It''s irrelevant whether algorithm is DES or BBC or NBC or ZZZ ... the attack is brute force.
Thank you for your competent opinion. 
Topic: NXT Coin Security - page 2. (Read 8413 times)
How is weak security a "feature"?
It is made on purpose.Please explain this to me: If someone has never used their account to send transaction, the atttacker needs to brute only first 64-bit to take over that account.
True.If the account has been used to send a transaction, then all 256-bit are required to take over the account.
True.Is that true? Am I missing something?
True. Nothing.If yes, please update the site with a fair warning that new accounts must send at least one transaction.
What site? NXT is decentralized, there is no official site for it.I did not know this before reading this thread.
It is good habit to read before asking.Someone might just invest a few thousand dollars, never send a transactions, and that account then is open to brute forcing 64-bit
Right.the attacker only needs to brute force first 64-bit of SHA 2 hash.
Have you any math for how fast it can be done? Or are your words a fantasy?This is not good for Nxt if there is a large scale successful attack that successfully starts stealing from unused accounts with money in it.
Have anybody stealed 100'000NXT from account №100000? Why not?BTW, have you studied how many such 64bit protected accounts are now in blockchain? (hint - somebody already did this work for you).
and kill the project.
Cry, little girl, cry. 
Break DES in less than a single day
Is there any DES in NXT? Or do you think that all 64bit crypto are the same?It''s irrelevant whether algorithm is DES or BBC or NBC or ZZZ ... the attack is brute force. Given NXT uses SHA 2 for hashing, and SHA 2 has zillion of custom ASIC hardware (due to bitcoin mining popularity), the attacker only needs to brute force first 64-bit of SHA 2 hash.
This is not good for Nxt if there is a large scale successful attack that successfully starts stealing from unused accounts with money in it.
That will be real real bad publicity and kill the project.
Break DES in less than a single day
Is there any DES in NXT? Or do you think that all 64bit crypto are the same? If true, that would be serious security hole. 64-bit is nothing.
It is true and it is not bug. It is feature. You are welcome to open account №100000 with 100'000NXT onboard for a week 
How is weak security a "feature"?
Please explain this to me: If someone has never used their account to send transaction, the atttacker needs to brute only first 64-bit to take over that account.
If the account has been used to send a transaction, then all 256-bit are required to take over the account.
Is that true? Am I missing something?
If yes, please update the site with a fair warning that new accounts must send at least one transaction. Their so-called 30 char password isn't really 30 char. It's only (much smaller) 64-bit (around 11 chars with A-Z letters in caps/small and 0-9 digitis).
I did not know this before reading this thread.
Someone might just invest a few thousand dollars, never send a transactions, and that account then is open to brute forcing 64-bit
This is still not clear to me.
Basically, the account number is only 64-bit. The full 256-bit would secure your account if you use that account to send some transaction.
If someone has never used their account for sending transaction but only for receiving money, brute forcing that account would be equivalent to brute forcing 64-bit encryption/key.
Wow.
If true, that would be serious security hole. 64-bit is nothing.
A custom built machine can break all these unused accounts with money in it (but have never been used to send transactions) with a week
Please fix this
Basically, the account number is only 64-bit. The full 256-bit would secure your account if you use that account to send some transaction.
If someone has never used their account for sending transaction but only for receiving money, brute forcing that account would be equivalent to brute forcing 64-bit encryption/key.
Wow.
If true, that would be serious security hole. 64-bit is nothing.
A custom built machine can break all these unused accounts with money in it (but have never been used to send transactions) with a week
Please fix this
a week?
DES (predeseccor of AES) was 56 bit. In 2008 COPACOBANA reduced the time to break DES to less than one day, using 128 Spartan-3 5000's. Currently SciEngines RIVYERA holds the record in brute-force breaking DES, having utilized 128 Spartan-3 5000 FPGAs. Their 256 Spartan-6 LX150 model has even lowered this time.
64-bit is only 8 times stronger than 56-bit.
64-bit is not secure, especially when money is involved and off line attack is possible.
Make the accounts at least 80 bit, but 128-bit would be much better.
Break DES in less than a single day
http://www.sciengines.com/company/news-a-events/74-des-in-1-day.html
And that was back in 2009, 5 years ago.
If true, that would be serious security hole. 64-bit is nothing.
It is true and it is not bug. It is feature. You are welcome to open account №100000 with 100'000NXT onboard for a week 
This is still not clear to me.
Basically, the account number is only 64-bit. The full 256-bit would secure your account if you use that account to send some transaction.
If someone has never used their account for sending transaction but only for receiving money, brute forcing that account would be equivalent to brute forcing 64-bit encryption/key.
Wow.
If true, that would be serious security hole. 64-bit is nothing.
A custom built machine can break all these unused accounts with money in it (but have never been used to send transactions) with a week
Please fix this
Basically, the account number is only 64-bit. The full 256-bit would secure your account if you use that account to send some transaction.
If someone has never used their account for sending transaction but only for receiving money, brute forcing that account would be equivalent to brute forcing 64-bit encryption/key.
Wow.
If true, that would be serious security hole. 64-bit is nothing.
A custom built machine can break all these unused accounts with money in it (but have never been used to send transactions) with a week
Please fix this
a week?
This is still not clear to me.
Basically, the account number is only 64-bit. The full 256-bit would secure your account if you use that account to send some transaction.
If someone has never used their account for sending transaction but only for receiving money, brute forcing that account would be equivalent to brute forcing 64-bit encryption/key.
Wow.
If true, that would be serious security hole. 64-bit is nothing.
A custom built machine can break all these unused accounts with money in it (but have never been used to send transactions) with a week
Please fix this
Basically, the account number is only 64-bit. The full 256-bit would secure your account if you use that account to send some transaction.
If someone has never used their account for sending transaction but only for receiving money, brute forcing that account would be equivalent to brute forcing 64-bit encryption/key.
Wow.
If true, that would be serious security hole. 64-bit is nothing.
A custom built machine can break all these unused accounts with money in it (but have never been used to send transactions) with a week
Please fix this
So if someone tries to create an account for which the first 64bits collide with an existing account then this account will be rejected?
I finally found it! written by BCNext.
I first thought it would simply extend one extra digit to be visible to label it as a completely different account.
eg. The full 192bit = "123456789” First account created will be normal with first 64bit showing eg "123456"
and collision account will have few extra bits visible to differentiate from the first account eg. showing "1234567"
But then i don't know anything about programming so this was just my logical guess.
Here is what BCNext said.
There are 2^256 possible addresses, the rest 192 bits are not used at the moment. In future we may decide to use next 64 bits to extend visible part of an address, then all existing addresses that are 20 chars long now will become 40 chars long. Right now if someone finds an address with the same 64 bits they won't be able to send transactions.
From my understanding is that, what this mean if collision ever happened, the 2nd account created will become a mirrored version of the first account. You can see it but you can't touch it. Making it useless. Same meaning as a disabled account, so you can't do anything with it.
Thanks for the clear answer :-)
So if someone tries to create an account for which the first 64bits collide with an existing account then this account will be rejected?
I finally found it! written by BCNext.
I first thought it would simply extend one extra digit to be visible to label it as a completely different account.
eg. The full 192bit = "123456789” First account created will be normal with first 64bit showing eg "123456"
and collision account will have few extra bits visible to differentiate from the first account eg. showing "1234567"
But then i don't know anything about programming so this was just my logical guess.
Here is what BCNext said.
There are 2^256 possible addresses, the rest 192 bits are not used at the moment. In future we may decide to use next 64 bits to extend visible part of an address, then all existing addresses that are 20 chars long now will become 40 chars long. Right now if someone finds an address with the same 64 bits they won't be able to send transactions.
From my understanding is that, what this mean if collision ever happened, the 2nd account created will become a mirrored version of the first account. You can see it but you can't touch it. Making it useless. Same meaning as a disabled account, so you can't do anything with it.
So if someone tries to create an account for which the first 64bits collide with an existing account then this account will be rejected?
- did you bother to read this thread?https://bitcointalksearch.org/topic/m.3911357
So if someone tries to create an account for which the first 64bits collide with an existing account then this account will be rejected?
Just say most people will have a 20 number digit for account transfer. as OP pointed out that the possibility of account passphrase comparing to account id is much higher.
I didn't go through every single reply here, so i hope that my explanation hasn't been posted already.
I would say what happens is that when necessary, the account id will + or - a digit to cover all possible collisions of same account with different passphrase, the 20 digit is just a normal number for easier remembering or what ever it is for later on. so with this formulae you don't need to worry about such collisions ever to happen.
And this could be the reason why you don't see quadrillions of total nxt in the blockchain.
I didn't go through every single reply here, so i hope that my explanation hasn't been posted already.
I would say what happens is that when necessary, the account id will + or - a digit to cover all possible collisions of same account with different passphrase, the 20 digit is just a normal number for easier remembering or what ever it is for later on. so with this formulae you don't need to worry about such collisions ever to happen.
And this could be the reason why you don't see quadrillions of total nxt in the blockchain.
So...WTF is the purpose of 20 digits visibleID?
Only BCNext knows.
OH, I thought I was wrong.
The first-bit mechanism still have to use full key to send coin in the first time.
But for NXT, you can send coin to the short id even if the id was not used.
So it cannot be a mechanism like first-bit.
So...WTF is the purpose of 20 digits visibleID?
The first-bit mechanism still have to use full key to send coin in the first time.
But for NXT, you can send coin to the short id even if the id was not used.
So it cannot be a mechanism like first-bit.
So...WTF is the purpose of 20 digits visibleID?
First I thought it was first bit mechanism but now I am not so sure.......
OH, I thought I was wrong.
The first-bit mechanism still have to use full key to send coin in the first time.
But for NXT, you can send coin to the short id even if the id was not used.
So it cannot be a mechanism like first-bit.
So...WTF is the purpose of 20 digits visibleID?
The first-bit mechanism still have to use full key to send coin in the first time.
But for NXT, you can send coin to the short id even if the id was not used.
So it cannot be a mechanism like first-bit.
So...WTF is the purpose of 20 digits visibleID?
What's the point for author to use visible ID?
Do u like riddles?
Alias System allows to create memorable addresses for payments, like "johnsmith". In Nxt everything is made on purpose...
I'm not saying the Alias System, but the 20 digits visible ID truncated from the full public key.
I think it shouldn't act like what you say as prevent user from generating conflicted id when the first 20 digital happened to be the same.
But give the user the longer id to distinguish between existing and and new created one.
For example, if there was an existing id 11111111111111111111 with full key 11111111111111111111xxxxxxxx
then you generated a new id with full key 11111111111111111111yyyyyy which conflict in the first 20 digits
the system should give you the id 11111111111111111111y instead of rejecting you from creating new id.
In short, this mechanism should be like an embedded first-bit service that supported in blockchain.info.
What's the point for author to use visible ID?
Do u like riddles?
Alias System allows to create memorable addresses for payments, like "johnsmith". In Nxt everything is made on purpose...
I think it would be better to use full 256-bits as public key.
What's the point for author to use visible ID?
One reason I can guess is that it would be easier to remember.
Since it is still too long to remember, copy-pasting address will still be the most used way to pass public key.
If we still pass key via copy-past, the shorter id don't save any time. So the shorter(still long) id has no any meaning.
The disadvantages:
Offline wallet become dangerous because there may be chance that you created an id that already existed.
Because you're off-line you didn't know that the id was conflicted. Then you ask someone to send NXT to the id you just generated.
Then you no loner be able to access to the NXT because when you enter the passphrase you were told that the id cannot be used because of the conflict.
What's the point for author to use visible ID?
One reason I can guess is that it would be easier to remember.
Since it is still too long to remember, copy-pasting address will still be the most used way to pass public key.
If we still pass key via copy-past, the shorter id don't save any time. So the shorter(still long) id has no any meaning.
The disadvantages:
Offline wallet become dangerous because there may be chance that you created an id that already existed.
Because you're off-line you didn't know that the id was conflicted. Then you ask someone to send NXT to the id you just generated.
Then you no loner be able to access to the NXT because when you enter the passphrase you were told that the id cannot be used because of the conflict.
Jump to: