Topic: NXT :: descendant of Bitcoin - Updated Information - page 1937. (Read 2761645 times)

Please confirm that this means that i was right when i said that we could add a second layer of security even though nxt is a distributed system. We achieved the impossible, yes?

James

I'll add prepareTransaction that will be signed locally and broadcasted.

Ah, right. It's confirmed in the BCE only.

Just catching up for the unfortunate happenings of the past 24 hours with the NXT Client.

Both clients link used recently on nextcoin.org (the MEGA and nxcrypto ones) main thread seem fine, as I had avised the mod replacing Drexme to use only links originating from CfB.

However, the hash checker link that leaded to http://hashtab.ru/ downloads a file that reports backdoor on 1/49 scans on Virustotal:

https://www.virustotal.com/en/file/56d18a52eb728807cb399d606eb5a127962684134b9923d62ed76b87c0d41a8f/analysis/1388661917/

I have not been able to verify whether that is a false positive or not.

Can anyone confirm that hashtab.ru serves a legit version of the hash checker?

Jean-luc

Assuming we had the above two api calls, how hard would it be to add a second layer of security to sendmoney in the client?

I am assuming we will get a handy button to generate a max entropy private key to use, both for nxt acct and second layer key

Another feature for down the road that would be cool is a fragmented wallet. If we can automatically generatea one set of keys, why not 10? Then we can compartmentalize oure nxt holdings to eliminate total loss in case one acct is compromised. A higher level view that just shows the combined totals would make it almost transparent that there are many subwallets. All is is for later, just wanted to get the idea out there while we are in a security conscious mode

James

CfB

Will you add the following api calls?
Set sendmoney public key
Encrypted sendmoney

I think it would be easiest to just make it so that if an account ever sets a sendmoney public key all send money transactions for that acct are encrypted and all nodes can decrypt using public key that is put into a special alias of the form (acct number).(public key)

I think this adds meaningful second layer of security without needed emails, sms
It is decentalized, all nodes can decrypt

Most importantly, even with the current hacked client, if these calls were in place, even a weak private key woild have created a large obstacle to the password thief. Using a high entropy key would make it pointless to even bother trying to decrypt unless the account you stumbled onto had millions of nxt

Please confirm or deny if my approach would have prevented any losses from current password thief

By making it a onetime activation it does mean that if you lose the private key, you woild have to spend all the nxt in the acct buying aliases and generally spending it on services, but this i think would be an acceptable tradeoff

James

Could you please add API for the forging tx? The present API getAccountTransactionIds doesn't return forging tx. Of course, we can write some code to walk through the block chain, for example, ruby code, but it seems too slow. Thanks.

Good morning everybody.  I just got up from bed and found a PM to me from somebody who says they've been hit and lost around $7000.  This poster says he wrote me because he felt I would not ridicule or judge him.  He is apparently embarrassed to post his experience here because he used a very weak password that was patterned after one he uses routinely at many locations.  Of particular interest is his statement, "So I checked my zip file and got a different checksum than I think I'm supposed to, in fact, one that isn't posted anywhere on the forum."  I've asked for a copy of his infected file and will check the SHA-256 on it if I get it.  I also gave him step-by-step instructions on how to check it himself.

I applaud the ongoing efforts to flush out how the bad file got posted.  We need to start a similar movement to flush out just who has been hit, and if there is going to be any kind of reimbursement plan.  PaulyC is getting made whole, which is a good thing.  But we need to start thinking about if everybody will be, and that is a chicken-and-egg question until we know the scope of the heist.  In this vein, how hard is it to come up with a list of accounts involved in transactions since the bad client came out?

In a security breech situation, I think it is very important to not castigate people involved for any poor security habits they exhibited such as weak passwords, so they will feel more comfortable in coming forth with badly needed facts.

+1 would be great!

Nice to see block explorer back !!

Got a nice surprise - I forged my first block

and I only have 60k nxt.

the receiver account http://87.230.14.1/nxt/nxt.cgi?action=3000&acc=11731960900805566730 don't have the coin

It's confirmed.

Can anyone explain why this transaction : id= 17268617256988246673 didn't go through? http://87.230.14.1/nxt/nxt.cgi?action=2000&tra=17268617256988246673

It was in a block 15077040953933790557 , other transaction in this block worked.
Just this one who don't work. It's not confirmed and i don't see why

Hi all,

I have launched a hallmark node with a weight of 500.
http://fst.happymining.eu:7874

Regards,
Deltaman
Happymining

It's client side issue.

Yes, they can. And will.

@Jean-Luc: Unfortunately my computer (running 0.4.8 ) was out of memory again this morning Firefox had eating all the memory (1.2GB).

Thanks for wesleys suggestion, I threw the Nxt$Crypto class through a decomplier and read the first 10 lines of code to make sure I didn't have it

Can I suggest that all forum mods are requested to automatically remove any 'un-sanctioned' download links..

Unfortunately when people quote other peoples posts they can 'edit' the quoted contents and someone blind to this could read the link as a repost of a genuine one - which may be what happened here and then the post was deleted / re-edited by the owner.

if 1 NXT 1 vote, how this will play out with big exchange accounts? can they vote with the NXT deposited there?

Pin

and protect the weak and the poor !

Pin