NXT Coin Security

[Come-from-Beyond]

What's the point for author to use visible ID?

Do u like riddles?

Alias System allows to create memorable addresses for payments, like "johnsmith". In Nxt everything is made on purpose...

[1715576962]

1715576962

[Rokund]

What's the point for author to use visible ID?

Do u like riddles?

Alias System allows to create memorable addresses for payments, like "johnsmith". In Nxt everything is made on purpose...

I'm not saying the Alias System, but the 20 digits visible ID truncated from the full public key.

I think it shouldn't act like what you say as prevent user from generating conflicted id when the first 20 digital happened to be the same.

But give the user the longer id to distinguish between existing and and new created one.

For example, if there was an existing id 11111111111111111111 with full key 11111111111111111111xxxxxxxx

then you generated a new id with full key 11111111111111111111yyyyyy which conflict in the first 20 digits

the system should give you the id 11111111111111111111y instead of rejecting you from creating new id.

In short, this mechanism should be like an embedded first-bit service that supported in blockchain.info.

[Rokund]

OH, I thought I was wrong.

The first-bit mechanism still have to use full key to send coin in the first time.

But for NXT, you can send coin to the short id even if the id was not used.

So it cannot be a mechanism like first-bit.

So...WTF is the purpose of 20 digits visibleID?

[lophie]

OH, I thought I was wrong.

The first-bit mechanism still have to use full key to send coin in the first time.

But for NXT, you can send coin to the short id even if the id was not used.

So it cannot be a mechanism like first-bit.

So...WTF is the purpose of 20 digits visibleID?

First I thought it was first bit mechanism but now I am not so sure.......

[Come-from-Beyond]

So...WTF is the purpose of 20 digits visibleID?

Only BCNext knows.

[lucky88888]

Just say most people will have a 20 number digit for account transfer. as OP pointed out that the possibility of account passphrase comparing to account id is much higher.
I didn't go through every single reply here, so i hope that my explanation hasn't been posted already.

I would say what happens is that when necessary, the account id will + or - a digit to cover all possible collisions of same account with different passphrase, the 20 digit is just a normal number for easier remembering or what ever it is for later on. so with this formulae you don't need to worry about such collisions ever to happen.

And this could be the reason why you don't see quadrillions of total nxt in the blockchain.

[asdf]

So if someone tries to create an account for which the first 64bits collide with an existing account then this account will be rejected?

[abctc]

So if someone tries to create an account for which the first 64bits collide with an existing account then this account will be rejected?

- did you bother to read this thread?
https://bitcointalk.org/index.php?topic=366105.msg3911357#msg3911357

[lucky88888]

So if someone tries to create an account for which the first 64bits collide with an existing account then this account will be rejected?

I finally found it! written by BCNext.

I first thought it would simply extend one extra digit to be visible to label it as a completely different account.
eg. The full 192bit = "123456789”  First account created will be normal with first 64bit showing eg "123456"
and collision account will have few extra bits visible to differentiate from the first account eg. showing "1234567"
But then i don't know anything about programming so this was just my logical guess.

Here is what BCNext said.

There are 2^256 possible addresses, the rest 192 bits are not used at the moment.  In future we may decide to use next 64 bits to extend visible part of an address, then all existing addresses that are 20 chars long now will become 40 chars long.  Right now if someone finds an address with the same 64 bits they won't be able to send transactions.

From my understanding is that, what this mean if collision ever happened, the 2nd account created will become a mirrored version of the first account. You can see it but you can't touch it. Making it useless. Same meaning as a disabled account, so you can't do anything with it.

[asdf]

So if someone tries to create an account for which the first 64bits collide with an existing account then this account will be rejected?

I finally found it! written by BCNext.

I first thought it would simply extend one extra digit to be visible to label it as a completely different account.
eg. The full 192bit = "123456789”  First account created will be normal with first 64bit showing eg "123456"
and collision account will have few extra bits visible to differentiate from the first account eg. showing "1234567"
But then i don't know anything about programming so this was just my logical guess.

Here is what BCNext said.

There are 2^256 possible addresses, the rest 192 bits are not used at the moment.  In future we may decide to use next 64 bits to extend visible part of an address, then all existing addresses that are 20 chars long now will become 40 chars long.  Right now if someone finds an address with the same 64 bits they won't be able to send transactions.

From my understanding is that, what this mean if collision ever happened, the 2nd account created will become a mirrored version of the first account. You can see it but you can't touch it. Making it useless. Same meaning as a disabled account, so you can't do anything with it.

Thanks for the clear answer :-)

[Eadeqa]

This is still not clear to me.

Basically, the account number is only 64-bit. The full 256-bit would secure your account if you use that account to send some transaction.

If someone has never used their account for sending transaction but only for receiving money,  brute forcing that account would  be equivalent to brute forcing 64-bit encryption/key.

Wow.

If true, that would be serious security hole. 64-bit is nothing.

A custom built machine can break all these unused accounts with money in it (but have never been used to send transactions) with a week  

Please fix this

[opticalcarrier]

This is still not clear to me.

Basically, the account number is only 64-bit. The full 256-bit would secure your account if you use that account to send some transaction.

If someone has never used their account for sending transaction but only for receiving money,  brute forcing that account would  be equivalent to brute forcing 64-bit encryption/key.

Wow.

If true, that would be serious security hole. 64-bit is nothing.

A custom built machine can break all these unused accounts with money in it (but have never been used to send transactions) with a week  

Please fix this

a week?   

[starik69]

If true, that would be serious security hole. 64-bit is nothing.

It is true and it is not bug. It is feature. You are welcome to open account №100000  with 100'000NXT onboard for a week

[Eadeqa]

This is still not clear to me.

Basically, the account number is only 64-bit. The full 256-bit would secure your account if you use that account to send some transaction.

If someone has never used their account for sending transaction but only for receiving money,  brute forcing that account would  be equivalent to brute forcing 64-bit encryption/key.

Wow.

If true, that would be serious security hole. 64-bit is nothing.

A custom built machine can break all these unused accounts with money in it (but have never been used to send transactions) with a week  

Please fix this

a week?  

DES (predeseccor of AES) was 56 bit. In 2008 COPACOBANA reduced the time to break DES to less than one day, using 128 Spartan-3 5000's. Currently SciEngines RIVYERA holds the record in brute-force breaking DES, having utilized 128 Spartan-3 5000 FPGAs. Their 256 Spartan-6 LX150 model has even lowered this time.

64-bit is only 8 times stronger than 56-bit.

64-bit is not secure, especially when  money is involved and off line attack is possible.

Make the accounts at least 80 bit, but 128-bit would be much better.

Break DES in less than a single day
http://www.sciengines.com/company/news-a-events/74-des-in-1-day.html


And that was back in 2009, 5 years ago.

[Eadeqa]

If true, that would be serious security hole. 64-bit is nothing.

It is true and it is not bug. It is feature. You are welcome to open account №100000  with 100'000NXT onboard for a week

How is weak security a "feature"?

Please explain this to me: If someone has never used their account to send transaction, the atttacker needs to brute only first 64-bit to take over that account.

If the account has been used to send a transaction, then all 256-bit are required to take over the  account.

Is that true? Am I missing something?

If yes, please update the site with a fair warning that  new accounts must send at least one  transaction. Their so-called 30 char password isn't really 30 char. It's only (much smaller) 64-bit (around 11 chars with A-Z letters in caps/small and 0-9 digitis).   

I did not know this before reading this thread.

Someone might just invest a few thousand dollars, never send a transactions, and that account then is open to brute forcing 64-bit

[starik69]

Break DES in less than a single day

Is there any DES in NXT? Or do you think that all 64bit crypto are the same?

[Eadeqa]

Break DES in less than a single day

Is there any DES in NXT? Or do you think that all 64bit crypto are the same?

It''s irrelevant whether algorithm is DES or BBC or NBC or ZZZ ... the attack is brute force. Given NXT uses SHA 2 for hashing, and SHA 2 has zillion of custom ASIC  hardware (due to bitcoin mining popularity),  the attacker only needs to brute force first 64-bit of SHA 2 hash.

This is not good for Nxt if there is a large scale successful attack that successfully starts  stealing from unused accounts with money in it.

That will be real real bad publicity and kill the project.


 

[starik69]

How is weak security a "feature"?

It is made on purpose.

Please explain this to me: If someone has never used their account to send transaction, the atttacker needs to brute only first 64-bit to take over that account.

True.

If the account has been used to send a transaction, then all 256-bit are required to take over the  account.

True.

Is that true? Am I missing something?

True. Nothing.

If yes, please update the site with a fair warning that  new accounts must send at least one  transaction.

What site? NXT is decentralized, there is no official site for it.

I did not know this before reading this thread.

It is good habit to read before asking.

Someone might just invest a few thousand dollars, never send a transactions, and that account then is open to brute forcing 64-bit

Right.

the attacker only needs to brute force first 64-bit of SHA 2 hash.

Have you any math for how fast it can be done? Or are your words a fantasy?

This is not good for Nxt if there is a large scale successful attack that successfully starts  stealing from unused accounts with money in it.

Have anybody stealed 100'000NXT from account №100000? Why not?
BTW, have you studied how many such 64bit protected accounts are now in blockchain? (hint - somebody already did this work for you).

and kill the project.

Cry, little girl, cry.

[starik69]

It''s irrelevant whether algorithm is DES or BBC or NBC or ZZZ ... the attack is brute force.

Thank you for your competent opinion.

[opticalcarrier]

What you fail to understand is that in order to brute force an unsecured account requires not only SHA asics, but also curve ASICS, which there are none of now.  but like as has been stated many times for you already here, this is intentional; to allow 'mining' of lost NXT in the future.

We are actively trying to educate people of the risk of not having any transaction associated with an account.  LOL yes, in 1 week of cracking you can have that account with 100,000 NXT sitting in it.  its account number is 00000000000000100000 so go for it, you have 1 week if NXT is so unsecure