I don't think that is a huge issues. The 250m are most likely from people that don't even know that you have to make a transaction to create a public key.
Hell i didn't know until 7 days ago and i have 6 digits of them...
Hell i didn't know until 7 days ago and i have 6 digits of them...
It is not clear to me (and possible to others). What is the difference between accounts with pubkey and without? My digits are also worried.
Accounts without a pubkey are only protected by 64bits. It is a first used, first gets basis. Basically even if you created the account by funding it, if you never associate a pubkey to the acct, ANYBODY who stumbles onto the 64bit key will control the account with their 256bit key.
The risk of keys being intercepted online is the usual reason people have for sending funds to an acct, but never using that acct. This backfires. Best to do one transaction. Any transaction and get 256 bit protection which is not projected to be cracked for at least another 8.957 years. Just kidding, 256 bit passwords with high entropy that new clients will enforce (hopefully) will be safe until further notice. Need some giant breakthroughs in crypto busting algorithms or hardware (quantum computers from the future) to even have a chance at breaking 256 bit keys. 64 bit keys, not so strong. Dedicated banks of ASICS could probably become a threat in as little as 5 years.
For significant holdings I recommend a fragmented wallet, eg. 10% in 10 different wallets each with different keys.
James
Im quoting you James as you have laid out a post that has the most elements for my questions. Thanks.
Ok been reading about this 'darknxt' in a few posts. Read some rather agitated post's wanting to ban them and others saying its accounts that have not sent nxt at all. Righteo got that when I tried to get my public key (local get public key)- didn't have one, but sent a nxt got a public key wonderful. I feel so secure.
Enough background im curious. pubkey, the one I log in and out with I take it yes? I mean if I fly over to any one else running nxt say hi and bash my password in I would get my account? Is this correct? I am going to assume this the case and ask why it is insecure until I send a nxt so making a public key?
I am totally un-technical so im going to take a stab at trying to understand this. All accounts are in the blockchain. Unless you're account has a public id in the blockchain it has a vastly inferior encryption method (ie need to make a alias, transaction or mine a block to get this public id). This in beginning or middle even was never explained and im only hearing this recently (well as far as posts keep expanding rapidly). So was this a bug or a fault found, because it sounds like it. I am going to assume this is an attempt to stop people trying to mine/crack the blockchain (which is d/l by anybody) and was added in after the release? Because this sudden need for this makes it seem so. But..
As i say, I am not technical so if anyone could explain it in simple, start, why, because, manner I would be grateful, as to a layman when I read posts about people wanting to ban accounts that have made no transactions and not reading about any valid reasons to do so makes me question even more this concept.
