I have a little security concern. Is this is been discussed already:
Many people make typical copy/paste error in NXT-client and have extra space at the start/end of the password (or both). Now that gives them new 64-bit typo-account, cause there is no outgoing transaction. If evil hackcer can crack that 64-bit account/password, it is easy for hacker just remove the extra spaces and gain access to real 256-bit account with balance and check for other accounts without the spaces
Or did i understand this correctly ?
Many people make typical copy/paste error in NXT-client and have extra space at the start/end of the password (or both). Now that gives them new 64-bit typo-account, cause there is no outgoing transaction. If evil hackcer can crack that 64-bit account/password, it is easy for hacker just remove the extra spaces and gain access to real 256-bit account with balance and check for other accounts without the spaces
Or did i understand this correctly ?
I think what you describe could be feasible one day. Eadeqa has been seen discussing the numbers on cracking 64 bit accounts. An astute hacker could check for spaces before/after/both any account they crack.
But...
Based on the top 310 64-bit account balances and today's computers, if you could make 250 million guesses per second it would take 4 years to bruteforce just one account. If you had that amount of computing power, you would make much more mining Bitcoin. So you are are safe for fair a while yet.
I also vaguely remember a discussion on increasing the security of these accounts (to 80-bit, I think). I will try to find the link. This will push the date even further into the future.
If you have any concerns, create a new account and use programs like keepass to manage your account passphrases. Every new account will give you peace of mind about inputting 'space' errors you might have done in the past.
