Author

Topic: | Nxt | Blockchain Platform | Proof of Stake | Official - page 517. (Read 941285 times)

sr. member
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
hero member
Activity: 616
Merit: 500
Masterwork


Flawless Victory.

It worked like a charm!

Downloading blockchain now.
sr. member
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
NODE PROVIDERS: PLEASE, UPDATE TO NRS V1.0.0 SOON.
sr. member
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
Nothing. It accepted my password and there were no error messages, but no record of the transaction either. It's not on the blockchain, but neither is a transaction I made earlier today.
I'll wait a while and see what happens.

Strange. On Android you say. I cannot verify that. Anyone?
Maybe, you could talk to WesleyH about that.
legendary
Activity: 1764
Merit: 1031
Nothing. It accepted my password and there were no error messages, but no record of the transaction either. It's not on the blockchain, but neither is a transaction I made earlier today.
I'll wait a while and see what happens.
hero member
Activity: 588
Merit: 500
JUST ASSIGNED THE ALIAS "fema" TO MY ACCOUNT TEST SEND ANYONE?
sr. member
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
Hmm, weird. Sending from an Android app and it's not recording the transaction.

What exactly happened?
legendary
Activity: 1764
Merit: 1031
Hmm, weird. Sending from an Android app and it's not recording the transaction.
legendary
Activity: 1764
Merit: 1031

Thanks. I do use NXT - relative newcomer, though. I wasn't sure how the address was calculated from the key. Actually a lot simpler than I expected.
Do you happen to know why the triple hash/curve function is used? Is it that much more secure than one or two functions - and is there a greater risk of collisions for short addresses?


I can't exactly recall why the passphrase is first passed through SHA256, but it could be an issue of optimizing data lengths for the Curve function.  The output of the curve function is the public key, which is what is written to the block-chain when an outgoing payment is sent from an address.

Regarding collisions, you are only at risk if you receive Nxt to an address, but never send at least one transaction from that address.  Since public keys are numerous bytes, but payment addresses are only 8, all an attacker has to do is find a public key that results in the same, first 8 bytes of the SHA-256 hash of your public key.

Sending 1 payment from your account will prevent that from happening since sending a payment records your public key for future verification.

If you never send a payment from your address someone could, theoretically, comprise your account.  With that said, you don't have much to worry about.  There are sizable Nxt accounts that have received Nxt but never sent any Nxt from their accounts.  We're talking about accounts valued in the hundreds of BTC, in todays' market values.

These accounts are called dark accounts and there is even a program that you can run to search for public keys that you could use to compromise these accounts.  Someone over at Nxtforum.org ran some numbers and with numerous people, running numerous GPUs, for over a year, there is only a small-chance that 1 account will be found, that is in the list top 300 darkNxt accounts.

But, again, even if you had 100,000,000 Nxt, you can safe guard yourself by creating an alias, donating a few Nxt to a faucet or initiating some form of payment transaction.

I've just tried to send you 1 NXT to make sure. Not sure whether it's gone through ok... will try again in a minute if not.
rlh
hero member
Activity: 804
Merit: 1004

Thanks. I do use NXT - relative newcomer, though. I wasn't sure how the address was calculated from the key. Actually a lot simpler than I expected.
Do you happen to know why the triple hash/curve function is used? Is it that much more secure than one or two functions - and is there a greater risk of collisions for short addresses?


I can't exactly recall why the passphrase is first passed through SHA256, but it could be an issue of optimizing data lengths for the Curve function.  The output of the curve function is the public key, which is what is written to the block-chain when an outgoing payment is sent from an address.

Regarding collisions, you are only at risk if you receive Nxt to an address, but never send at least one transaction from that address.  Since public keys are numerous bytes, but payment addresses are only 8, all an attacker has to do is find a public key that results in the same, first 8 bytes of the SHA-256 hash of your public key.

Sending 1 payment from your account will prevent that from happening since sending a payment records your public key for future verification.

If you never send a payment from your address someone could, theoretically, comprise your account.  With that said, you don't have much to worry about.  There are sizable Nxt accounts that have received Nxt but never sent any Nxt from their accounts.  We're talking about accounts valued in the hundreds of BTC, in todays' market values.

These accounts are called dark accounts and there is even a program that you can run to search for public keys that you could use to compromise these accounts.  Someone over at Nxtforum.org ran some numbers and with numerous people, running numerous GPUs, for over a year, there is only a small-chance that 1 account will be found, that is in the list top 300 darkNxt accounts.

But, again, even if you had 100,000,000 Nxt, you can safe guard yourself by creating an alias, donating a few Nxt to a faucet or initiating some form of payment transaction.
legendary
Activity: 1764
Merit: 1031
I'm not sure if you've used Nxt, but Nxt uses "brain wallets", which is a fancy way of saying you launch the client and then enter a passphrase.  This is different than the typical wallet-file approach that BTC uses.

With this software, I generate a random passphrase of 50+ characters using a-z,A-Z,0-9, and a standard set of special chars.  This is a string that is easy to copy and paste into the client.

Nxt addresses are the first 8 bytes of the output of SHA256(Curve2519(SHA256(passphrase))), expressed as an unsigned integer.  Ergo, this software generates private keys, hashes them into their respective payment addresses and outputs really small addresses like the address in my sig.

Thanks. I do use NXT - relative newcomer, though. I wasn't sure how the address was calculated from the key. Actually a lot simpler than I expected.
Do you happen to know why the triple hash/curve function is used? Is it that much more secure than one or two functions - and is there a greater risk of collisions for short addresses?
rlh
hero member
Activity: 804
Merit: 1004
I'm not sure if you've used Nxt, but Nxt uses "brain wallets", which is a fancy way of saying you launch the client and then enter a passphrase.  This is different than the typical wallet-file approach that BTC uses.

With this software, I generate a random passphrase of 50+ characters using a-z,A-Z,0-9, and a standard set of special chars.  This is a string that is easy to copy and paste into the client.

Nxt addresses are the first 8 bytes of the output of SHA256(Curve2519(SHA256(passphrase))), expressed as an unsigned integer.  Ergo, this software generates private keys, hashes them into their respective payment addresses and outputs really small addresses like the address in my sig.
legendary
Activity: 1764
Merit: 1031
rlh
hero member
Activity: 804
Merit: 1004
Hey guys, in case you missed it over at the Nxtforum.org Project section, I've released a very simple vanitygen app for Nxt.

Specifically, my application searches for progressively smaller Nxt addresses.  Further discussion can take place at the original Nxtforum post (https://nxtforum.org/nxt-projects/(ann)-nxtmin-a-vanitygen-application-that-searches-for-small-nxt-addresses/)

For convenience, here is the contents of the OP:

Quote
A a few months ago I wrote an app in C# that I used to find my small Nxt address.  Granted, my address isn't 7 characters in length, but using a 2.3Ghz Core i7, I can usually find 1-2 10 digit addresses a day, hashing at a rate of about 31k addresses/sec.

The files are listed below.  The zip file contains 2 binaries.  One compiled for 32-bit systems, and one for 64.  The 64-bit file was marginally faster.

The code is VERY simple.  Once you download and compile it in Visual Studio, you should find it really easy to modify for other forms of pattern searches (i.e. large addresses, repeated numbers, sequences, etc.)

HOW IT WORKS

This is a very simple search process.  The application will generate a 50 character, random string.  It will then sequentially append digits to the end of the key and check the address.  The application will search for a new, minimal account value.  When a new minimum is found, the address and privkey are written to nxt.txt and the application will continue looking for an even smaller address.

The longer the application runs, the smaller the addresses will become.

HOW TO USE

From the command prompt, enter:

Code:
C:> nxtmin_xx.exe

You will be prompted to enter a minimum address value.  If you want, you can enter a 0 and NxtMin will start with the maximum value of a unsigned 64-bit number.

Alternatively, you can pass the application a few basic parameters.  Pass the application a '--help' parameter for more information.

SOURCE & DOWNLOADS

Github: https://github.com/rhartness/NxtMin
Binaries: Both 32-bit and 64-bit files.(*)

* I'm not shisting anyone but always be cautious when downloading binary files that generate private key information.  I recommend downloading and compiling the details from source.  

I guarantee that these files are clean.  However, in good conscience I must highly recommend you use these tools strictly for fun and NOT for storing significant amounts of Nxt if you are downloading the binary files and not the source code.

NOTES

This can also work with Mono.  I built this project using VS 2013 on Windows 7, in a Parallels VM.  Running this in Mono from OS X yielded results that were near 50% slower?!  So, if you have a Windows VM, this application will probably work better in that environment, but in either case, the application should still run.

DONATIONS

If you find this application to be of use, please considering a small, token donation.  Donation addresses are:

 * Nxt:  1102622531
 * BTC:  1Mhk5aKnE6jN7yafQXCdDDm8T9Qoy2sTqS
 * LTC:  LKTF6AjzFj2CG81rQravs164VsoJJnEPmm
 * DOGE: DGea4Qev7eJGmohWq2iKSeDkrTsPeYXQAC

sr. member
Activity: 308
Merit: 250
Please test this windows installer of my nxt wallet:

download url : http://nxtra.org/nxt-wallet/nxtwallet-win-setup.exe
sha256 is: 991c478202b91d82b1f98c5c527fcadc234f9aeb96dd6e8bbbd0b9dd8e23eb99

There's some things still to do such as remove the flash notice etc.. Please try it and let me know if it works correctly before I add it to my site.

PS: do not quote the download URL.

mac version tomorrow.
full member
Activity: 210
Merit: 100
SO happy to see a new thread on Bitcointalk -- especially one with such a gorgeous OP!
hero member
Activity: 714
Merit: 500
sr. member
Activity: 311
Merit: 250
11 days left for Asset Exchange!!

 Grin
legendary
Activity: 1205
Merit: 1000
Whoever is in charge of Nxt.org should change the link at the bottom that says "Nxt thread on Bitcointalk.org" to this thread, instead of the old locked monster thread.
There will be a complete new website on Nxt.org one of these days, so I think they will fix it.  Smiley
Jump to: