Author

Topic: NXT :: descendant of Bitcoin - Updated Information - page 1232. (Read 2761645 times)

hero member
Activity: 714
Merit: 500
Crypti Community Manager
Jackpot! Forged a block with 85 NXT inside.

If NXT gets big this is a nice sum for something I get for doing nothing. Smiley
hero member
Activity: 644
Merit: 500
I always liked the idea, but the problem might be that users will pick those combinations that are easier to remember and there goes your entropy.

You can generate the words randomly for the user!

Sure, but my fear is that users will keep generating secrets until they get one that is easy to remember.


Make all 1626 words easy, very very easy, so everyone will look just as easy as the other.

It doesn't matter what words are in the dictionary, as entropy remains 128-bit with 12 words.

"users will keep generating secrets until they get one that is easy to remember."

Even if  a user is generating 1 trillion combinations a second   (to find the one he/she likes the best) , it will take them 10830285071923307579  YEARS to go through the list.

Let them keep "generating"  it until they find the one they like. It doesn''t matter.   All the words in the dictionary should be easy (like "dog" "night" "sun" etc) . Different people might like different words, so what?  
 
128 bit a BIG number ...

 

By the way, if you do use this (or any other system) make sure to force the user to retype the pass phrase once on the next screen. That will guarantee that the user has saved it or memorized it.  


You should try it on Electrum 

https://electrum.org/download.html

to see how it works
legendary
Activity: 1181
Merit: 1018

@CfB: I have 41 api calls so far. Would the prototype for the 'getAccount' call (number42) look like this:
    
        # 42
        self.getAccount= {
                                        "requestType" : "getAccount" , \
                                        "account" : "ACCNUM"
                                        }
        
thanks for putting it in!

ps: reason why I am asking is that the TESTNET is bitching again about 'too many connection requests' - even on my first attempt today ...
legendary
Activity: 2142
Merit: 1010
Newbie
Ed25519 signature verification system used by Nxt itsef isn't stronger than 128-bit

http://ed25519.cr.yp.to/

" This system has a 2^128 security target; breaking it has similar difficulty to breaking NIST P-256, RSA with ~3000-bit keys, strong 128-bit block ciphers, etc."

Few corrections:

- Nxt uses KCDSA based on Curve25519, not Ed25519.
- P-256, unlike Curve25519, maybe insecure (http://safecurves.cr.yp.to)
hero member
Activity: 644
Merit: 500

No one needs more than 128-bits. The public signature system curve25519 itself is not stronger than 128-bits, so if someone really wants to brute force, they might just as well try it on curve25519 instead of user's password.

 128-bit cannot be  brute forced.

http://en.wikipedia.org/wiki/Brute-force_attack

Quote
There is a physical argument that a 128-bit symmetric key is computationally secure against brute-force attack. The so-called Landauer limit implied by the laws of physics sets a lower limit on the energy required to perform a computation of kT  · ln 2 per bit erased in a computation, where T is the temperature of the computing device in kelvins, k is the Boltzmann constant, and the natural logarithm of 2 is about 0.693. No irreversible computing device can use less energy than this, even in principle.[2] Thus, in order to simply flip through the possible values for a 128-bit symmetric key (ignoring doing the actual computing to check it) would theoretically require 2128 − 1 bit flips on a conventional processor. If it is assumed that the calculation occurs near room temperature (~300 K) the Von Neumann-Landauer Limit can be applied to estimate the energy required as ~1018 joules, which is equivalent to consuming 30 gigawatts of power for one year. This is equal to 30×109 W×365×24×3600 s = 9.46×1017 J or 262.7 TWh (more than 1/100th of the world energy production).[citation needed] The full actual computation – checking each key to see if you have found a solution – would consume many times this amount.




Im not saying that we need it, i was refering to the fact that if he wants to implement it, i would prefer a bigger library over a longer phrase !

I know, I was just saying that there are a lot of silly suggestions about passwords here and on the wiki about making 30, 50 or even 70 char passwords! This is silly. There is no need for higher than 128 bit strength password.

Ed25519 signature verification system used by Nxt itsef isn't stronger than 128-bit

http://ed25519.cr.yp.to/

" This system has a 2^128 security target; breaking it has similar difficulty to breaking NIST P-256, RSA with ~3000-bit keys, strong 128-bit block ciphers, etc."





legendary
Activity: 1680
Merit: 1001
CEO Bitpanda.com
Looks like I was right, in the end Nxt will be competing with Doge, not Bitcoin - http://coinmarketcap.com/

well, let's hope this is not the "end" of our journey Wink

...he means competing for position 1!   Wink

Ok then! I don't even mind position 2 behind doge, if that means our Marketcap is higher than the 10bn of BTC now haha
legendary
Activity: 1181
Merit: 1018

@CfB - I have a question. What is the api call 'broadcastTransaction' used for ? forgot if it was discussed before. sry..


It's used to resend transactions lost in limbo.

THANKS!  Smiley
legendary
Activity: 1680
Merit: 1001
CEO Bitpanda.com

No one needs more than 128-bits. The public signature system curve25519 itself is not stronger than 128-bits, so if someone really wants to brute force, they might just as well try it on curve25519 instead of user's password.

 128-bit cannot be  brute forced.

http://en.wikipedia.org/wiki/Brute-force_attack

Quote
There is a physical argument that a 128-bit symmetric key is computationally secure against brute-force attack. The so-called Landauer limit implied by the laws of physics sets a lower limit on the energy required to perform a computation of kT  · ln 2 per bit erased in a computation, where T is the temperature of the computing device in kelvins, k is the Boltzmann constant, and the natural logarithm of 2 is about 0.693. No irreversible computing device can use less energy than this, even in principle.[2] Thus, in order to simply flip through the possible values for a 128-bit symmetric key (ignoring doing the actual computing to check it) would theoretically require 2128 − 1 bit flips on a conventional processor. If it is assumed that the calculation occurs near room temperature (~300 K) the Von Neumann-Landauer Limit can be applied to estimate the energy required as ~1018 joules, which is equivalent to consuming 30 gigawatts of power for one year. This is equal to 30×109 W×365×24×3600 s = 9.46×1017 J or 262.7 TWh (more than 1/100th of the world energy production).[citation needed] The full actual computation – checking each key to see if you have found a solution – would consume many times this amount.




Im not saying that we need it, i was refering to the fact that if he wants to implement it, i would prefer a bigger library over a longer phrase !
hero member
Activity: 644
Merit: 500
I always liked the idea, but the problem might be that users will pick those combinations that are easier to remember and there goes your entropy.

You can generate the words randomly for the user!

Sure, but my fear is that users will keep generating secrets until they get one that is easy to remember.

Diceware looks nice. Just 10 words for 128bit entropy.

Quote
Use this Electum's dictionary

https://raw.github.com/spesmilo/electrum/master/lib/mnemonic.py

or make your own with easy words

12 random words from this 1626 word dictionary gives you 128 bit entropy.

Which entropy should I try to achieve? Is 128bit enough? For 256 bit, 20 words would be needed.

128 is enough. If you want higher entropy i would use a bigger library instead of a longer phrase!

No one needs more than 128-bits. The public signature system curve25519 itself is not stronger than 128-bits, so if someone really wants to brute force, they might just as well try it on curve25519 instead of user's password.

 128-bit cannot be  brute forced.

http://en.wikipedia.org/wiki/Brute-force_attack

Quote
There is a physical argument that a 128-bit symmetric key is computationally secure against brute-force attack. The so-called Landauer limit implied by the laws of physics sets a lower limit on the energy required to perform a computation of kT  · ln 2 per bit erased in a computation, where T is the temperature of the computing device in kelvins, k is the Boltzmann constant, and the natural logarithm of 2 is about 0.693. No irreversible computing device can use less energy than this, even in principle.[2] Thus, in order to simply flip through the possible values for a 128-bit symmetric key (ignoring doing the actual computing to check it) would theoretically require 2128 − 1 bit flips on a conventional processor. If it is assumed that the calculation occurs near room temperature (~300 K) the Von Neumann-Landauer Limit can be applied to estimate the energy required as ~1018 joules, which is equivalent to consuming 30 gigawatts of power for one year. This is equal to 30×109 W×365×24×3600 s = 9.46×1017 J or 262.7 TWh (more than 1/100th of the world energy production).[citation needed] The full actual computation – checking each key to see if you have found a solution – would consume many times this amount.


legendary
Activity: 866
Merit: 1002
First chapters of NxtMyths as infographics:
http://nxtcoin.blogspot.cz/2014/01/nxt-distribution-infographics.html
= multimedia

Best quality:
(img)

Good night  Wink

PS: donations, as usual  Cool 15003961341330858247

looks good, could you tone down a bit colors in "distribution charts" ?
hero member
Activity: 910
Merit: 1000
Solar powered NXT node for conferences!

Berlin conference first!  Wink

I want to support the next conferences with a RasPI completly solar powered in a nice box.
- RasPI model B
- Wlan USB Stick with preconfigured DHCP settings (just turn on wifi tethering on your mobile phone with SSID: NXT, PW: RasPI-NXT)
- Solar panel on top of the box
- 2x Li-Ion battery powerbank (up to 4x 18650 Li-Ion recharchable batterys each) (up to 27'200mAh! It will be able to run NXT node up to 30 hours without Sun!)
(I can sent this to Berlin with batteries included, but not outside germany, so you have to buy the batteries your self)
- open NRS of the RasPI on your mobile phone to show it

All parts will be assembled with latest raspian configured to start up NXT server and login to Wlan 802.11bgn after plugin the power cable of the RasPI.

I will also make a list of all parts, so other conferences can build it's own, because of customs/tax etc.

Some more equipment will arrive next week, then I will also build up odroid U3 and XU (octacore Wink).

2 photos:
You see 2 cables going into the box, atm the batteries need a first charge with normal 5V/1A powersupplys, it should be done in ~14 hours


And the parts in the box:


If the community like it, I can send it to one of the Berlin conference people. Well, please resend to me when finished Wink

Todo:
- testing odroid U3 + XU
- measure power consumption of all parts, batteries and solar panel to optimice power usage for offgrid solar NXT nodes
- make a list off all pars + weblinks to shops
- howto
- ...

Greets,
eb

Very nice!
legendary
Activity: 2142
Merit: 1010
Newbie

@CfB - I have a question. What is the api call 'broadcastTransaction' used for ? forgot if it was discussed before. sry..


It's used to resend transactions lost in limbo.
legendary
Activity: 1680
Merit: 1001
CEO Bitpanda.com
I always liked the idea, but the problem might be that users will pick those combinations that are easier to remember and there goes your entropy.

You can generate the words randomly for the user!

Sure, but my fear is that users will keep generating secrets until they get one that is easy to remember.

Diceware looks nice. Just 10 words for 128bit entropy.

Quote
Use this Electum's dictionary

https://raw.github.com/spesmilo/electrum/master/lib/mnemonic.py

or make your own with easy words

12 random words from this 1626 word dictionary gives you 128 bit entropy.

Which entropy should I try to achieve? Is 128bit enough? For 256 bit, 20 words would be needed.

128 is enough. If you want higher entropy i would use a bigger library instead of a longer phrase!
hero member
Activity: 644
Merit: 500
I always liked the idea, but the problem might be that users will pick those combinations that are easier to remember and there goes your entropy.

You can generate the words randomly for the user!

Sure, but my fear is that users will keep generating secrets until they get one that is easy to remember.


Make all 1626 words easy, very very easy, so everyone will look just as easy as the other.

It doesn't matter what words are in the dictionary, as entropy remains 128-bit with 12 words.

"users will keep generating secrets until they get one that is easy to remember."

Even if  a user is generating 1 trillion combinations a second   (to find the one he/she likes the best) , it will take them 10830285071923307579  YEARS to go through the list.

Let them keep "generating"  it until they find the one they like. It doesn''t matter.   All the words in the dictionary should be easy (like "dog" "night" "sun" etc) . Different people might like different words, so what?  
 
128 bit a BIG number ...




 
legendary
Activity: 1806
Merit: 1001
Funny thing. Lyaffe made a challenge with guessing a passphrase https://nextcoin.org/index.php/topic,3718.0.html

I decided to simplify rules, created an account with simple passphrase and sent 100 Nxt to that account. The passphrase was an answer to the question: "I'm a big fun of soap operas and have no idea about security.". Guess what. Someone stole 100 Nxt before I even managed to post the question Smiley
full member
Activity: 266
Merit: 100
NXT is the future
this has to be a record amount of time between comments in this thread
I thought it must have been broken!
If it weren't for my blabber, it would have been over 90 minutes between posts.

wonder why its so quiet. it isnt some sort of holiday or something is it.

all waiting on client(s)  Roll Eyes
full member
Activity: 224
Merit: 100
I always liked the idea, but the problem might be that users will pick those combinations that are easier to remember and there goes your entropy.

You can generate the words randomly for the user!

Sure, but my fear is that users will keep generating secrets until they get one that is easy to remember.

Diceware looks nice. Just 10 words for 128bit entropy.

Quote
Use this Electum's dictionary

https://raw.github.com/spesmilo/electrum/master/lib/mnemonic.py

or make your own with easy words

12 random words from this 1626 word dictionary gives you 128 bit entropy.

Which entropy should I try to achieve? Is 128bit enough? For 256 bit, 20 words would be needed.
full member
Activity: 266
Merit: 100
NXT is the future
legendary
Activity: 1162
Merit: 1005
BTER is down??
legendary
Activity: 1181
Merit: 1018

@CfB - I have a question. What is the api call 'broadcastTransaction' used for ? forgot if it was discussed before. sry..
Jump to: