracker to log into http://localhost:7875/ and start with A, then AA, Then AAA and so on. They can run this cycle continuously. If your password is halfway decent maybe it takes them a couple of years to break it, but since you can't change your secret phrase you are a sitting duck. You can send to a new account once in a while but you lose your "coin age" and have to wait 1440 blocks to forge again every time you do this.

I typed in 'password" and instantly gained access to an account that had a couple hundred NXT there at one point. Who's  NXT indeed.

[antanst]

In other words, it's complete fiction right now with no evidence that anyone is even working on it to implement on Nxt and how it's going to be implemented. Not only there is no code, but how it will be implemented is unclear speculation.  Plus there is no evidence  it will work. We should stop making Youtube videos about Nxt having zerocoin "feature" as if it's implemented working feature. .

salsacz delete your youtube video immediatly.

This goes for all the promotion out there promising instant transactions and transparent forging. I feel like I've been suckered in somewhat with a bait and switch.

TF is even mentioned on the "current features" wiki page: http://wiki.nxtcrypto.org/wiki/Current_Features

The real problem, however, is that nobody knows how the coin works, and how the planned features will work. "Look at the source" isn't really an argument. The only way someone can figure this out, is by gathering the pieces that have been posted here and there by the devs, and then only partially.

And in spite of all this, some people are concerned about how this coin is going to reach visa-level transaction rates...

The initial investors should really think about donating a large sum of money to someone to document and validate this coin's concept, otherwise nobody will take it seriously. And it's a pity.

[BrianNowhere]

Fact check: Ripple was founded in 2004 by Ryan Fugger

https://en.wikipedia.org/wiki/Ripple_(payment_protocol)

Didn't know!

This is misleading. Ripple evolved since 2004.  It's dishonest to claim Ripple of today has anything to do with Ripple of 2004.

Ripple as we know it today is NOT older than Bitcoin. The real date is 2012 when Open Coin was founded.  

My original statement on this was that ripple was as old as Bitcoin or at least almost as old. I was scolded by emoticon for this statement so I pointed to the link. My original statement however, was correct.
 

[bitcoinpaul]

www.Nextcoin24.org is online! A german page about nextcoins!

this page will contains forum, user chat, newest downloads and more in the future!

we will be the biggest german community for nextcoins!

if u like the page.. donations will be welcome ! 3072073612488429892


casx !

Failed.

[mcjavar]

www.Nextcoin24.org is online! A german page about nextcoins!

this page will contains forum, user chat, newest downloads and more in the future!

we will be the biggest german community for nextcoins!

if u like the page.. donations will be welcome ! 3072073612488429892


casx !

sieht cool aus

[ChuckOne]

www.Nextcoin24.org is online! A german page about nextcoins!

this page will contains forum, user chat, newest downloads and more in the future!

we will be the biggest german community for nextcoins!

if u like the page.. donations will be welcome ! 3072073612488429892


casx !

Nice.

One issue:

If you start the video, it constantly fades over to the first slide.

[bitcoinpaul]

Guys, are you kidding me?

[xyzzyx]

In other words, it's complete fiction right now with no evidence that anyone is even working on it to implement on Nxt and how it's going to be implemented. Not only there is no code, but how it will be implemented is unclear speculation.  Plus there is no evidence  it will work. We should stop making Youtube videos about Nxt having zerocoin "feature" as if it's implemented working feature. .

salsacz delete your youtube video immediatly.

The most awesome feature of having Zerocoin in Nxt is the Bitcointalk thread drama.  Better than TV!

[Damelon]

www.Nextcoin24.org is online! A german page about nextcoins!

this page will contains forum, user chat, newest downloads and more in the future!

we will be the biggest german community for nextcoins!

if u like the page.. donations will be welcome ! 3072073612488429892


casx !

Failed.

Because of Nextcoin?

To be honest, i am glad someone took the effort and Nxt is still in the body text.

Edit: also, nxt.de is probably not for sale 

[Sebastien256]

Guys, are you kidding me?

www.Nextcoin24.org

[BrianNowhere]

In other words, it's complete fiction right now with no evidence that anyone is even working on it to implement on Nxt and how it's going to be implemented. Not only there is no code, but how it will be implemented is unclear speculation.  Plus there is no evidence  it will work. We should stop making Youtube videos about Nxt having zerocoin "feature" as if it's implemented working feature. .

salsacz delete your youtube video immediatly.

This goes for all the promotion out there promising instant transactions and transparent forging. I feel like I've been suckered in somewhat with a bait and switch.

TF is even mentioned on the "current features" wiki page: http://wiki.nxtcrypto.org/wiki/Current_Features

The real problem, however, is that nobody knows how the coin works, and how the planned features will work. "Look at the source" isn't really an argument. The only way someone can figure this out, is by gathering the pieces that have been posted here and there by the devs, and then only partially.

And in spite of all this, some people are concerned about how this coin is going to reach visa-level transaction rates...

The initial investors should really think about donating a large sum of money to someone to document and validate this coin's concept, otherwise nobody will take it seriously. And it's a pity.

+ 1,000,000,000

[eightspaces]

what is the best nxt client (multiplatform) so far?

which one is endorsed by bcnext ?

thx

anyone please? thank u

[mcjavar]

what is the best nxt client (multiplatform) so far?

which one is endorsed by bcnext ?

thx

anyone please? thank u

wesley´s client.

[Sebastien256]

what is the best nxt client (multiplatform) so far?

which one is endorsed by bcnext ?

thx

anyone please? thank u

none, i think. But I think wesley client will be integrated by default in the near future on nxtcrypto.

[chanc3r]

Since there's no username/password combination, a hacker does not need to target an account to crack it. They can set up a cracker to log into http://localhost:7875/ and start with A, then AA, Then AAA and so on. They can run this cycle continuously. If your password is halfway decent maybe it takes them a couple of years to break it, but since you can't change your secret phrase you are a sitting duck. You can send to a new account once in a while but you lose your "coin age" and have to wait 1440 blocks to forge again every time you do this.

I typed in 'password" and instantly gained access to an account that had a couple hundred NXT there at one point. Who's  NXT indeed.

I recently changed accounts, took 1440 blocks to forge again, doesn't take long.

username / password only corresponds to match username+passwordhash on a system
most platforms focus on 8-10chars
if you know the username of someone you can brute force the 8-10
a 30+ semi-random-password takes a lot longer than 2 years

The information is in the thread on why this is not an issue for strong 30+ char passwords.
The clients will help users pick and store strong password.
Having only a strong password to protect your coins is true of all crypto's its just some clients hide this better.
Someone probably left that NXT in there as a joke or they are an idiot.

[eightspaces]

what is the best nxt client (multiplatform) so far?

which one is endorsed by bcnext ?

thx

anyone please? thank u

none, i think. But I think wesley client will be integrated by default in the near future.

thank u.  nxt really needs a "next gen" client that any noob can use. its so important.

price seems to be always the same

[Sebastien256]

price seems to be always the same

price do not matter now. Only growing community and nxt feathure. Hopefully.

[BrianNowhere]

Tying an account to a MAC address is also not possible.

That sux. What about IP address?