| Nxt | Blockchain Platform | Proof of Stake | Official

[BitAddict]

Why such a low price NXT?

A complete Explanation : https://nxtforum.org/trading-exchanges/nxt-market-report/

Great report! Thanks!

[rlh]

Hey guys, in case you missed it over at the Nxtforum.org Project section, I've released a very simple vanitygen app for Nxt.

Specifically, my application searches for progressively smaller Nxt addresses.  Further discussion can take place at the original Nxtforum post (https://nxtforum.org/nxt-projects/(ann)-nxtmin-a-vanitygen-application-that-searches-for-small-nxt-addresses/)

For convenience, here is the contents of the OP:

A a few months ago I wrote an app in C# that I used to find my small Nxt address.  Granted, my address isn't 7 characters in length, but using a 2.3Ghz Core i7, I can usually find 1-2 10 digit addresses a day, hashing at a rate of about 31k addresses/sec.

The files are listed below.  The zip file contains 2 binaries.  One compiled for 32-bit systems, and one for 64.  The 64-bit file was marginally faster.

The code is VERY simple.  Once you download and compile it in Visual Studio, you should find it really easy to modify for other forms of pattern searches (i.e. large addresses, repeated numbers, sequences, etc.)

HOW IT WORKS

This is a very simple search process.  The application will generate a 50 character, random string.  It will then sequentially append digits to the end of the key and check the address.  The application will search for a new, minimal account value.  When a new minimum is found, the address and privkey are written to nxt.txt and the application will continue looking for an even smaller address.

The longer the application runs, the smaller the addresses will become.

HOW TO USE

From the command prompt, enter:

Code:

C:> nxtmin_xx.exe

You will be prompted to enter a minimum address value.  If you want, you can enter a 0 and NxtMin will start with the maximum value of a unsigned 64-bit number.

Alternatively, you can pass the application a few basic parameters.  Pass the application a '--help' parameter for more information.

SOURCE & DOWNLOADS

Github: https://github.com/rhartness/NxtMin
Binaries: Both 32-bit and 64-bit files.(*)

* I'm not shisting anyone but always be cautious when downloading binary files that generate private key information.  I recommend downloading and compiling the details from source.  

I guarantee that these files are clean.  However, in good conscience I must highly recommend you use these tools strictly for fun and NOT for storing significant amounts of Nxt if you are downloading the binary files and not the source code.

NOTES

This can also work with Mono.  I built this project using VS 2013 on Windows 7, in a Parallels VM.  Running this in Mono from OS X yielded results that were near 50% slower?!  So, if you have a Windows VM, this application will probably work better in that environment, but in either case, the application should still run.

DONATIONS

If you find this application to be of use, please considering a small, token donation.  Donation addresses are:

 * Nxt:  1102622531
 * BTC:  1Mhk5aKnE6jN7yafQXCdDDm8T9Qoy2sTqS
 * LTC:  LKTF6AjzFj2CG81rQravs164VsoJJnEPmm
 * DOGE: DGea4Qev7eJGmohWq2iKSeDkrTsPeYXQAC

[Cassius]

Hey guys, in case you missed it over at the Nxtforum.org Project section, I've released a very simple vanitygen app for Nxt.

Specifically, my application searches for progressively smaller Nxt addresses.  Further discussion can take place at the original Nxtforum post (https://nxtforum.org/nxt-projects/(ann)-nxtmin-a-vanitygen-application-that-searches-for-small-nxt-addresses/)

For convenience, here is the contents of the OP:

A a few months ago I wrote an app in C# that I used to find my small Nxt address.  Granted, my address isn't 7 characters in length, but using a 2.3Ghz Core i7, I can usually find 1-2 10 digit addresses a day, hashing at a rate of about 31k addresses/sec.

The files are listed below.  The zip file contains 2 binaries.  One compiled for 32-bit systems, and one for 64.  The 64-bit file was marginally faster.

The code is VERY simple.  Once you download and compile it in Visual Studio, you should find it really easy to modify for other forms of pattern searches (i.e. large addresses, repeated numbers, sequences, etc.)

HOW IT WORKS

This is a very simple search process.  The application will generate a 50 character, random string.  It will then sequentially append digits to the end of the key and check the address.  The application will search for a new, minimal account value.  When a new minimum is found, the address and privkey are written to nxt.txt and the application will continue looking for an even smaller address.

The longer the application runs, the smaller the addresses will become.

HOW TO USE

From the command prompt, enter:

Code:

C:> nxtmin_xx.exe

You will be prompted to enter a minimum address value.  If you want, you can enter a 0 and NxtMin will start with the maximum value of a unsigned 64-bit number.

Alternatively, you can pass the application a few basic parameters.  Pass the application a '--help' parameter for more information.

SOURCE & DOWNLOADS

Github: https://github.com/rhartness/NxtMin
Binaries: Both 32-bit and 64-bit files.(*)

* I'm not shisting anyone but always be cautious when downloading binary files that generate private key information.  I recommend downloading and compiling the details from source. 

I guarantee that these files are clean.  However, in good conscience I must highly recommend you use these tools strictly for fun and NOT for storing significant amounts of Nxt if you are downloading the binary files and not the source code.

NOTES

This can also work with Mono.  I built this project using VS 2013 on Windows 7, in a Parallels VM.  Running this in Mono from OS X yielded results that were near 50% slower?!  So, if you have a Windows VM, this application will probably work better in that environment, but in either case, the application should still run.

DONATIONS

If you find this application to be of use, please considering a small, token donation.  Donation addresses are:

 * Nxt:  1102622531
 * BTC:  1Mhk5aKnE6jN7yafQXCdDDm8T9Qoy2sTqS
 * LTC:  LKTF6AjzFj2CG81rQravs164VsoJJnEPmm
 * DOGE: DGea4Qev7eJGmohWq2iKSeDkrTsPeYXQAC



EDIT

-  Oops, sorry.  If anyone downloaded the binary file from within the first 5 minutes of this post, I accidentally linked just the 32 bit file.  The binaries link now contains a zip of both files.

Nice idea
I'm still learning about NXT. What's the function that turns the private key into the address, and what format is the address (presumably just the output displayed in decimal)?

[rlh]

I'm not sure if you've used Nxt, but Nxt uses "brain wallets", which is a fancy way of saying you launch the client and then enter a passphrase.  This is different than the typical wallet-file approach that BTC uses.

With this software, I generate a random passphrase of 50+ characters using a-z,A-Z,0-9, and a standard set of special chars.  This is a string that is easy to copy and paste into the client.

Nxt addresses are the first 8 bytes of the output of SHA256(Curve2519(SHA256(passphrase))), expressed as an unsigned integer.  Ergo, this software generates private keys, hashes them into their respective payment addresses and outputs really small addresses like the address in my sig.

[Cassius]

I'm not sure if you've used Nxt, but Nxt uses "brain wallets", which is a fancy way of saying you launch the client and then enter a passphrase.  This is different than the typical wallet-file approach that BTC uses.

With this software, I generate a random passphrase of 50+ characters using a-z,A-Z,0-9, and a standard set of special chars.  This is a string that is easy to copy and paste into the client.

Nxt addresses are the first 8 bytes of the output of SHA256(Curve2519(SHA256(passphrase))), expressed as an unsigned integer.  Ergo, this software generates private keys, hashes them into their respective payment addresses and outputs really small addresses like the address in my sig.

Thanks. I do use NXT - relative newcomer, though. I wasn't sure how the address was calculated from the key. Actually a lot simpler than I expected.
Do you happen to know why the triple hash/curve function is used? Is it that much more secure than one or two functions - and is there a greater risk of collisions for short addresses?

[rlh]

Thanks. I do use NXT - relative newcomer, though. I wasn't sure how the address was calculated from the key. Actually a lot simpler than I expected.
Do you happen to know why the triple hash/curve function is used? Is it that much more secure than one or two functions - and is there a greater risk of collisions for short addresses?

I can't exactly recall why the passphrase is first passed through SHA256, but it could be an issue of optimizing data lengths for the Curve function.  The output of the curve function is the public key, which is what is written to the block-chain when an outgoing payment is sent from an address.

Regarding collisions, you are only at risk if you receive Nxt to an address, but never send at least one transaction from that address.  Since public keys are numerous bytes, but payment addresses are only 8, all an attacker has to do is find a public key that results in the same, first 8 bytes of the SHA-256 hash of your public key.

Sending 1 payment from your account will prevent that from happening since sending a payment records your public key for future verification.

If you never send a payment from your address someone could, theoretically, comprise your account.  With that said, you don't have much to worry about.  There are sizable Nxt accounts that have received Nxt but never sent any Nxt from their accounts.  We're talking about accounts valued in the hundreds of BTC, in todays' market values.

These accounts are called dark accounts and there is even a program that you can run to search for public keys that you could use to compromise these accounts.  Someone over at Nxtforum.org ran some numbers and with numerous people, running numerous GPUs, for over a year, there is only a small-chance that 1 account will be found, that is in the list top 300 darkNxt accounts.

But, again, even if you had 100,000,000 Nxt, you can safe guard yourself by creating an alias, donating a few Nxt to a faucet or initiating some form of payment transaction.

[Cassius]

Thanks. I do use NXT - relative newcomer, though. I wasn't sure how the address was calculated from the key. Actually a lot simpler than I expected.
Do you happen to know why the triple hash/curve function is used? Is it that much more secure than one or two functions - and is there a greater risk of collisions for short addresses?

I can't exactly recall why the passphrase is first passed through SHA256, but it could be an issue of optimizing data lengths for the Curve function.  The output of the curve function is the public key, which is what is written to the block-chain when an outgoing payment is sent from an address.

Regarding collisions, you are only at risk if you receive Nxt to an address, but never send at least one transaction from that address.  Since public keys are numerous bytes, but payment addresses are only 8, all an attacker has to do is find a public key that results in the same, first 8 bytes of the SHA-256 hash of your public key.

Sending 1 payment from your account will prevent that from happening since sending a payment records your public key for future verification.

If you never send a payment from your address someone could, theoretically, comprise your account.  With that said, you don't have much to worry about.  There are sizable Nxt accounts that have received Nxt but never sent any Nxt from their accounts.  We're talking about accounts valued in the hundreds of BTC, in todays' market values.

These accounts are called dark accounts and there is even a program that you can run to search for public keys that you could use to compromise these accounts.  Someone over at Nxtforum.org ran some numbers and with numerous people, running numerous GPUs, for over a year, there is only a small-chance that 1 account will be found, that is in the list top 300 darkNxt accounts.

But, again, even if you had 100,000,000 Nxt, you can safe guard yourself by creating an alias, donating a few Nxt to a faucet or initiating some form of payment transaction.

I've just tried to send you 1 NXT to make sure. Not sure whether it's gone through ok... will try again in a minute if not.

[Cassius]

Hmm, weird. Sending from an Android app and it's not recording the transaction.

[ChuckOne]

Hmm, weird. Sending from an Android app and it's not recording the transaction.

What exactly happened?

[regtable69]

JUST ASSIGNED THE ALIAS "fema" TO MY ACCOUNT TEST SEND ANYONE?

[Cassius]

Nothing. It accepted my password and there were no error messages, but no record of the transaction either. It's not on the blockchain, but neither is a transaction I made earlier today.
I'll wait a while and see what happens.

[ChuckOne]

Nothing. It accepted my password and there were no error messages, but no record of the transaction either. It's not on the blockchain, but neither is a transaction I made earlier today.
I'll wait a while and see what happens.

Strange. On Android you say. I cannot verify that. Anyone?
Maybe, you could talk to WesleyH about that.

[ChuckOne]

NODE PROVIDERS: PLEASE, UPDATE TO NRS V1.0.0 SOON.

[Fatih87SK]

Masterwork

Flawless Victory.

It worked like a charm!

Downloading blockchain now.

[ChuckOne]

.....

PS: do not quote the download URL.

....

Fatih87SK...  

[Fatih87SK]

.....

PS: do not quote the download URL.

....

Fatih87SK...  

Oops. Fixed it.

[Eadeqa]

Hmm, weird. Sending from an Android app and it's not recording the transaction.

What Android app?

I don't think we have any android app yet that can be used safely. The one that we have sends passphrase to public node.

[ChuckOne]

What Android app?

I don't think we have any android app yet that can be used safely. The one that we have sends passphrase to public node.

Really? That is bad. Nobody should use that one.

[ChuckOne]

NODE PROVIDERS: PLEASE, UPDATE TO NRS V1.0.0 SOON.

[Eadeqa]

What Android app?

I don't think we have any android app yet that can be used safely. The one that we have sends passphrase to public node.

Really? That is bad. Nobody should use that one.

its an old app from January or something, I think. I am pretty sure it sends passphrase to public node. Is the developer still around?

We should have a bounty on proper Android nxt app that is regularly updated.