Topic: NXT :: descendant of Bitcoin - Updated Information - page 2504. (Read 2761645 times)

Confirmed. Coin-age was part of the earliest NxT design, but got removed a long time ago.
I forgot about that change. The current design does not have any problem as far as I know.

It was never an 'exploit' anyway. More of a bad design choice.
The 'fix' I suggested is exactly what the code does already.

Sounds like good news, right? Now we have a more precise understanding of development choices.

There is no exploit in the code.  He based his "exploit" comment on a misunderstanding.

no one hinders you from making a new account. there are many to choose from.
btw, another good thing is that you could use simple passwords if you do
like this for example:

2 x sha256sum('asmallerone')
( with linux e.g. -> /bin/echo -n asmallerone | sha256sum )

well, perhaps take a better one but this way you get a real good passphrase
and all you have to remember is a simple word with a sha multiplier.
since many boxes having sha at the console, you can recover this very easy
everywhere. very usefull for cold wallets and 'look over the shoulder save' 

Cunicula mentioned a possible exploit in a seperate thread, maybe he implemented. I'm not at home but I can't seem to connect to nxt.c4c.io anymore.
Any updates?

Thanks for the explanation I think I get it, but regret using password1 now.

if you look at this more abstract and if i remember correct,
then there is a 'schrödingers cat' passphrase box prefilled
with 2e256 accountnumbers and you don't know which account
exist or not. well, both is true but you only know for sure
if you open the box with the right key.

but if you like to stick with the old style, you can use this as well.

-> nxt-passphrase = old-style-login-name+password

the result is the same in context of security. you see?

Then they share a wallet... At least until one of them sends all the fund in that wallet to a new wallet. Just use a massive string for your wallet, and there won't be any problems.

cant update the block chain all i get is on latest version is


C:\Users\TimmyD\Desktop\next>Nxt.URL

C:\Users\TimmyD\Desktop\next>java -Xms512m -Xmx1024m -cp Nxt.zip Nxt
[2013-12-01 02:08:49.323] Nxt 0.2.19 started.
[2013-12-01 02:08:49.346] Loading transactions...
[2013-12-01 02:08:49.404] Loading peers...
[2013-12-01 02:08:49.418] Loading blocks...
[2013-12-01 02:08:49.424] Saving blocks...
[2013-12-01 02:08:49.429] ...Done
[2013-12-01 02:08:49.431] Loading accounts...
[2013-12-01 02:08:49.443] Loading assets...
[2013-12-01 02:08:49.491] Loading orders...
Exception in thread "pool-1-thread-2" java.lang.NullPointerException
        at Nxt$2.completed(Unknown Source)
        at Nxt$2.completed(Unknown Source)
        at sun.nio.ch.Invoker.invokeUnchecked(Unknown Source)
        at sun.nio.ch.Invoker$2.run(Unknown Source)
        at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)
Exception in thread "pool-1-thread-3" java.nio.BufferUnderflowException
        at java.nio.Buffer.nextGetIndex(Unknown Source)
        at java.nio.DirectByteBuffer.getShort(Unknown Source)
        at Nxt$Peer.process(Unknown Source)
        at Nxt$1.completed(Unknown Source)
        at Nxt$1.completed(Unknown Source)
        at sun.nio.ch.Invoker.invokeUnchecked(Unknown Source)
        at sun.nio.ch.Invoker$2.run(Unknown Source)
        at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)
Exception in thread "pool-1-thread-4" java.nio.BufferUnderflowException
        at java.nio.DirectByteBuffer.get(Unknown Source)
        at java.nio.ByteBuffer.get(Unknown Source)
        at Nxt$Peer.process(Unknown Source)
        at Nxt$1.completed(Unknown Source)
        at Nxt$1.completed(Unknown Source)
        at sun.nio.ch.Invoker.invokeUnchecked(Unknown Source)
        at sun.nio.ch.Invoker$2.run(Unknown Source)
        at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)
Exception in thread "pool-1-thread-1" java.nio.channels.ReadPendingException
        at sun.nio.ch.AsynchronousSocketChannelImpl.read(Unknown Source)
        at sun.nio.ch.AsynchronousSocketChannelImpl.read(Unknown Source)
        at java.nio.channels.AsynchronousSocketChannel.read(Unknown Source)
        at Nxt$1.completed(Unknown Source)
        at Nxt$1.completed(Unknown Source)
        at sun.nio.ch.Invoker.invokeUnchecked(Unknown Source)
        at sun.nio.ch.Invoker$2.run(Unknown Source)
        at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)
[2013-12-01 02:11:30.911] 3: java.nio.channels.ClosedChannelException

But what happens if two people choose the same word or phrase?

I agree.  You never need to worry about losing your wallet.  It's the next step and solves an old bitcoin problem.

No but what happens if 100000 people use it more than 1 persons going to use the same phrase or word

think again, this design is very clever. 

this is a brainwallet, common words are not the right place to use as a passphrase in this context.

That's not a very clever design!!

Yeah, don't pick a stupid short password.

don't think so, they are just shooting at our nodes but even with this low base target they need
coins to use this and i don't see sense in this.

The client doesn't make sense to me, what if two people use the same passphrase or common words are entered until a match is found... wouldn't that just open up someone else's wallet?

i have seen these ip's some days before, doing the same.
unfortunatly cfb's bs-server is gone too.

no, it's not your ip. there are 10+ starting with 109.201.XXX with bad time sync in my peer list and my node is gone.

exploit??