Cassius
Legendary
Offline
Activity: 1764
Merit: 1031
|
|
June 13, 2014, 10:47:27 AM |
|
some time ago NXT was working on atomic-cross chain trading - is this project still alive?
Do you mean decentralized crypto trading (aka multigateway)? Oooh, yes. They're looking for testers if you're interested.
|
|
|
|
NEM minnow
Member
Offline
Activity: 104
Merit: 10
|
|
June 13, 2014, 10:52:22 AM |
|
You seem very knowledgeable. Can I ask you something? Or anybody else? My password is 34 characters long. No dictionary words, no spaces, all more or less random numbers, letters, and symbols. NXT says it needs to be 35 or longer I think. Should I move the NXT to another account?
If it's truly random, you are safe. https://www.dropbox.com/s/syd8vwf31y90ev4/Passphrase_Length_vs_Complexity.xlsShouldn't have to worry. The odds of a 34 character random password getting guessed are.... ~0 I think 35 was specified because most people don't use truly random passwords. Mine is 30 chars, generated like a Bitcoin mini private key. Working on the same principles, it will be the end of the universe before it's guessed by the fastest computer ever made. Sorry I don't use Bitcoin often, is that the same as a Bitcoin address? A theft was carried out as someone used an old bitcoin address >>> Looks random but it wasn't, appeared in many google results. Just checking 34 random char password is 5 trillion times stronger than bitcoin address which has 2^160 bits entropy. The problem really is never length but predictability. If your long password is predicable (or in any kind of database or blochairn) it's a weak password Thank you guys. I appreciate it. It would be impossible for the string to be in any dictionary or database. It basically looks like this. InewnfeIePnfda232907523790573452$@ (not it of course or anything close actually) I feel a lot more confident now. Every time I saw that 35 character warning come up, I was a bit nervous.
|
|
|
|
|
NEM minnow
Member
Offline
Activity: 104
Merit: 10
|
|
June 13, 2014, 11:12:43 AM |
|
Whooooooaaaaaa. This is really happening? That is like the axis mundi of crypto! I mean really, people are talking about "anonymity" and I think that is important, but I would much rather see trustless exchanges in crypto. (if that is really what this is) It seems like there are a dozen or more anon coins out and a dozen more coming out, but only one coin is working on multigateway that I know of. I have already invested everything I can afford to lose in NXT. If it wasn't so, I would buy more!
|
|
|
|
NEM minnow
Member
Offline
Activity: 104
Merit: 10
|
|
June 13, 2014, 11:18:48 AM |
|
Can I be clear here? Is this like a Mt. Gox that I don't have to trust with my money? Is there anyway I could be using this service and get all my coins stolen? Maybe not in the same way Gox stole, but maybe in a different way?
|
|
|
|
Cassius
Legendary
Offline
Activity: 1764
Merit: 1031
|
|
June 13, 2014, 11:31:31 AM |
|
Can I be clear here? Is this like a Mt. Gox that I don't have to trust with my money? Is there anyway I could be using this service and get all my coins stolen? Maybe not in the same way Gox stole, but maybe in a different way?
I'm a little hazy on the exact details - need to familiarise myself with it. But yes, I think that's exactly what it is. Basically like sending NXT or buying assets, but for any relevant crypto. Trustless, near-instant, basically free crypto trading. If it works and takes off, it will kill Cryptsy and other crypto-only platforms at a stroke. The only thing that will differentiate traditional exchanges would be crypto <--> fiat. An absolutely huge development.
|
|
|
|
Damelon (OP)
Legendary
Offline
Activity: 1092
Merit: 1010
|
|
June 13, 2014, 11:42:42 AM |
|
|
|
|
|
qqNxt
|
|
June 13, 2014, 11:47:37 AM |
|
|
|
|
|
Cassius
Legendary
Offline
Activity: 1764
Merit: 1031
|
|
June 13, 2014, 11:48:32 AM |
|
Ha, some people already trying their luck at offloading large amounts at a premium. In other news: a while back I saw a screen grab of CoinMarketCap from about 6 months back, compared with now. I think it was on the NXTForum boards somewhere. Does anyone know where I can find this or could get something similar? I'd like to use it for an article about how the landscape has changed since then. Thanks!
|
|
|
|
LiQio
Legendary
Offline
Activity: 1181
Merit: 1002
|
|
June 13, 2014, 11:55:12 AM |
|
Ha, some people already trying their luck at offloading large amounts at a premium. In other news: a while back I saw a screen grab of CoinMarketCap from about 6 months back, compared with now. I think it was on the NXTForum boards somewhere. Does anyone know where I can find this or could get something similar? I'd like to use it for an article about how the landscape has changed since then. Thanks! might be this: https://nxtforum.org/index.php?topic=85.msg35492#msg35492
|
|
|
|
devphp
|
|
June 13, 2014, 12:01:13 PM |
|
Is this the first large NXT/USD market or are there other smaller ones?
|
|
|
|
Cassius
Legendary
Offline
Activity: 1764
Merit: 1031
|
|
June 13, 2014, 12:03:06 PM |
|
Ha, some people already trying their luck at offloading large amounts at a premium. In other news: a while back I saw a screen grab of CoinMarketCap from about 6 months back, compared with now. I think it was on the NXTForum boards somewhere. Does anyone know where I can find this or could get something similar? I'd like to use it for an article about how the landscape has changed since then. Thanks! might be this: https://nxtforum.org/index.php?topic=85.msg35492#msg35492Yep, that's the one, thanks!
|
|
|
|
|
Daedelus
|
|
June 13, 2014, 12:21:06 PM |
|
Can I be clear here? Is this like a Mt. Gox that I don't have to trust with my money? Is there anyway I could be using this service and get all my coins stolen? Maybe not in the same way Gox stole, but maybe in a different way?
Yes, it is happening. NxtPrivacy comes later NxtServices, which Multigateway forms a part, basically links you BTC and Nxt addresses together. You don't store your coins on Multigateway like you did with MTGox. It is almost trustless at the moment based on three multigateway servers agreeing with each other before allowing the cross chain transaction. jl777 admins 2 of them and bithaus will admin the third, the idea is that each new prominent business will admin another server. jl777 originally planned 100 servers but there will be a bootstrapping phase to get up to this. You would then have to compromise them all to crack multigateway. This is my understanding, james will probably correct me if I am out of date
|
|
|
|
Daedelus
|
|
June 13, 2014, 12:22:48 PM |
|
Is this the first large NXT/USD market or are there other smaller ones? This is the first AFAIK, the regulation has just been to much for most. Could have been done on Ripple I suppose but now it is more straightforward.
|
|
|
|
griffinriz
|
|
June 13, 2014, 12:23:32 PM |
|
Is this the first large NXT/USD market or are there other smaller ones? This is the first AFAIK. bter just needs to add OKPAY now
|
|
|
|
durerus
|
|
June 13, 2014, 12:30:15 PM |
|
Can I be clear here? Is this like a Mt. Gox that I don't have to trust with my money? Is there anyway I could be using this service and get all my coins stolen? Maybe not in the same way Gox stole, but maybe in a different way?
Yes, it is happening. NxtPrivacy comes later NxtServices, which Multigateway forms a part, basically links you BTC and Nxt addresses together. You don't store your coins on Multigateway like you did with MTGox. It is almost trustless at the moment based on three multigateway servers agreeing with each other before allowing the cross chain transaction. jl777 admins 2 of them and bithaus will admin the third, the idea is that each new prominent business will admin another server. jl777 originally planned 100 servers but there will be a bootstrapping phase to get up to this. You would then have to compromise them all to crack multigateway. This is my understanding, james will probably correct me if I am out of date Really exciting feature. But what I don't understand is this: Who has control over the private keys of the deposit addresses when people deposit for example btc? Are they stored on each of the 3 servers? If there will be 100 servers one day, wouldn't that increase the risk of one server with all the privkeys of the deposit addresses getting hacked? EDIT: Or do they use multisig?
|
|
|
|
devphp
|
|
June 13, 2014, 12:32:14 PM |
|
bter just needs to add OKPAY now Yeah, would be nice to be able to fund not only with egopay, but there are okpay->egopay exchanges I believe, although commission fees might be bad.
|
|
|
|
Daedelus
|
|
June 13, 2014, 12:38:40 PM |
|
Can I be clear here? Is this like a Mt. Gox that I don't have to trust with my money? Is there anyway I could be using this service and get all my coins stolen? Maybe not in the same way Gox stole, but maybe in a different way?
Yes, it is happening. NxtPrivacy comes later NxtServices, which Multigateway forms a part, basically links you BTC and Nxt addresses together. You don't store your coins on Multigateway like you did with MTGox. It is almost trustless at the moment based on three multigateway servers agreeing with each other before allowing the cross chain transaction. jl777 admins 2 of them and bithaus will admin the third, the idea is that each new prominent business will admin another server. jl777 originally planned 100 servers but there will be a bootstrapping phase to get up to this. You would then have to compromise them all to crack multigateway. This is my understanding, james will probably correct me if I am out of date Really exciting feature. But what I don't understand is this: Who has control over the private keys of the deposit addresses when people deposit for example btc? Are they stored on each of the 3 servers? If there will be 100 servers one day, wouldn't that increase the risk of one server with all the privkeys of the deposit addresses getting hacked? Generally, private keys are handled on the client side and don't go to the servers. But I don't know for sure, so... I asked jl777 here: https://nxtforum.org/nxtventures/mgw-multigateway/msg43744#msg43744Edit: Multisig! Yes.
|
|
|
|
zachamo
Sr. Member
Offline
Activity: 346
Merit: 251
There can be only one!
|
|
June 13, 2014, 12:38:45 PM |
|
Ugh... Are you kidding me? Are there bots prowling the network with a boatload of password-account combinations stored watching the for transactions to known addresses or something?
I got some NXT a long time ago and kept it tucked away, but with the updated client it seems I didn't have a public key, so I sent a message.. easy enough... my balance was there, but I couldn't forge because it was unconfirmed... so I figure this has something to do with old balances being 'unconfirmed' under the updated protocol until it's seen activity.. So I flip my NXT into another account that I used in the past (tx 3603756272827733121), wait for it to confirm, and as soon as it does the NXT has moved on to an account out of my control (tx 10738856805317237622)...!!!
WTF? I sat here waiting for a confirm to flip it right back, and it vanishes before my very eyes! We're talking within 2 seconds of the first confirmation!
If the network is this compromised, how do you ever expect mainstream adoption... I've had an eye on NXT since the beginning and was really into the new look and feel, the asset exchange, etc.. My interest was building in NXT again (initially less than impressed by the distribution, but it seemed a lot of great work had gone into the protocol..) Too bad.. Nxt looked cool, but as it stands I'm out.. Not sure that this can be called a 2nd generation crypto when it's this vulnerable to theft. I'd say the target audience is even more specialized than bitcoin; the average joe can hardly remember "Password1"!
Sorry for your loss. Can you share the password of your second account? I also find it weird that someone compromised your account that fast. I would rather not share my 'passphrase' or unique key or whatever you want to call it because it has elements of a common password that I use for low security purposes (i.e. one-use account on random forums). It was admittedly a meager 21 chars including dictionary words and spaces.. Much better than a laymans password but not the level of security I usually use (thus why it was a depreciated account/wallet). I haven't been in that account for about 4-5 months and was just using it to bounce my nxt to see if that would get it properly recognized (effective balance was 0 despite having NXT). The thing that concerns me is that the transaction occurred within 2 seconds of the first confirmation.. It's not like I left nxt sitting around in an unsecure account, this was just a brief bounce to try to 'reactivate' my nxt. The amount is irrelevant in this case - about 250 nxt (all I had), but the fact that it was so rapidly snagged is concerning to say the least.. it made me realize a major flaw for NXT and the layman.. A bot can easily collect a massive list of account keys and related 'security phrases' via brute force (offline so it's undetected), store these, and watch the blockchain for transactions to accounts that fall within it's dictionary, then instantly log in and with bot-like speed, snipe those NXT on the first transaction... I really don't see any other way this could have happened.. I was working on something else and came back probably 3 minutes after the block to see the nxt was gone - sent to a so-far unused account. The vulnerability is human error, and seeing as you're looking for humans to use this system, I'd call that a pretty big barrier when it comes to user adoption.. I'm an IT business analyst by trade and that just doesn't fly for me - NXT has a lot of great things that Bitcoin does not, but at the end of the day, it's harder to steal someone's bitcoins because you basically have to steal their wallet.dat whereas with NXT you just need to figure out their passphrase.. In this case the theif used NXT-X6AP-V3S7-RBHA-GQW8Z, which I'm sure will see no activity for some time before it goes through a wash.. I remember from the get-go there were countless issues with theft, looks like this has gotten worse. Enough to scare me off NXT. GL.
|
4000 chars available and all I got was this stupid tagline.
|
|
|
|