NXT :: descendant of Bitcoin - Updated Information - page 1911.

EmoneyRu

hero member

Activity: 600

Merit: 500

Nxt-kit developer

Quote from: opticalcarrier on January 02, 2014, 11:11:42 PM

Quote from: CIYAM on January 02, 2014, 11:06:06 PM

Your missing the point about your public key being "published" - this is one of the reasons why address re-use is considered bad.

If someone is able to crack the EC used (with QC I guess) then your funds are gone as they will determine your private key from the public one.

Of course this is also a big problem for Bitcoin - but as this is a 2nd generation crypto-currency I would have thought that this would have been taken into consideration.

What do you mean by EC/QC? But it does sound like you are saying that also with the 2 choices I laid out, that you are saying we need to consider the 3rd choice of sending out your public key and weighing the risk of the curve/sha256 algorithm being cracked itself? so basically weigh 2^64 against the odds of curve/sha256 being broken?

http://en.wikipedia.org/wiki/Elliptic_curve_cryptography http://en.wikipedia.org/wiki/Quantum_computer

opticalcarrier

full member

Activity: 238

Merit: 100

Quote from: CIYAM on January 02, 2014, 11:06:06 PM

Your missing the point about your public key being "published" - this is one of the reasons why address re-use is considered bad.

If someone is able to crack the EC used (with QC I guess) then your funds are gone as they will determine your private key from the public one.

Of course this is also a big problem for Bitcoin - but as this is a 2nd generation crypto-currency I would have thought that this would have been taken into consideration.

What do you mean by EC/QC? But it does sound like you are saying that also with the 2 choices I laid out, that you are saying we need to consider the 3rd choice of sending out your public key and weighing the risk of the curve/sha256 algorithm being cracked itself? so basically weigh 2^64 against the odds of curve/sha256 being broken?

CIYAM

legendary

Activity: 1890

Merit: 1086

Ian Knowles - CIYAM Lead Developer

Quote from: opticalcarrier on January 02, 2014, 11:00:04 PM

You would need to determine which is more safe, the method of not doing account ops on liveCD where the result is 2^64 or the method of the live CD where you do connect and do account ops where the result is 2^256

Your missing the point about your public key being "published" - this is one of the reasons why address re-use is considered bad.

If someone is able to crack the EC used (with QC I guess) then your funds are gone as they will determine your private key from the public one.

Of course this is also a big problem for Bitcoin - but as this is a 2nd generation crypto-currency I would have thought that this would have been taken into consideration.

opticalcarrier

full member

Activity: 238

Merit: 100

Quote from: CIYAM on January 02, 2014, 10:50:33 PM

Quote from: opticalcarrier on January 02, 2014, 10:40:23 PM

That being said, if you really want to protect yourself, I have outlined some steps here: http://forums.nxtcrypto.org/viewtopic.php?f=17&t=267 Note that this procedure elects to be online to lock in the account, but via a linux live CD. If you want to go the 2^64 route then keep the linux disconnected and then you also dont have to do the full procedure, but note that to be 100% sure here its probably best to not just disco your PC from the internet and do it, especially if you're running windows.

Thanks - although if I am understanding this correctly then your public key has been made public when creating the alias or sending 1 NXT.

So if the EC is cracked down the track then your NXT would not be safe - so does this mean that by design you cannot store NXT offline safely (meaning safe from some QC that has cracked EC) without better than 2^64 of entropy?

I would consider a linux live CD method a safe method to obtain 2^256. even though you do connect to the internet and do account operations, come on, its safe that way. At least for live CDs that were made before NXT. With that fake client that was floating around, anything is possible.

You would need to determine which is more safe, the method of not doing account ops on liveCD where the result is 2^64 or the method of the live CD where you do connect and do account ops where the result is 2^256

Patel

legendary

Activity: 1320

Merit: 1007

Quote from: pandaisftw on January 02, 2014, 10:54:48 PM

Quote from: Patel on January 02, 2014, 10:51:22 PM

Source still being released tomorrow?

12PM UTC

eta 8 hours ftw

Kaliber1

member

Activity: 60

Merit: 10

Guys, have you seen that we are going to break the 5th place in coinmarketcup?

brooklynbtc

sr. member

Activity: 336

Merit: 250

AKA jefdiesel

hey all been lurking for the past 24 hours, was my anniversary, and even though i bored my wife with talk of nxt IPOs, I kept my hands off the keyboard.

I did have a 90 second panic when we came home last night. She talked to the baby sitter, and I rechecked my sha256 hash, but all is well on my end.

This EpicThomas shit is epic. I'm on the east coast USA, can get to FL if need be Wink

Convince my wife its a weekend trip to Disneyland and make a pit stop.

Mac messenger screen shots look great. Excited as a kid before christmas for the code reveal tomorrow. Dumping snow here in Brooklyn, RaspPi arrives tomorrow, so I've got that to keep me distracted.

Thanks to all you smart people working together to grow this into something nxt!

pandaisftw

full member

Activity: 224

Merit: 100

Quote from: Patel on January 02, 2014, 10:51:22 PM

Source still being released tomorrow?

12PM UTC

Patel

legendary

Activity: 1320

Merit: 1007

Source still being released tomorrow?

idev

hero member

Activity: 860

Merit: 1004

BTC OG and designer of the BitcoinMarket.com logo

Quote from: NxtChoice on January 02, 2014, 10:02:06 PM

Quote from: 2X84 on January 02, 2014, 08:31:09 PM

I'm writing a mac messaging client in objective c as we speak, should have a working prototype in under 72 hours or so.

+1

Sweet, looking forward to it.

xyzzyx

sr. member

Activity: 490

Merit: 250

I don't really come from outer space.

Quote from: opticalcarrier on January 02, 2014, 10:40:23 PM

You are right about not ever being official on the blockchain until sending at least 1 NXT to another account, or generating an alias or something else that causes the amount of NXT in the account to go down. Until that transfer happens the address space for the account is only 2^64 and not 2^256.

Interesting! I had missed that part.

Now I have to tell the person whom I had given a NXT gift card for xmas to make sure they do a transaction on that account. Checking that account with:

http://localhost:7874/nxt?requestType=getAccountPublicKey&account=[GIFT_CARD_ACCOUNT_NUMBER]

verifies that there is no public key for that account. Neat!

Thanks for clearing up one of my misconceptions!

CIYAM

legendary

Activity: 1890

Merit: 1086

Ian Knowles - CIYAM Lead Developer

Quote from: opticalcarrier on January 02, 2014, 10:40:23 PM

That being said, if you really want to protect yourself, I have outlined some steps here: http://forums.nxtcrypto.org/viewtopic.php?f=17&t=267 Note that this procedure elects to be online to lock in the account, but via a linux live CD. If you want to go the 2^64 route then keep the linux disconnected and then you also dont have to do the full procedure, but note that to be 100% sure here its probably best to not just disco your PC from the internet and do it, especially if you're running windows.

Thanks - although if I am understanding this correctly then your public key has been made public when creating the alias or sending 1 NXT.

So if the EC is cracked down the track then your NXT would not be safe - so does this mean that by design you cannot store NXT offline safely (meaning safe from some QC that has cracked EC) without better than 2^64 of entropy?

opticalcarrier

full member

Activity: 238

Merit: 100

Quote from: xyzzyx on January 02, 2014, 10:30:14 PM

Quote from: CIYAM on January 02, 2014, 10:25:40 PM

Quote from: xyzzyx on January 02, 2014, 10:22:14 PM

If you send NXT to an address and don't open the address after, no private/public key pair is generated for that address. This means the account is only protected by (if I'm remembering correctly what CfB said) the 64 bits of the account number, not fully protected by all 256 bits of the private key.

Yes - this is what I had recalled - so what I was hoping one could do is to generate the address and somehow publish the public key without the private key (or pass phrase) ever being even temporarily on an online computer.

I think I recall him saying that was a yet-to-be-implemented feature.

You are right about not ever being official on the blockchain until sending at least 1 NXT to another account, or generating an alias or something else that causes the amount of NXT in the account to go down. Until that transfer happens the address space for the account is only 2^64 and not 2^256. At least for now anyways. But personally I dont think it should ever change, otherwise people will start spamming empty accounts into the blockchain.

That being said, if you really want to protect yourself, I have outlined some steps here: http://forums.nxtcrypto.org/viewtopic.php?f=17&t=267 Note that this procedure elects to be online to lock in the account, but via a linux live CD. If you want to go the 2^64 route then keep the linux disconnected and then you also dont have to do the full procedure, but note that to be 100% sure here its probably best to not just disco your PC from the internet and do it, especially if you're running windows.

gbeirn

full member

Activity: 126

Merit: 100

Quote from: rickyjames on January 02, 2014, 10:35:08 PM

Quote from: Buratino on January 02, 2014, 10:21:04 PM

Did EpicThomas return stolen Nxt to their owners?

Not yet.

But Darla Sue and Bonnie may be talking to him tomorrow night and over the weekend about that.

rickyjames

full member

Activity: 196

Merit: 100

Quote from: Buratino on January 02, 2014, 10:21:04 PM

Did EpicThomas return stolen Nxt to their owners?

Not yet.

But Darla Sue and Bonnie may be talking to him tomorrow night and over the weekend about that.

xyzzyx

sr. member

Activity: 490

Merit: 250

I don't really come from outer space.

Quote from: CIYAM on January 02, 2014, 10:25:40 PM

Quote from: xyzzyx on January 02, 2014, 10:22:14 PM

If you send NXT to an address and don't open the address after, no private/public key pair is generated for that address. This means the account is only protected by (if I'm remembering correctly what CfB said) the 64 bits of the account number, not fully protected by all 256 bits of the private key.

Yes - this is what I had recalled - so what I was hoping one could do is to generate the address and somehow publish the public key without the private key (or pass phrase) ever being even temporarily on an online computer.

I think I recall him saying that was a yet-to-be-implemented feature.

Meizirkki

hero member

Activity: 616

Merit: 500

Can the transaction fee be dropped for more affordable messaging? I know this has already been discussed but 0.076$ for a single message is worse than SMS.

CIYAM

legendary

Activity: 1890

Merit: 1086

Ian Knowles - CIYAM Lead Developer

Quote from: xyzzyx on January 02, 2014, 10:22:14 PM

If you send NXT to an address and don't open the address after, no private/public key pair is generated for that address. This means the account is only protected by (if I'm remembering correctly what CfB said) the 64 bits of the account number, not fully protected by all 256 bits of the private key.

Yes - this is what I had recalled - so what I was hoping one could do is to generate the address and somehow publish the public key without the private key (or pass phrase) ever being even temporarily on an online computer.

xyzzyx

sr. member

Activity: 490

Merit: 250

I don't really come from outer space.

Quote from: gbeirn on January 02, 2014, 09:59:36 PM

Quote from: CIYAM on January 02, 2014, 09:56:54 PM

Quote from: 2Kool4Skewl on January 02, 2014, 09:54:11 PM

You can generate an account number offline and send nxt to it.

I must have misread something as I thought you couldn't do this (as you had to "register" an address) - can someone else confirm that this is the case?

Well if you download the client to a computer and disconnect it from the Internet you can create an account. With that account number you can then send NXT to it once you are back online. Passphrase would never be used on the Internet.

In theory this should work, I have not tried it myself.

Edit: Just tried it, you can unlock accounts fine offline.

If you send NXT to an address and don't ~~open the address after~~ edit:spend any funds, no private/public key pair is generated for that address. This means the account is only protected by (if I'm remembering correctly what CfB said) the 64 bits of the account number, not fully protected by all 256 bits of the private key.

Buratino

legendary

Activity: 1151

Merit: 1003

Did EpicThomas return stolen Nxt to their owners?

Topic: NXT :: descendant of Bitcoin - Updated Information - page 1911. (Read 2761645 times)