| Nxt | Blockchain Platform | Proof of Stake | Official

[farl4web]

I have a little security concern. Is this is been discussed already:

Many people make typical copy/paste error in NXT-client and have extra space at the start/end of the password (or both). Now that gives them new 64-bit typo-account, cause there is no outgoing transaction. If evil hackcer can crack that 64-bit account/password, it is easy for hacker just remove the extra spaces and gain access to real 256-bit account with balance and check for other accounts without the spaces 

Or did i understand this correctly ?

I think what you describe could be feasible one day. Eadeqa has been seen discussing the numbers on cracking 64 bit accounts. An astute hacker could check for spaces before/after/both any account they crack.

But... 

Based on the top 310 64-bit account balances and today's computers, if you could make 250 million guesses per second it would take 4 years to bruteforce just one account. If you had that amount of computing power, you would make much more mining Bitcoin. So you are are safe for fair a while yet.

I also vaguely remember a discussion on increasing the security of these accounts (to 80-bit, I think). I will try to find the link. This will push the date even further into the future.


If you have any concerns, create a new account and use programs like keepass to manage your account passphrases. Every new account will give you peace of mind about inputting 'space' errors you might have done in the past.

Oh, great to hear that it's not a big problem yet. I use LastPass for basic email and other not money worthy things, but don't want to trust any 3rd party for my future millions so i have super-duper password system with partly generated from unique file, partly copy/paste and partly inputing from my memory with virtual keyboard...I know it 's too paranoid  , but i think it's safe because i don't have the whole password saved anywhere.

I use 1Password, and they don't have my password because it's encrypted and can only be decrypted by me. I guess it's the same with Lastpass. SO no need to worry about that! No passwords saved by third parties.

[PilotofBTC]

I have a little security concern. Is this is been discussed already:

Many people make typical copy/paste error in NXT-client and have extra space at the start/end of the password (or both). Now that gives them new 64-bit typo-account, cause there is no outgoing transaction. If evil hackcer can crack that 64-bit account/password, it is easy for hacker just remove the extra spaces and gain access to real 256-bit account with balance and check for other accounts without the spaces  

Or did i understand this correctly ?

I think what you describe could be feasible one day. Eadeqa has been seen discussing the numbers on cracking 64 bit accounts. An astute hacker could check for spaces before/after/both any account they crack.

But...  

Based on the top 310 64-bit account balances and today's computers, if you could make 250 million guesses per second it would take 4 years to bruteforce just one account. If you had that amount of computing power, you would make much more mining Bitcoin. So you are are safe for fair a while yet.

I also vaguely remember a discussion on increasing the security of these accounts (to 80-bit, I think). I will try to find the link. This will push the date even further into the future.


If you have any concerns, create a new account and use programs like keepass to manage your account passphrases. Every new account will give you peace of mind about inputting 'space' errors you might have done in the past.

Oh, great to hear that it's not a big problem yet. I use LastPass for basic email and other not money worthy things, but don't want to trust any 3rd party for my future millions so i have super-duper password system with partly generated from unique file, partly copy/paste and partly inputing from my memory with virtual keyboard...I know it 's too paranoid  , but i think it's safe because i don't have the whole password saved anywhere.

Just a bit of info about lastpass. LastPass has been reviewed by several security and cytology experts. Your lastpassword is never transmitted over the internet. LassPass has no idea what your master password is. While lastpass stores your "vault" online in order to sync it across devices they have no access to your passwords, since all encryption and description is done locally (pretty much that same as the blockchain.info mywallet).

If you create a single, strong (four or five words or a phrase that you make up) master password with a high entropy value (see http://xkcd.com/936/)  you have very very very low risk. Enable 2FA (two factor authentication) on your lastpass account as well. You don't need premium as someone mentioned for lastpass 2FA. You do need premium for certain 2FAs like Seasame, Smart Card, Fingerprint, Yubikey).  

I would much rather let lasspass generate and remember passwords for me that risk that I forget a password (or part of my password is stored on a file somewhere) because I didn't trust lastpass. I pay the $12 per year happily so I can use it on my mobile devices as well.

Highly recommended.

[Daedelus]

I have a little security concern. Is this is been discussed already:

Many people make typical copy/paste error in NXT-client and have extra space at the start/end of the password (or both). Now that gives them new 64-bit typo-account, cause there is no outgoing transaction. If evil hackcer can crack that 64-bit account/password, it is easy for hacker just remove the extra spaces and gain access to real 256-bit account with balance and check for other accounts without the spaces  

Or did i understand this correctly ?

I think what you describe could be feasible one day. Eadeqa has been seen discussing the numbers on cracking 64 bit accounts. An astute hacker could check for spaces before/after/both any account they crack.

But...  

Based on the top 310 64-bit account balances and today's computers, if you could make 250 million guesses per second it would take 4 years to bruteforce just one account. If you had that amount of computing power, you would make much more mining Bitcoin. So you are are safe for fair a while yet.

I also vaguely remember a discussion on increasing the security of these accounts (to 80-bit, I think). I will try to find the link. This will push the date even further into the future.


If you have any concerns, create a new account and use programs like keepass to manage your account passphrases. Every new account will give you peace of mind about inputting 'space' errors you might have done in the past.

Oh, great to hear that it's not a big problem yet. I use LastPass for basic email and other not money worthy things, but don't want to trust any 3rd party for my future millions so i have super-duper password system with partly generated from unique file, partly copy/paste and partly inputing from my memory with virtual keyboard...I know it 's too paranoid   , but i think it's safe because i don't have the whole password saved anywhere.

I have thought about this some more.

Let's say your passphrase is "dog" for simplicity and you have accidentally used "dog_" in the past. In the unlikely event a hacker cracks "dog_" it would show an account with zero Nxt in it and without any transactions. So there is nothing there to explicitly signal that "dog1" is an active account. There are an infinite number of passwords with a space after it so the chance of a collision between the hacked account and an active one seems vanishingly small. The 'space errors' on passwords happen but I don't think they are very common.

The same argument could be made for passwords that end in 1. People are told that passwords should be alpha numeric (at least) so the password "dog1" if found, should be checked for "dog" also. But it is more likely to be one in a list infinite passwords that end in a 1.

In summary, I don't think this will be an issue in the lifespan of the planet. Especially if you move your Nxt to a new account now and again with care and/or use keepass etc

Phew! Now I am going for a lie down...  

Edit: I am probably about to get slammed by the Maths guys for numerous glaring (to them  ) issues and/or just because I back my feeling up with no maths at all 

[Blazin604]

Hello all...I am thinking of throwing some serious $$$ at NXT. Not really sure about it right now. I am not clear as to weather NXT will be able to co-exist with Bitcoin or is it a direct competitor? I also need to know if BTC and other cryptos can be traded through NXT. What are everyones views on the future? Do you see NXT over taking Bitcoin or bitcoin serving as a digital "gold" ....also I have a NXT wallet and it says im not secure unless I buy some NXT and send some out to someone? I am very confused about this as well..

[Eadeqa]

Many people make typical copy/paste error in NXT-client and have extra space at the start/end of the password (or both). Now that gives them new 64-bit typo-account, cause there is no outgoing transaction. If evil hackcer can crack that 64-bit account/password, it is easy for hacker just remove the extra spaces and gain access to real 256-bit account with balance.  

Spaces have nothing to do with cracking 64-account ID with no outgoing transaction. Hacker will have to first know the password then try "spaces" but how will he figure out the password first? 64-bit cracker just randomly chooses the passwords until he finds one random password that results in the same 64-bit ID.

It's still not easy though. I would love to get access to the account number  "1"

http://nxtexplorer.com/nxt/nxt.cgi?action=3000&acc=1

that would be pretty cool but again it is still pretty hard

[PilotofBTC]

Hello all...I am thinking of throwing some serious $$$ at NXT. Not really sure about it right now. I am not clear as to weather NXT will be able to co-exist with Bitcoin or is it a direct competitor? I also need to know if BTC and other cryptos can be traded through NXT. What are everyones views on the future? Do you see NXT over taking Bitcoin or bitcoin serving as a digital "gold"

My opinion, and it's worth what you are paying for it. Bitcoin will always be the "gold" of crypto. Most others will trade against it. It also has the most momentum for payments. But, I think it will be used for payments where "slow" is ok. That means, online purchases, or LARGE purchases, boats, cards, houses, etc. You can beat the transaction fee with a stick.

But, for retail I think there needs to be "something" else. Something faster. I don't think LTC is it, it is still too slow. Many alt's are shooting for 60-90 second first confirm, faster yes, but still too slow. Also, I think the number of coins for both BTC and LTC is too small for widespread retail usage too.

If what I read about transparent forging is correct and it works, then that meas NXT transactions could take seconds or milliseconds. I think that will be the retail benchmark. A currency that is widely used, secure, as fast as a credit card transaction with no chargebacks, could happen. I think you also need some type of payment system that is credit card swipe/NFC tap simple. I'm not sure that can be done without some type of payment processor, which means fees again.

This is work on a BTC "gateway". I think that means you will be able to trade BTC for NXT without going through an exchange. Not sure if "other crytos" are planned for that. Although, on the asset exchange people have been trading another coins "stakes" for NXT.

I'm going long on both BTC and NXT at this point, and watching, dabbling in others more for short term speculation, see what happens stuff.

[Blazin604]

thanks for that...however BTC can be divided into 100million units. If you multiply that by the entire supply it comes out to something like a quadrillion coins. or satoshis or w.e. so youre telling me there isn't enough BTC for retail? Not to mention a NXT coin cant be subdivided as far as I know

[devphp]

thanks for that...however BTC can be divided into 100million units. If you multiply that by the entire supply it comes out to something like a quadrillion coins. or satoshis or w.e. so youre telling me there isn't enough BTC for retail? Not to mention a NXT coin cant be subdivided as far as I know

NXT can be subdivided since 1 month ago or so, same as Bitcoin.

It's just that Bitcoin looks so outdated after NXT, you won't want to use it. It's like telegraph when you have email. Just try it, and the Asset Exchange. Devs are working on other features too. Bitcoin's devs won't add any other features, Bitcoin is just a money transfer mechanism, that's all and that ain't cool The more features and functions - the more business use cases, the wider the adoption. As simple as that.

[PilotofBTC]

thanks for that...however BTC can be divided into 100million units. If you multiply that by the entire supply it comes out to something like a quadrillion coins. or satoshis or w.e. so youre telling me there isn't enough BTC for retail? Not to mention a NXT coin cant be subdivided as far as I know

True, it's more of a psychological thing. that's whey they are talking about using "Bit" as a decimal portion cause people really don't know math and understand what a uBTC vs mBTC etc really mean.

That'll be .00002340 bitcoin please.

I was mostly talking about the POS (point of sale) type of retail and the transaction confirm speed.

[ChuckOne]

thanks for that...however BTC can be divided into 100million units. If you multiply that by the entire supply it comes out to something like a quadrillion coins. or satoshis or w.e. so youre telling me there isn't enough BTC for retail? Not to mention a NXT coin cant be subdivided as far as I know

NXT can be subdivided since 1 month ago or so, same as Bitcoin.

It's just that Bitcoin looks so outdated after NXT, you won't want to use it. It's like telegraph when you have email. Just try it, and the Asset Exchange. Devs are working on other features too. Bitcoin's devs won't add any other features, Bitcoin is just a money transfer mechanism, that's all and that ain't cool The more features and functions - the more business use cases, the wider the adoption. As simple as that.

Simple. +1

[ChuckOne]

https://bitcointalk.org/index.php?topic=639060.0

Lol. 100% Nxt.

[Cassius]

Hello all...I am thinking of throwing some serious $$$ at NXT. Not really sure about it right now. I am not clear as to weather NXT will be able to co-exist with Bitcoin or is it a direct competitor? I also need to know if BTC and other cryptos can be traded through NXT. What are everyones views on the future? Do you see NXT over taking Bitcoin or bitcoin serving as a digital "gold" ....also I have a NXT wallet and it says im not secure unless I buy some NXT and send some out to someone? I am very confused about this as well..

My advice would be to take a good look around the client and the forums and see what NXT is capable of, now and in the near future. Other people will be better placed to give you tech detail, but prepare to be impressed.
The other issue is simple: get a few NXT from a faucet, and make one outgoing transaction (register an Alias, send a NXT back to the faucet or any other address, etc). That will register your public key with the network and make your account far more secure. Not that it's very insecure now, but it will be rock-solid secure that way.

[Cassius]

thanks for that...however BTC can be divided into 100million units. If you multiply that by the entire supply it comes out to something like a quadrillion coins. or satoshis or w.e. so youre telling me there isn't enough BTC for retail? Not to mention a NXT coin cant be subdivided as far as I know

This really isn't an issue as I see it. Both can be subdivided to 8 decimal places, and it could be more if the protocol was changed.

I also think there's more than enough room for 2 cryptos, or more. Adoption is tiny at the moment. The big fight is not between Bitcoin and NXT, or Bitcoin and LTC. It's crypto vs fiat.
NXT is well positioned to help with that, since the AE and multigateway can be used for decentralised crypto trading (AE already is).

[devphp]

NXT has an advantage for wider adoption in that it hasn't received years of negative press that have formed bad image in the eyes of the public. Some people won't touch Bitcoin with a ten-foot pole now that the media performed their agenda. And here comes multi-featured NXT, all shiny and bright, with no negative stigma around it. Just like Dogecoin, by the way

[Blazin604]

https://bitcointalk.org/index.php?topic=639060.0

[PilotofBTC]

NXT has an advantage for wider adoption in that it hasn't received years of negative press that have formed bad image in the eyes of the public. Some people won't touch Bitcoin with a ten-foot pole now that the media performed their agenda. And here comes multi-featured NXT, all shiny and bright, with no negative stigma around it. Just like Dogecoin, by the way

The one main downside NXT has in my eyes is the single ID for a person. You have to manage multiple ids/passwords if you want to try to obscure your identity and holdings at all.

The other downside, which some list as a benefit, is that so much stuff is being pilled onto NXT that it might be confusing to some people to just use as a currency. Although, I think this can mostly be solved by having a "lite" wallet that hides the Forging, Aliases, AE, DSG, messaging etc, and only has Balance/Send/Receive stuff on it. Or at least hides all that stuff by default.

[Hardeep Reddy]

Bitcoin will implement all of the NXT features in the future

[Canaanite]

Bitcoin will implement all of the NXT features in the future

Bitcoin Can implement all of the NXT features in the future...
Its so difficult to make the tiniest change in Bitcoin...

[Canaanite]

The other downside, which some list as a benefit, is that so much stuff is being pilled onto NXT that it might be confusing to some people to just use as a currency. Although, I think this can mostly be solved by having a "lite" wallet that hides the Forging, Aliases, AE, DSG, messaging etc, and only has Balance/Send/Receive stuff on it. Or at least hides all that stuff by default.

+1
It did take me a while to understand whats going on...


But it just made me understand that NXT is so much more then a currency

[msin]

Bitcoin will implement all of the NXT features in the future

On the flip side, Nxt is planning to have it's marketcap completely manipulated and then 10% of it's total supply stolen by Mark Karpeles at some point.