zachamo
Sr. Member
Offline
Activity: 347
Merit: 251
There can be only one!
|
|
June 13, 2014, 04:42:21 PM |
|
|
4000 chars available and all I got was this stupid tagline.
|
|
|
Shivalein
Member
Offline
Activity: 117
Merit: 10
|
|
June 13, 2014, 04:42:52 PM |
|
A whole fucking forum full of fucking trolls.
Please close and moderate the nxt thread
|
|
|
|
ChuckOne
Sr. Member
Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
|
June 13, 2014, 04:48:53 PM |
|
1000 million scam coins for sale
Where? I want to buy cheap! NOT on MINTPALL they dont do scamming shit coins. Hmm... Starting at the top of their coin list going down. AC - PoS coin. AUR - PoW but 50% PREMINE - (created on a keyboard) BC - PoS coin. C2 - PoS coin. Guess I'll stop there. Why do you care? If you don't like them, don't buy or trade them. Why am I feeding trolls? Because they are cute when they nibble their food.
|
|
|
|
Eadeqa
|
|
June 13, 2014, 06:46:33 PM |
|
Ugh... Are you kidding me? Are there bots prowling the network with a boatload of password-account combinations stored watching the for transactions to known addresses or something?
I got some NXT a long time ago and kept it tucked away, but with the updated client it seems I didn't have a public key, so I sent a message.. easy enough... my balance was there, but I couldn't forge because it was unconfirmed... so I figure this has something to do with old balances being 'unconfirmed' under the updated protocol until it's seen activity.. So I flip my NXT into another account that I used in the past (tx 3603756272827733121), wait for it to confirm, and as soon as it does the NXT has moved on to an account out of my control (tx 10738856805317237622)...!!!
WTF? I sat here waiting for a confirm to flip it right back, and it vanishes before my very eyes! We're talking within 2 seconds of the first confirmation!
If the network is this compromised, how do you ever expect mainstream adoption... I've had an eye on NXT since the beginning and was really into the new look and feel, the asset exchange, etc.. My interest was building in NXT again (initially less than impressed by the distribution, but it seemed a lot of great work had gone into the protocol..) Too bad.. Nxt looked cool, but as it stands I'm out.. Not sure that this can be called a 2nd generation crypto when it's this vulnerable to theft. I'd say the target audience is even more specialized than bitcoin; the average joe can hardly remember "Password1"!
You should use 2 passwords. One that you save locally or on the cloud that has back ups and redundancies and that you dont actually memorize, and one that you do memorize and never save on any computer that touches the internet. Then simply concatenate the two passwords when entering your wallet. The first will protect you against rainbow tables (thats what got you) and the second will protect you against hackers. Its a pretty simple concept but it really should be spelled out, its certainly not peoples fault for not knowing this. Heck the client should even come with two password fields and concatenate them for people imo. This makes absolutely no sense whatsoever. Two passwords and one long passwords is the same thing. "Then simply concatenate the two passwords when entering your wallet." If your machine is compromised, both passwords could be stolen when you are entering them in the wallet. This doesn't add any security then just having one longer password.
|
|
|
|
Triffin
|
|
June 13, 2014, 07:17:00 PM |
|
So, given zachamo's experience, is this a security issue that the devs need to address or is this an individual wallet holder issue with regards to strength of password ??
Triff ..
|
|
|
|
Anon136
Legendary
Offline
Activity: 1722
Merit: 1217
|
|
June 13, 2014, 07:25:13 PM |
|
Ugh... Are you kidding me? Are there bots prowling the network with a boatload of password-account combinations stored watching the for transactions to known addresses or something?
I got some NXT a long time ago and kept it tucked away, but with the updated client it seems I didn't have a public key, so I sent a message.. easy enough... my balance was there, but I couldn't forge because it was unconfirmed... so I figure this has something to do with old balances being 'unconfirmed' under the updated protocol until it's seen activity.. So I flip my NXT into another account that I used in the past (tx 3603756272827733121), wait for it to confirm, and as soon as it does the NXT has moved on to an account out of my control (tx 10738856805317237622)...!!!
WTF? I sat here waiting for a confirm to flip it right back, and it vanishes before my very eyes! We're talking within 2 seconds of the first confirmation!
If the network is this compromised, how do you ever expect mainstream adoption... I've had an eye on NXT since the beginning and was really into the new look and feel, the asset exchange, etc.. My interest was building in NXT again (initially less than impressed by the distribution, but it seemed a lot of great work had gone into the protocol..) Too bad.. Nxt looked cool, but as it stands I'm out.. Not sure that this can be called a 2nd generation crypto when it's this vulnerable to theft. I'd say the target audience is even more specialized than bitcoin; the average joe can hardly remember "Password1"!
You should use 2 passwords. One that you save locally or on the cloud that has back ups and redundancies and that you dont actually memorize, and one that you do memorize and never save on any computer that touches the internet. Then simply concatenate the two passwords when entering your wallet. The first will protect you against rainbow tables (thats what got you) and the second will protect you against hackers. Its a pretty simple concept but it really should be spelled out, its certainly not peoples fault for not knowing this. Heck the client should even come with two password fields and concatenate them for people imo. This makes absolutely no sense whatsoever. Two passwords and one long passwords is the same thing. "Then simply concatenate the two passwords when entering your wallet." If your machine is compromised, both passwords could be stolen when you are entering them in the wallet. This doesn't add any security then just having one longer password. No i dont think so. Im pretty sure that a password that you store in a text file on your desktop and copy and paste into your client is less secure than one that you memorize and type into your client.
|
Rep Thread: https://bitcointalk.org/index.php?topic=381041If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
|
|
|
Este Nuno
Legendary
Offline
Activity: 826
Merit: 1002
amarha
|
|
June 13, 2014, 07:42:10 PM |
|
Words relating to pay expo
sending an ounce of silver to say thankyou for the hard work. How does this work? I saw you have silver listed on NXT somehow from a giveaway thread you posted(I think it was you anyway). When you say you're sending him an ounce of silver, does that mean you're sending him coloured coins or something at represent 1 oz of silver? How does one redeem them for real silver?
|
|
|
|
Anon136
Legendary
Offline
Activity: 1722
Merit: 1217
|
|
June 13, 2014, 07:47:24 PM |
|
Words relating to pay expo
sending an ounce of silver to say thankyou for the hard work. How does this work? I saw you have silver listed on NXT somehow from a giveaway thread you posted(I think it was you anyway). When you say you're sending him an ounce of silver, does that mean you're sending him coloured coins or something at represent 1 oz of silver? How does one redeem them for real silver? Yes i am sending a colored coin. For the lower 48 in the US, inorder to redeam one must send an amount of tokens divisible by ten to the issuing address with an adjoined message containing the mailing address that you would like the coins to be delivered to. Shipping to anywhere else should pm me to discuss specific arrangements.
|
Rep Thread: https://bitcointalk.org/index.php?topic=381041If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
|
|
|
From Above
|
|
June 13, 2014, 07:50:38 PM |
|
Words relating to pay expo
sending an ounce of silver to say thankyou for the hard work. How does this work? I saw you have silver listed on NXT somehow from a giveaway thread you posted(I think it was you anyway). When you say you're sending him an ounce of silver, does that mean you're sending him coloured coins or something at represent 1 oz of silver? How does one redeem them for real silver? Yes i am sending a colored coin. For the lower 48 in the US, inorder to redeam one must send an amount of tokens divisible by ten to the issuing address with an adjoined message containing the mailing address that you would like the coins to be delivered to. Shipping to anywhere else should pm me to discuss specific arrangements. Send me some silver plz U ship to Russia?
|
|
|
|
Eadeqa
|
|
June 13, 2014, 07:51:41 PM |
|
No i dont think so. Im pretty sure that a password that you store in a text file on your desktop and copy and paste into your client is less secure than one that you memorize and type into your client.
A keylogger can catch both password when you enter them (the one you type and the one you copy and paste) Password manager is safer as some of them (like Keypass) have anti key logger features http://keepass.info/help/v2/autotype_obfuscation.html
|
|
|
|
PilotofBTC
Legendary
Offline
Activity: 1736
Merit: 1001
|
|
June 13, 2014, 07:52:28 PM |
|
No i dont think so. Im pretty sure that a password that you store in a text file on your desktop and copy and paste into your client is less secure than one that you memorize and type into your client.
There's two issues here. 1. Will a sufficiently long/complex password protect your NXT account. YES. It will take ages to crack strong passworded NXT ids. 2. Are you able to keep your password safe? Um, storing it in a text file doesn't seem safe to me. But, I agree, memorizing a "pin" (call it that last 4-6 digits of your password) and never writing them down or saving them in a file is a nice idea. Also, make sure you are running a fire wall and good mal ware software to prevent key loggers from getting to your PC. Any idea if anyone is working on a wallet like Armory that lets you create/sign transactions on a warm storage device and then transmit them from a hot wallet?
|
|
|
|
Eadeqa
|
|
June 13, 2014, 07:56:44 PM |
|
Any idea if anyone is working on a wallet like Armory that lets you create/sign transactions on a warm storage device and then transmit them from a hot wallet?
It's totally possible (and should be really easy) to create a small app (not fully featured client) that signs transactions on offline computer and then you broadcast it on online machine. Maybe we can set a bounty on it?
|
|
|
|
PilotofBTC
Legendary
Offline
Activity: 1736
Merit: 1001
|
|
June 13, 2014, 07:58:19 PM |
|
Any idea if anyone is working on a wallet like Armory that lets you create/sign transactions on a warm storage device and then transmit them from a hot wallet?
It's totally possible (and should be really easy) to create a small app (not fully featured client) that signs transactions on offline computer and then you broadcast it on online machine. Maybe we can set a bounty on it? I'm going to have to write code to do this for the anonymizer I am working on. So, I could probably put something together from that. A bounty would motivate me.
|
|
|
|
Eadeqa
|
|
June 13, 2014, 08:00:16 PM |
|
Any idea if anyone is working on a wallet like Armory that lets you create/sign transactions on a warm storage device and then transmit them from a hot wallet?
It's totally possible (and should be really easy) to create a small app (not fully featured client) that signs transactions on offline computer and then you broadcast it on online machine. Maybe we can set a bounty on it? I'm going to have to write code to do this for the anonymizer I am working on. So, I could probably put something together from that. A bounty would motivate me. You should ask Anon136 for bounty as he is on community funds I don't think bounty should be large, as this should be really easy task as you just save the transaction to USB drive, sign it on offline machine, then back to online machine to broadcast it. All the API and error checking is already done by NRS
|
|
|
|
Cassius
Legendary
Offline
Activity: 1764
Merit: 1031
|
|
June 13, 2014, 08:00:35 PM |
|
Any idea if anyone is working on a wallet like Armory that lets you create/sign transactions on a warm storage device and then transmit them from a hot wallet?
It's totally possible (and should be really easy) to create a small app (not fully featured client) that signs transactions on offline computer and then you broadcast it on online machine. Maybe we can set a bounty on it? This is a great idea. I really think that's one feature that NXT would benefit from, or some kind of cold storage solution. At the moment, I'm keeping the bulk of my NXT in a separate account from my day-to-day one. I don't sign in often and was careful setting it up, but it's still not as secure as traditional (bitcoin-style) cold storage, where nothing needs to be done online.
|
|
|
|
dandruff1138
|
|
June 13, 2014, 08:02:29 PM |
|
NXT won't let me unwatch this thread!!!!
|
|
|
|
PilotofBTC
Legendary
Offline
Activity: 1736
Merit: 1001
|
|
June 13, 2014, 08:08:44 PM |
|
Any idea if anyone is working on a wallet like Armory that lets you create/sign transactions on a warm storage device and then transmit them from a hot wallet?
It's totally possible (and should be really easy) to create a small app (not fully featured client) that signs transactions on offline computer and then you broadcast it on online machine. Maybe we can set a bounty on it? This is a great idea. I really think that's one feature that NXT would benefit from, or some kind of cold storage solution. At the moment, I'm keeping the bulk of my NXT in a separate account from my day-to-day one. I don't sign in often and was careful setting it up, but it's still not as secure as traditional (bitcoin-style) cold storage, where nothing needs to be done online. Generating a paper wallet would be pretty simple (since you are just generating a random password/id). The thing is, according to the NXT devs you really need to spend from an account/id to secure it (I guess that creates the public key?). Although, I do admit I'm not 100% sure how doing the spend really secures the account.
|
|
|
|
Eadeqa
|
|
June 13, 2014, 08:13:53 PM |
|
Generating a paper wallet would be pretty simple (since you are just generating a random password/id). The thing is, according to the NXT devs you really need to spend from an account/id to secure it (I guess that creates the public key?). Although, I do admit I'm not 100% sure how doing the spend really secures the account.
Your account number is 64 bits. So there could be many passwords (infinite actually) that result in the same 64 bit account ID. When you send an outgoing transaction, the account is no longer is protected just by 64 bit account ID, but by the 256 bit public key as the network now knows the public key for that account ID. That's why it's required to send at least one outgoing transaction. We don't need paper wallet. Just an app that does off line signing would make it close to 100% secure as the user is safe from keyloggers and malware. One outgoing transcation will still be needed, but that transaction can be signed on an offline computer that will never have internet connection.
|
|
|
|
Este Nuno
Legendary
Offline
Activity: 826
Merit: 1002
amarha
|
|
June 13, 2014, 08:31:03 PM |
|
Words relating to pay expo
sending an ounce of silver to say thankyou for the hard work. How does this work? I saw you have silver listed on NXT somehow from a giveaway thread you posted(I think it was you anyway). When you say you're sending him an ounce of silver, does that mean you're sending him coloured coins or something at represent 1 oz of silver? How does one redeem them for real silver? Yes i am sending a colored coin. For the lower 48 in the US, inorder to redeam one must send an amount of tokens divisible by ten to the issuing address with an adjoined message containing the mailing address that you would like the coins to be delivered to. Shipping to anywhere else should pm me to discuss specific arrangements. This is really cool to see a real world application of coloured coins! Someone could even trade that silver token for some coffee beans or something if someone sold coffee tokens as well. I wonder what sort of commodities trading we'll see. It's an exciting prospect in my opinion.
|
|
|
|
devphp
|
|
June 13, 2014, 08:37:01 PM |
|
This is really cool to see a real world application of coloured coins! Someone could even trade that silver token for some coffee beans or something if someone sold coffee tokens as well. I wonder what sort of commodities trading we'll see. It's an exciting prospect in my opinion.
I believe some dev said they would try to implement trading anything for anything on the asset exchange or multigateway, but don't take my word for it, I may be wrong. Actually, that'd be redundant, as that would be bartering, and why is that necessary if there is such a standard unit of accounting as 1 NXT and everything can be priced against it.
|
|
|
|
|