Topic: | Nxt | Blockchain Platform | Proof of Stake | Official - page 517. (Read 941260 times)

....

Masterwork

Nothing. It accepted my password and there were no error messages, but no record of the transaction either. It's not on the blockchain, but neither is a transaction I made earlier today.
I'll wait a while and see what happens.

Hmm, weird. Sending from an Android app and it's not recording the transaction.

I can't exactly recall why the passphrase is first passed through SHA256, but it could be an issue of optimizing data lengths for the Curve function.  The output of the curve function is the public key, which is what is written to the block-chain when an outgoing payment is sent from an address.

Regarding collisions, you are only at risk if you receive Nxt to an address, but never send at least one transaction from that address.  Since public keys are numerous bytes, but payment addresses are only 8, all an attacker has to do is find a public key that results in the same, first 8 bytes of the SHA-256 hash of your public key.

Sending 1 payment from your account will prevent that from happening since sending a payment records your public key for future verification.

If you never send a payment from your address someone could, theoretically, comprise your account.  With that said, you don't have much to worry about.  There are sizable Nxt accounts that have received Nxt but never sent any Nxt from their accounts.  We're talking about accounts valued in the hundreds of BTC, in todays' market values.

These accounts are called dark accounts and there is even a program that you can run to search for public keys that you could use to compromise these accounts.  Someone over at Nxtforum.org ran some numbers and with numerous people, running numerous GPUs, for over a year, there is only a small-chance that 1 account will be found, that is in the list top 300 darkNxt accounts.

But, again, even if you had 100,000,000 Nxt, you can safe guard yourself by creating an alias, donating a few Nxt to a faucet or initiating some form of payment transaction.

Thanks. I do use NXT - relative newcomer, though. I wasn't sure how the address was calculated from the key. Actually a lot simpler than I expected.
Do you happen to know why the triple hash/curve function is used? Is it that much more secure than one or two functions - and is there a greater risk of collisions for short addresses?

I'm not sure if you've used Nxt, but Nxt uses "brain wallets", which is a fancy way of saying you launch the client and then enter a passphrase.  This is different than the typical wallet-file approach that BTC uses.

With this software, I generate a random passphrase of 50+ characters using a-z,A-Z,0-9, and a standard set of special chars.  This is a string that is easy to copy and paste into the client.

Nxt addresses are the first 8 bytes of the output of SHA256(Curve2519(SHA256(passphrase))), expressed as an unsigned integer.  Ergo, this software generates private keys, hashes them into their respective payment addresses and outputs really small addresses like the address in my sig.

A a few months ago I wrote an app in C# that I used to find my small Nxt address.  Granted, my address isn't 7 characters in length, but using a 2.3Ghz Core i7, I can usually find 1-2 10 digit addresses a day, hashing at a rate of about 31k addresses/sec.

The files are listed below.  The zip file contains 2 binaries.  One compiled for 32-bit systems, and one for 64.  The 64-bit file was marginally faster.

The code is VERY simple.  Once you download and compile it in Visual Studio, you should find it really easy to modify for other forms of pattern searches (i.e. large addresses, repeated numbers, sequences, etc.)

HOW IT WORKS

This is a very simple search process.  The application will generate a 50 character, random string.  It will then sequentially append digits to the end of the key and check the address.  The application will search for a new, minimal account value.  When a new minimum is found, the address and privkey are written to nxt.txt and the application will continue looking for an even smaller address.

The longer the application runs, the smaller the addresses will become.

HOW TO USE

From the command prompt, enter:


You will be prompted to enter a minimum address value.  If you want, you can enter a 0 and NxtMin will start with the maximum value of a unsigned 64-bit number.

Alternatively, you can pass the application a few basic parameters.  Pass the application a '--help' parameter for more information.

SOURCE & DOWNLOADS

Github: https://github.com/rhartness/NxtMin
Binaries: Both 32-bit and 64-bit files.(*)

* I'm not shisting anyone but always be cautious when downloading binary files that generate private key information.  I recommend downloading and compiling the details from source.  

I guarantee that these files are clean.  However, in good conscience I must highly recommend you use these tools strictly for fun and NOT for storing significant amounts of Nxt if you are downloading the binary files and not the source code.

NOTES

This can also work with Mono.  I built this project using VS 2013 on Windows 7, in a Parallels VM.  Running this in Mono from OS X yielded results that were near 50% slower?!  So, if you have a Windows VM, this application will probably work better in that environment, but in either case, the application should still run.

DONATIONS

If you find this application to be of use, please considering a small, token donation.  Donation addresses are:

 * Nxt:  1102622531
 * BTC:  1Mhk5aKnE6jN7yafQXCdDDm8T9Qoy2sTqS
 * LTC:  LKTF6AjzFj2CG81rQravs164VsoJJnEPmm
 * DOGE: DGea4Qev7eJGmohWq2iKSeDkrTsPeYXQAC

A complete Explanation : https://nxtforum.org/trading-exchanges/nxt-market-report/

Why such a low price NXT?

Whoever is in charge of Nxt.org should change the link at the bottom that says "Nxt thread on Bitcointalk.org" to this thread, instead of the old locked monster thread.