Nxt source code flaw reports

[ImmortAlex]

wait. not remember if someone mentioned this before.
from line 4552 to 4631.
If the attacker send infinite garbage blocks, futureBlocks will out of memory...

Remember that famous payloadLength=2147483647?...

what's that, 2^31 - 1?

Yes. Integer.MAX_VALUE. Maximum size of array.

[1715652323]

1715652323

[lr127]

Come-from-Beyond

I have questions about the code sometimes. Which topic is better suited to these questions?

Why the "getBaseTarget" is recalculated each time for the same (last) block?  For simplicity?

How can I determine that I am in the wrong chain?

Why peers that send a lot of wrong transactions are not stored in the blacklist automatically?
I can send many not verified transactions to each peer and every time they process their (through POST and GET for public which brodcast them to some other peers).

[Come-from-Beyond]

I have questions about the code sometimes. Which topic is better suited to these questions?

Ask them here.

Why the "getBaseTarget" is recalculated each time for the same (last) block?  For simplicity?

Yes. This is a reference code.

How can I determine that I am in the wrong chain?

U can't, all that u need is just try to stick to the "longest" chain.

Why peers that send a lot of wrong transactions are not stored in the blacklist automatically?
I can send many not verified transactions to each peer and every time they process their (through POST and GET for public which brodcast them to some other peers).

Sending data is much expensive than receiving it. For example, asymmetric home links have higher bandwidth for downloading, dedicated servers don't pay for inbound traffic, etc.

[gimre]

Why the "getBaseTarget" is recalculated each time for the same (last) block?  For simplicity?

Yes. This is a reference code.

also it costs almost 0, and it's easier just to recalculate it, than cache it somewhere
(you'd have to place it everywhere where lastBlock is altered)

[gimre]

@CfB,  just to check, are you looking at this thread:

https://bitcointalk.org/index.php?topic=404321.0

[Come-from-Beyond]

@CfB,  just to check, are you looking at this thread:

https://bitcointalk.org/index.php?topic=404321.0

Thx, I'll look at it.

[wang_yan]

Is anyone offering the service of creating an altcoin based on the algorithm of Nxt?

[CrazyEyes]

The visible public account number (your public key) is a maximum of 20 digits, 64 bits, long (10 as in decimal).
Anyone heard of the "birth day attack" ? For you who have not, http://en.wikipedia.org/wiki/Birthday_attack.

With 64 bits, 1.8 * 10^19 there would be 1% probability of collision if 1.9 * 10^8 accounts exists in the network.
If however, 5.1*10^9, 5.1 billion (people/accounts) have been created there are a chance of 50% that someone
uses a password that generates the public visible key. Now there are 6.5*10^19 people on this small planet. If 7.2*10^19
people creates an account then there is a 75% probability of collision.

With the large amounts of bruteforce attacks in the network.. 1.8 * 10^19 public key digits is not enough.

I guess it is not my "birthday", (after some hinting) and i am not going too have my small investment stolen by some 16 year old script kiddie.
Therefore, im creating my own cryptocurrency, whos with me?

Regards
j0b

[Come-from-Beyond]

Is anyone offering the service of creating an altcoin based on the algorithm of Nxt?

I'm launching a coin based on Nxt soon. It will use AM and Nxt blockchain. Sources will be written in JavaScript and completely open. (https://bitcointalk.org/index.php?topic=415580.0)

[Come-from-Beyond]

I guess it is not my "birthday", (after some hinting) and i am not going too have my small investment stolen by some 16 year old script kiddie.
Therefore, im creating my own cryptocurrency, whos with me?

Post here the link to ur thread when u create it, plz. I support all innovative cryptocoins.

[CIYAM]

I guess it is not my "birthday", (after some hinting) and i am not going too have my small investment stolen by some 16 year old script kiddie.
Therefore, im creating my own cryptocurrency, whos with me?

You haven't understood how "accounts" work in Nxt - once you have spent from an account (or forged a block) then your public key (256 bits) is being used to protect your account.

[CrazyEyes]

I guess it is not my "birthday", (after some hinting) and i am not going too have my small investment stolen by some 16 year old script kiddie.
Therefore, im creating my own cryptocurrency, whos with me?

You haven't understood how "accounts" work in Nxt - once you have spent from an account (or forged a block) then your public key (256 bits) is being used to protect your account.

I am talking about the visible public key, which people transfer money too.

Humble regards
j0b

[Come-from-Beyond]

I am talking about the visible public key, which people transfer money too.

Humble regards
j0b

Birthday attack is not a problem if u use truly random passphrase. What odds to hit an already reserved account with 10 attempts?

[CrazyEyes]

I am talking about the visible public key, which people transfer money too.

Humble regards
j0b

Birthday attack is not a problem if u use truly random passphrase. What odds to hit an already reserved account with 10 attempts?

One in ~10^18. I do not think that is an valid argument though.

Humble regards

[pandaisftw]

I guess it is not my "birthday", (after some hinting) and i am not going too have my small investment stolen by some 16 year old script kiddie.
Therefore, im creating my own cryptocurrency, whos with me?

You haven't understood how "accounts" work in Nxt - once you have spent from an account (or forged a block) then your public key (256 bits) is being used to protect your account.

I am talking about the visible public key, which people transfer money too.

Humble regards
j0b

I am under the impression if someone registered their public key (by sending out a transaction, alias, etc), no one else could make another account with the same 20-digit visible key (ie. the client would return an error stating that account # is in use). Your account is still safe, of course, because it is protected by 256bits.

[Come-from-Beyond]

I am under the impression if someone registered their public key (by sending out a transaction, alias, etc), no one else could make another account with the same 20-digit visible key (ie. the client would return an error stating that account # is in use). Your account is still safe, of course, because it is protected by 256bits.

Right. The other guy has to chose another passphrase.

[CrazyEyes]

I guess it is not my "birthday", (after some hinting) and i am not going too have my small investment stolen by some 16 year old script kiddie.
Therefore, im creating my own cryptocurrency, whos with me?

You haven't understood how "accounts" work in Nxt - once you have spent from an account (or forged a block) then your public key (256 bits) is being used to protect your account.

I am talking about the visible public key, which people transfer money too.

Humble regards
j0b

I am under the impression if someone registered their public key (by sending out a transaction, alias, etc), no one else could make another account with the same 20-digit visible key (ie. the client would return an error stating that account # is in use). Your account is still safe, of course, because it is protected by 256bits.

I have tried to find the function where you get rejected because of this, however i can not find it in the src of 0.4.8e

Humble regards

[gimre]

The visible public account number (your public key) is a maximum of 20 digits, 64 bits, long (10 as in decimal).
Anyone heard of the "birth day attack" ? For you who have not, http://en.wikipedia.org/wiki/Birthday_attack.

I hope everyone here ;p

I guess it is not my "birthday", (after some hinting) and i am not going too have my small investment stolen by some 16 year old script kiddie.
Therefore, im creating my own cryptocurrency, whos with me?

It's been repeated hundred of times already, your account is your PK, which is 256bits,
once you do first trasaction, you're safe.

[opticalcarrier]

Is anyone offering the service of creating an altcoin based on the algorithm of Nxt?

I'm launching a coin based on Nxt soon. It will use AM and Nxt blockchain. Sources will be written in JavaScript and completely open. (https://bitcointalk.org/index.php?topic=415580.0)

lol, you mean completely open to russian readers?

[Come-from-Beyond]

Is anyone offering the service of creating an altcoin based on the algorithm of Nxt?

I'm launching a coin based on Nxt soon. It will use AM and Nxt blockchain. Sources will be written in JavaScript and completely open. (https://bitcointalk.org/index.php?topic=415580.0)

lol, you mean completely open to russian readers?

Upon the launch I'll post all info in English.