Pages:
Author

Topic: Nxt source code flaw reports (Read 113377 times)

sr. member
Activity: 378
Merit: 250
November 21, 2016, 07:12:10 AM
FYI, newcomers!
Did you know you can mine NXT in the Lucky node project?
Computational and bandwidth requirements are very low - some users run it on a Raspberry Pi.
Run the node 24/7 or as often as you can while you work or play.
Join in with the over 100 nodes that are already in the project.
sr. member
Activity: 376
Merit: 300
January 20, 2016, 08:34:02 AM
What proves that ?
It's one of those unprovable statements that are nevertheless true, see https://en.wikipedia.org/wiki/G%C3%B6del%27s_incompleteness_theorems
member
Activity: 107
Merit: 10
January 20, 2016, 01:49:13 AM
What proves that ?
sr. member
Activity: 350
Merit: 252
January 19, 2016, 11:38:47 PM
What is confirmed

that satoshi ran away and came under the cover as bcnext.
member
Activity: 107
Merit: 10
January 19, 2016, 09:44:34 AM
What is confirmed
legendary
Activity: 1512
Merit: 1004
January 19, 2016, 09:12:22 AM
Not sure if its logic flaw, but somebody could simply change initial allocation in genesis block to give themselves a lot of NXT.

We have seen a case of altered client already, so changing genesis block's hardcoding and hypnotizing jean-luc into signing it as the official release, would be an obvious but effective way to steal a lot of NXT

James

True, that's why noone knows who Jean-Luc is.

Maybe he is BCNext!

Well, BCNext, "Jean-Luc" and Come-from-Beyond are all three Russian.

I'm not entirely sure who is who or whether all three are one, but that makes it more exciting Grin
Confirmed.
legendary
Activity: 1181
Merit: 1002
March 24, 2014, 02:33:47 PM
WOOOOOOOOOOOOOOOOOOOOOOOOOOOW! THANKS!

Appreciate that bounty,
my account is: 15421585458835302363
Too bad you transfered the nxt to bter and left nxt completely already. I was going to donate you some NXT in order to motivate you to stay with us

Could be, but could also be, that he stores them on bter or that he moves them through bter to disguise the origin - don't jump to conclusions please
hero member
Activity: 644
Merit: 500
March 24, 2014, 01:05:13 PM
WOOOOOOOOOOOOOOOOOOOOOOOOOOOW! THANKS!

Appreciate that bounty,
my account is: 15421585458835302363
Too bad you transfered the nxt to bter and left nxt completely already. I was going to donate you some NXT in order to motivate you to stay with us

That would be stupid. He will dump them too. Let it be. Donate them to some worthy cause
newbie
Activity: 29
Merit: 0
March 23, 2014, 06:16:38 AM
Congrats, Evil-Knievel Cheesy Enjoy your reward and yes please, do stick around ^^
legendary
Activity: 866
Merit: 1002
March 23, 2014, 01:58:58 AM
funny, I knew ''k'' was picked, I wasn't aware haven't figured out it could be abused in such way:

Actually, there might be a bug in the C++ code. I compiled it and ran a few tests with sign, but the signature that gets generated is different each time i run the program (typically the sign of an uninitialized variable somewhere). The problem appears to happen somewhere in divmod.

It's a normal behavior, not a bug, don't waste too much time on that.

That depends on algo.
In case of Nxt's EC-KCDSA "k" value is picked not choosen randomly,
So if you feed it with the same data, sig should be te same...

(k is calculated from 1360-1365, that's Y in NXT code
https://bitbucket.org/JeanLucPicard/nxt-public/src/4073c21098076d3469b3f74d49e73ffabe3a2001/Nxt.java?at=master#cl-1360
and it's based on "sig priv key" (s based on user's pub key) and message
)


rlh
hero member
Activity: 804
Merit: 1004
March 22, 2014, 09:35:57 PM
Yes, congratulations.  I didn't realize this bounty was still open.  I would have never caught that, even when I had the time to study the code.
legendary
Activity: 1512
Merit: 1004
March 22, 2014, 09:14:57 PM


WOOOOOOOOOOOOOOOOOOOOOOOOOOOW! THANKS!

Appreciate that bounty,
my account is: 15421585458835302363
congratulate
legendary
Activity: 1260
Merit: 1168
March 22, 2014, 04:54:32 PM
This message was too old and has been purged
legendary
Activity: 1181
Merit: 1002
March 22, 2014, 04:52:47 PM
16386134630970163904:  Not a bad account if you're just targeting one...  (30,002,058 NXT)

http://www.mynxt.info/blockexplorer/details.php?action=ac&ac=16386134630970163904

I'm not sure what I missed, but why is 16386134630970163904 HiberNXT?

http://localhost:7876/nxt?requestType=getAccountPublicKey&account=16386134630970163904


It isn't. Someone just thought that 0 outgoing transaction equals no public key. But forging counts as creating a public key too!

I know - we just saved some trees here  Grin
legendary
Activity: 1680
Merit: 1001
CEO Bitpanda.com
March 22, 2014, 04:50:11 PM
16386134630970163904:  Not a bad account if you're just targeting one...  (30,002,058 NXT)

http://www.mynxt.info/blockexplorer/details.php?action=ac&ac=16386134630970163904

I'm not sure what I missed, but why is 16386134630970163904 HiberNXT?

http://localhost:7876/nxt?requestType=getAccountPublicKey&account=16386134630970163904


It isn't. Someone just thought that 0 outgoing transaction equals no public key. But forging counts as creating a public key too!
legendary
Activity: 1181
Merit: 1002
March 22, 2014, 04:47:44 PM
16386134630970163904:  Not a bad account if you're just targeting one...  (30,002,058 NXT)

http://www.mynxt.info/blockexplorer/details.php?action=ac&ac=16386134630970163904

I'm not sure what I missed, but why is 16386134630970163904 HiberNXT?

http://localhost:7876/nxt?requestType=getAccountPublicKey&account=16386134630970163904
legendary
Activity: 1260
Merit: 1168
March 22, 2014, 04:47:22 PM
This message was too old and has been purged
hero member
Activity: 644
Merit: 500
March 22, 2014, 04:34:13 PM
@Twin: This is just a quick-and-dirty implementation, If we had a good structure (maybe some B-trees with a lookup complexity of O(log) ) where all NXT accounts were stored, we could mine them all parallely.
Thats what the github Repository is for ... let us make this "first approach" better ;-)

I am not doubting that.

We could make a mining pool/mining list where we add account numbers, where we are XX% sure that they are DarkNXT (not accessible because of lost/forgotten passphrase)

They would be "lost" if the sender sent them to wrong ID (mistyped, copy paste error, etc).
legendary
Activity: 1260
Merit: 1168
March 22, 2014, 04:33:26 PM
This message was too old and has been purged
legendary
Activity: 1680
Merit: 1001
CEO Bitpanda.com
March 22, 2014, 04:31:57 PM
@Twin: This is just a quick-and-dirty implementation, If we had a good structure (maybe some B-trees with a lookup complexity of O(log) ) where all NXT accounts were stored, we could mine them all parallely.
Thats what the github Repository is for ... let us make this "first approach" better ;-)

I am not doubting that.

We could make a mining pool/mining list where we add account numbers, where we are XX% sure that they are DarkNXT (not accessible because of lost/forgotten passphrase)
Pages:
Jump to: