NXT Password Recovery Tool! / NXT mining rig ( :) )

[EvilDave]

Are u running this against an offline blockchain ?

Because if you are running this attack against the live NXT network,  then congratulations, mate,  u have made an account generator.

How is that? As long as he does not transfer money FROM that account, no account is created.

Hmmm...the way I understand it (and I'm not saying that I've got a perfect understanding of NXT account security) is that an account is created with a 64 bit hash the first time a particular pass phrase is submitted to the NXT client and thus to the network/blockchain.
U can then transfer NXT into this account, but the full 256 bit hash is only created when u first transfer funds (even if it is only 1 NXT) out of the account, which is recommended for any account holding funds.

64 bit encryption is a lot easier to crack, obviously, which is why (supposedly) BCNext chose this mechanism to allow recovery of "lost" NXT in the future, ie NXT sent by mistake to an account with no set passphrase.

Have a look in the mega-thread, there is (somewhere) lots of info about this issue.
https://bitcointalk.org/index.php?topic=345619.0

[ChuckOne]

Are u running this against an offline blockchain ?

Because if you are running this attack against the live NXT network,  then congratulations, mate,  u have made an account generator.

How is that? As long as he does not transfer money FROM that account, no account is created.

Hmmm...the way I understand it (and I'm not saying that I've got a perfect understanding of NXT account security) is that an account is created with a 64 bit hash the first time a particular pass phrase is submitted to the NXT client and thus to the network/blockchain.

No. Only transactions create accounts.

[williamevanl]

Arg, somebody requested video of the tool running. I've supplied a tiny dictionary file pulled from some random site, used the api to confirm that that they are vacant accounts (don't want to screw anyone over) and threw in a cgi script that updates accounts at: http://192.168.0.4/cgi/test.cgi (This will actually update very slowly, and I really hope nobody adds NXT to them! ) <- *edit took down

I've got 6 spots left and I'm closing this up. To expedite this, just send ~500 NXT (.1 bc) (email ryanwheeler999@gmail.com the amount, make it unique so I know who you are) to the account listed in the initial post and I'll email the tool and API balance checker.

(additionally, the top donator has the option for one hell of an app given the others)


-Will

NXT: 10529688047532253405
BTC: 15LjXMdKZ9jnH8TDMxntQkvh1838oitoQU

[williamevanl]

I've sent 5 out (for all the people that just sent messages please read the post above, much easier than managing the various messages I"m getting).


Also good feedback:

ano nybuffer
5:22 PM (2 hours ago)

to me
hey

hey , its pretty sweet!
thank you much.

[williamevanl]

Ok, I can send this out to 3 more people (7 have gone out) . I've caught some guff from folks about users using this to steal money. (I hope that isn't happening)

[williamevanl]

good

thanks for your support, two left.

-Will