Topic: NXT :: descendant of Bitcoin - Updated Information - page 1539. (Read 2761645 times)

Doesn't have to be keylogger. If it just has a deterministic way to generate passwords, or a small number of seeds,then it can brute force search for a specific acct #

All depends on how the passwords are generated internally. If a 16 bit random seed is used, just needs to run 65536 iterations.

James

actually this time he got robbed from 1 vanity address and 2 non vanity addresses, right? - during 3 minutes

If you do not have there money (NXT), choose another passphrase.

WARNING: DO NOT USE VANITYGEN

If you have an account with any significant amount of NXT in it, it is quite possible that somebody is using the vanitygen's algorithm to scan for your acct.

I am not sure how random the vanitygen program is and until we verify that it is indeed very random, it is possible for somebody to see an acct published here, look it up in the blockchain website, see that it is worth cracking and then using a tweaked vanitygen to bruteforce search for passwords that match your acct number. The bruteforce search for password can be done offline, so there is no way to detect this is happening, until it is too late.

I am not familiar with vanitygen's source, so this could be a false alert. However, for matters like this it is better to be safe than sorry.

High entropy random passwords are needed. Any method like vanity address generation can constrain the accts and the reduced number of them can potentially leave them open to a bruteforce attack. I am sure it is possible to create a vanitygen that is secure enough, I am just not convinced if the vanitygen that was posted a while back is secure enough from a mathematical standpoint.

Apologies to author of vanitygen, this is all conjecture on my part and I do not know if the previous unsolved theft had anything to do with vanitygen. I remember reading the release notes that the vanitygen program was not really finished and maybe password entropy maximization was one of the unfinished items?

James

there is a “ ”（space） in my  passphrase  i have logged in https://localhost:7875 but  now i cannot log in it .the message "java.lang.NullPointerException" Prompts an error
why ？？？？？

I have no idea. It could also be infected in the past and then he could replace the right links...

So we think this https://mega.co.nz/#!xZdhRAwJ!a6e7ORQYVdEapDXwiVr5ZVxzrkxki5RWMC3kdY6dfts is a keylogger?

 How can we get it shut down? or can someone decompile it and determine how much trouble it can cause?

 

Who is FrictionlessCoin, and why does he make everyone's hackles go up?

Consider NEX - https://bitcointalksearch.org/topic/ann-nex-nxt-reimagined-industrial-strength-imagine-fairness-422052

NXT implemented on top of Akka.

From my point of view - wastedbit looks innocent, who knows, why he or some MOD deleted his posts. But this looks dangerous:
https://bitcointalksearch.org/user/nxtuser-170751

please tech guys, could you check megaupload links from this newbie - nxtuser??

others: do not download nxtuser's links. Safety first

https://bitcointalk.org/index.php?topic=397183.1080

nope.. but fatal flaw is only in 4.7 code?   not sure about current code decompiled.

3rd flaw worth 100K still not found, but you are probably making a joke I don't understand

Just when I thought this thread couldn't get any more bat crap crazy, the thread proves me wrong.  Good night all.

so i guess this means that all of the flaws were found and nxt is officially open source software?

try again browser history. Googlecache shows only previous page it seems

I already claimed 100% of ME.TOO.

omg i hope i didnt loose my coins because i wanted a pretty address, i feel so stupid.

Would it help if I posted the files?

interesting. Why were all wastedbit's posts deleted?

all this is going to mean is that scammers and give away thread spammers will be the power houses of this new currency. rather than people who actually payed for its development.

The code wouldn't be any less decentralized than NRS itself. Something has to read the code from the blockchain and execute. That code would provide a context for the blockchain embedded code. It could be distributed p2p just like NRS could be.

The problem as you mentioned is the serialization of functions/closures. There's a interesting idea presented for inclusion in Scala called Spores to handle serialization of closures. The very cool thing about Scala is that it runs in the JVM so it can drop right into the existing NRS as NRS plugin (servlet in nxt/webapps).

Javascript would be interesting with something like Rhino embedded in a NRS plugin. Msgpack would squeeze a bit more out of the 1K for AM. It would be possible to write a DSL that would stuff even more functionality into an AM.

I'm not sure why folks are so hung up on c/c++. The choice of Java (and indirectly the JVM) opens some very interesting possibilities. I've been thinking a lot about what an implementation NXT in Scala with Akka would look like and steal some ideas from Spark. The amazing part is to just extract the algorithmic stuff (BCNext secret sauce) into a standalone Java class then import that into a new environment to handle the networking/protocol piece and provide a framework for extending NXT directly by writing plugins that run on the JVM.

If we could formalize NXT as a platform by providing a framework for developers to extend the NXT blockchain in a standard, predictable manner then things will be very interesting very quickly.