NXT :: descendant of Bitcoin - Updated Information - page 446.

Eadeqa

hero member

Activity: 644

Merit: 500

Quote from: marcus03 on March 09, 2014, 06:08:04 AM

Quote from: verymuchso on March 09, 2014, 05:55:36 AM

I have not heard that before, please do point at any references if you know of any. If it is true it should not be used, you are right.
In that case rand.nextInt(ARRAY.length) would be the safer bet.

I don't have a reference, but say you want to map a random value R between 0 and 15 to a value P between 0 and 9 and use P=(R modulo 10):

Code:

As you see, having the input value R completely random, doesn't mean that P is as random, since you will get values 0 to 5 twice as often as values 6 to 9.

I picked the example to show the problem. With the very large ranges for R (e.g. integer) and very small ranges for P (e.g. 0 to 8191), the problem might just be a very theoretical one.

think of 1626 words as numbers (base 1626)

1. word1
2. word2
3. word3
.
.
.
1626 word1626

so number 1627 would be equal to word1626word1

You can generate a 128-bit number (totally secure using secure random) and then convert it into words

I don't see how there can be any flaw in that implementation, as the original 128-bit was generated with secure random and it is only represented as words

This would be same as representing a binary number as hex or decimal.

The password made with that implementation can't be any weaker than 128-bit just as converting decimal number to hex doesn't make it weaker

This by the way means only 12 words are needed to convert any 128-bit number into words

redsn0w

legendary

Activity: 1778

Merit: 1043

#Free market

I Found a bug in the client 0.8.8 (test)

Code:

{
    "balance": 100097400,
    "effectiveBalance": -100,
    "unconfirmedBalance": 100097400
}

Why the effective balance is :

"effectiveBalance": -100,

CIYAM

legendary

Activity: 1890

Merit: 1086

Ian Knowles - CIYAM Lead Developer

Quote from: bitcoinpaul on March 09, 2014, 06:24:15 AM

Then this won't work.

Quote from: Sebastien256 on March 09, 2014, 05:40:39 AM

As long as in the client, the user can choose on which blockchain to broadcast his desired transaction (different cost associated to broadcasting depending one the quality of the hardware supporting the blockchain), then high TPS could happen within the nxt network if the user decide to use "fast" premium quality network for specific important transaction.

True - you would use atomic cross-chain txs to move between NXT and NXG (something that AT will be able to provide).

bitcoinpaul

hero member

Activity: 910

Merit: 1000

Quote from: Eadeqa on March 09, 2014, 06:23:04 AM

Its not really needed if cryptographically secure number generator is available, but it won't really hurt. It will just add more entropy if you start with crypto gen and the user adds more entropy with mouse movements.

I really like it because it is secure, user friendly & the user feels the security.

bitcoinpaul

hero member

Activity: 910

Merit: 1000

Quote from: CIYAM on March 09, 2014, 06:13:08 AM

Quote from: bitcoinpaul on March 09, 2014, 05:48:20 AM

Parallel blockchains, same NXT tokens?

No - different tokens (NXT and NXG in my illustration).

Then this won't work.

Quote from: Sebastien256 on March 09, 2014, 05:40:39 AM

As long as in the client, the user can choose on which blockchain to broadcast his desired transaction (different cost associated to broadcasting depending one the quality of the hardware supporting the blockchain), then high TPS could happen within the nxt network if the user decide to use "fast" premium quality network for specific important transaction.

Eadeqa

hero member

Activity: 644

Merit: 500

Quote from: wesleyh on March 09, 2014, 05:53:18 AM

Quote from: bitcoinpaul on March 09, 2014, 05:33:52 AM

Quote from: wesleyh on March 09, 2014, 05:27:43 AM

Quote from: Eadeqa on March 09, 2014, 05:21:35 AM

I think entropy from mouse is needed for javascript (like wesley client) -- not for Java's SecureRandom

As for words, as I said, don't use cryptic words from diceware. 1626 simple words dictionary will just work fine for 128-bit entropy.

Actually, newest browsers have crypto.getRandomValues - so no mouse movement needed in those cases. Of course still necessary for older browsers.

Well, even if it is not technically necessary for most of the browsers, we should use the mouse movement because

1. With this, we make sure every user (no matter which browser) has a secure account (using mouse movement only on older browsers gives no common picture of the client on every computer. looks insecure)
2. It gives a secure feeling because the user is part of the process

Hmm, anyone else's input on this? I believe relying on system cryptography is always better than having the user doing something (mouse movement). It will be available though, for older browsers.

Its not really needed if cryptographically secure number generator is available, but it won't really hurt. It will just add more entropy if you start with crypto gen and the user adds more entropy with mouse movements.

redsn0w

legendary

Activity: 1778

Merit: 1043

#Free market

Did you want some TestNxt ?

verymuchso

sr. member

Activity: 421

Merit: 250

HEAT Ledger

Quote from: marcus03 on March 09, 2014, 06:08:04 AM

the problem might just be a very theoretical one.

Maybe. But you proved your point. Thanks.

CIYAM

legendary

Activity: 1890

Merit: 1086

Ian Knowles - CIYAM Lead Developer

Quote from: bitcoinpaul on March 09, 2014, 05:48:20 AM

Parallel blockchains, same NXT tokens?

No - different tokens (NXT and NXG in my illustration).

rriky92

sr. member

Activity: 294

Merit: 250

Quote from: allwelder on March 08, 2014, 07:36:34 PM

Quote from: rriky92 on March 08, 2014, 02:03:39 PM

New iNxt version 1.0.8 in AppStore

Changelog:
New exchange:Cryptsy, Poloniex
Now exchange are sorted for Volume (03/03/14)
App now uses POST instead of GET (more secure)
New API to know if account is forging
Bug fix

Download link:
https://itunes.apple.com/us/app/inxt/id802351888?l=it&ls=1&mt=8

Donations:
4894174904569783391

Great.
no price of Cryptsy?

There is cryptsy

marcus03

full member

Activity: 224

Merit: 100

Quote from: verymuchso on March 09, 2014, 05:55:36 AM

I have not heard that before, please do point at any references if you know of any. If it is true it should not be used, you are right.
In that case rand.nextInt(ARRAY.length) would be the safer bet.

I don't have a reference, but say you want to map a random value R between 0 and 15 to a value P between 0 and 9 and use P=(R modulo 10):

Code:

As you see, having the input value R completely random, doesn't mean that P is as random, since you will get values 0 to 5 twice as often as values 6 to 9.

I picked the example to show the problem. With the very large ranges for R (e.g. integer) and very small ranges for P (e.g. 0 to 8191), the problem might just be a very theoretical one.

bitcoinpaul

hero member

Activity: 910

Merit: 1000

Quote from: wesleyh on March 09, 2014, 05:53:18 AM

Hmm, anyone else's input on this? I believe relying on system cryptography is always better than having the user doing something (mouse movement). It will be available though, for older browsers.

I'm just speaking from a user standpoint. If it is technically not good, don't use it. Didn't thought though that mouse movement is insecure?!

Eadeqa

hero member

Activity: 644

Merit: 500

Quote from: marcus03 on March 09, 2014, 05:43:05 AM

Quote from: verymuchso on March 09, 2014, 05:35:36 AM

Quote from: marcus03 on March 09, 2014, 05:12:42 AM

Quote from: verymuchso on March 09, 2014, 05:00:28 AM

Quote from: marcus03 on March 09, 2014, 04:54:28 AM

What does your implementation of words.getDiceWd look like?

It picks directly from an array of words. Why?

How do you map the integer type parameter down to the range of items in the dictionary?

int & 0X1fff returns a value between 0 (inclusive) and 8191 (inclusive)

This is like a modulo operation right? Like "(int mod 8192)". If so, it puts a (very) slight preference on the first entries in the dictionary.

I don't have a cryptographic background, but it seems like one of these tiny things cryptographic people look for. Or it's just me being paranoid..

I think the simplest way to do it is to just generate a 128-bit random number, then represent ('convert") it to to base 1626 (1626 word dictionary).

EvilDave

hero member

Activity: 854

Merit: 1001

Quote from: redsn0w on March 09, 2014, 05:37:10 AM

Good morning people Cheesy

.

Good morning , bro...!

Quote from: Uniqueorn on March 09, 2014, 05:27:51 AM

Quote from: BrianNowhere on March 09, 2014, 03:41:45 AM

The initial stakeholders ....*snip*..... do damn well whatever they please with their windfall.

I'm not sure ....*snip*

How you can justify the idea that because they invested 50 dollars they have this deep deserving right to be millionaires while those who make NXT worth milliones should get none is baffling.

It sounds like you've seen a 5 minute clip of Milton Friedman and think that this trickledown economy is a law of physics. Insane.

Unique is being blunt as fuck here, but he does have a point. More big stakeholders opening their wallets would be good, even if only to show that they do give a fuck. But we've down this road before without much results, we can't force people to fund NXT even if it is in their own best interest to do so. So lets put selfish stakeholders on the list of things to ignore, for the moment.

Quote from: mcjavar on March 08, 2014, 10:34:52 PM

Quote from: rickyjames on March 08, 2014, 10:24:35 PM

I've got a lot of catching up to do in this thread, also. For now, I will say a few things off the top of my head.

First, we have got to pay more attention to NXT as a 1st generation coin, and call it a coin, without parentheses or apologies. We need vendors to accept it and people to want it.

*snip*

TF and 1000TPS is what sold me on this coin and is the ONLY feature we have that is above and beyond all Bitcoin clones and even Etherium on the horizon. I get that 1000TPS would take dev work, but I thought TF was a done deal. Now it's not?

Third, we have got to pull together as a team and FOCUS. FOCUS. FOCUS. Maybe the funding committees are the start of this. I hope so. I would go so far to say that there needs to be yet another committee election, for a leadership committee, one with no money or unspent NXT behind it at all, just the raw power to say "NXT IS GOING TO DO THIS." and whose members then can stand up on a stage, virtual or real, in front of people and tell them that NXT is on a course to SOMEWHERE.

Maybe I'm just in dictator withdrawal from pushing the election over the goal line. Maybe sleep will help. G'nite.

I believe in dictatorship. Democracy will fail (and fall) in the coming decades. Collective ownership is bullshit, because noone feels responsible for anything. A lot of great ideas are getting thrown in the round every day in this thread, but almost all remain without action. It´s like fartig in a room with full off people and then closing the door and leaving: it´s an interesting experience, but pointless and after a while even disturbing.

I still believe that this project needs a project manager. Look at all the other successfull cryptos: they all have carismatic leaders. A big project like this can´t only rely on a few self-sacrificing people.

I hate dictators and charismatic leaders....but we do seem to need some pushing to get shit done. Look at RJ and the committee elections.

Password security integration stuff looks promising, guys, lets make it happen. Which committee has responsibilty for clients?

Got to run, brb in an hour or 2.

verymuchso

sr. member

Activity: 421

Merit: 250

HEAT Ledger

Quote from: marcus03 on March 09, 2014, 05:43:05 AM

Quote from: verymuchso on March 09, 2014, 05:35:36 AM

Quote from: marcus03 on March 09, 2014, 05:12:42 AM

Quote from: verymuchso on March 09, 2014, 05:00:28 AM

Quote from: marcus03 on March 09, 2014, 04:54:28 AM

What does your implementation of words.getDiceWd look like?

It picks directly from an array of words. Why?

How do you map the integer type parameter down to the range of items in the dictionary?

int & 0X1fff returns a value between 0 (inclusive) and 8191 (inclusive)

This is like a modulo operation right? Like "(int mod 8192)". If so, it puts a (very) slight preference on the first entries in the dictionary.

I don't have a cryptographic background, but it seems like one of these tiny things cryptographic people look for. Or it's just me being paranoid..

I have not heard that before, please do point at any references if you know of any. If it is true it should not be used, you are right.
In that case rand.nextInt(ARRAY.length) would be the safer bet.

wesleyh

sr. member

Activity: 308

Merit: 250

Quote from: bitcoinpaul on March 09, 2014, 05:33:52 AM

Quote from: wesleyh on March 09, 2014, 05:27:43 AM

Quote from: Eadeqa on March 09, 2014, 05:21:35 AM

I think entropy from mouse is needed for javascript (like wesley client) -- not for Java's SecureRandom

As for words, as I said, don't use cryptic words from diceware. 1626 simple words dictionary will just work fine for 128-bit entropy.

Actually, newest browsers have crypto.getRandomValues - so no mouse movement needed in those cases. Of course still necessary for older browsers.

Well, even if it is not technically necessary for most of the browsers, we should use the mouse movement because

1. With this, we make sure every user (no matter which browser) has a secure account (using mouse movement only on older browsers gives no common picture of the client on every computer. looks insecure)
2. It gives a secure feeling because the user is part of the process

Hmm, anyone else's input on this? I believe relying on system cryptography is always better than having the user doing something (mouse movement). It will be available though, for older browsers.

bitcoinpaul

hero member

Activity: 910

Merit: 1000

NXT = coins = tokens.

Sebastien256

hero member

Activity: 715

Merit: 500

Quote from: bitcoinpaul on March 09, 2014, 05:48:20 AM

Quote from: Sebastien256 on March 09, 2014, 05:40:39 AM

I like the idea of parallel blockchain.

On one "fast" Blockchain:

- By limiting forging power to 1M nxt, we can ensure that at least 1000 fast nodes can manage TF with high TPS. Transaction that have to happen really fast (AM, important transaction, etc.) can take place on such blockchain. High premium quality hardware would be needed to ensure the stability of this blockchain.

On another "regular" Blockchain (there can be more than one):

- Transaction that don't require to be fast can unload the "fast" blockchain for which rasberrypi could be use to secure the network.

As long as in the client, the user can choose on which blockchain to broadcast his desired transaction (different cost associated to broadcasting depending one the quality of the hardware supporting the blockchain), then high TPS could happen within the nxt network if the user decide to use "fast" premium quality network for specific important transaction.

What do you think?

Parallel blockchains, same NXT tokens?

what is the idea of NXT tokens? I did not read that before. Any link?

EDIT: sorry did not understand question at first. Yes, with SAME nxt tokens or coins on the various blockchain.

Using same nxt tokens for different blockchain seem to be compatible with the idea of CfB:

Quote from: Come-from-Beyond on March 08, 2014, 06:09:35 AM

RFC: Parallel Chains concept

DrearyUrbanite

sr. member

Activity: 756

Merit: 250

Quote from: eightspaces on March 09, 2014, 04:24:38 AM

are you guys still buying more nxt or just waiting for it to finally go up?

im thinking of buying more but there is no buy support? why? seems like lots of good development

I am still buying and will continue to buy until I reach my 100K goal or NXT gets too expensive for me to reach it. I am only at around 77K now.

bitcoinpaul

hero member

Activity: 910

Merit: 1000

Quote from: Sebastien256 on March 09, 2014, 05:40:39 AM

I like the idea of parallel blockchain.

On one "fast" Blockchain:

- By limiting forging power to 1M nxt, we can ensure that at least 1000 fast nodes can manage TF with high TPS. Transaction that have to happen really fast (AM, important transaction, etc.) can take place on such blockchain. High premium quality hardware would be needed to ensure the stability of this blockchain.

On another "regular" Blockchain (there can be more than one):

- Transaction that don't require to be fast can unload the "fast" blockchain for which rasberrypi could be use to secure the network.

As long as in the client, the user can choose on which blockchain to broadcast his desired transaction (different cost associated to broadcasting depending one the quality of the hardware supporting the blockchain), then high TPS could happen within the nxt network if the user decide to use "fast" premium quality network for specific important transaction.

What do you think?

Parallel blockchains, same NXT tokens?

Topic: NXT :: descendant of Bitcoin - Updated Information - page 446. (Read 2761644 times)