Pages:
Author

Topic: Nxt source code flaw reports - page 16. (Read 113378 times)

full member
Activity: 238
Merit: 100
January 15, 2014, 09:37:05 AM
Is anyone offering the service of creating an altcoin based on the algorithm of Nxt?

I'm launching a coin based on Nxt soon. It will use AM and Nxt blockchain. Sources will be written in JavaScript and completely open. (https://bitcointalksearch.org/topic/2-415580)

lol, you mean completely open to russian readers?
legendary
Activity: 866
Merit: 1002
January 15, 2014, 05:11:46 AM
The visible public account number (your public key) is a maximum of 20 digits, 64 bits, long (10 as in decimal).
Anyone heard of the "birth day attack" ? For you who have not, http://en.wikipedia.org/wiki/Birthday_attack.

I hope everyone here ;p

I guess it is not my "birthday", (after some hinting) Wink and i am not going too have my small investment stolen by some 16 year old script kiddie.
Therefore, im creating my own cryptocurrency, whos with me?

It's been repeated hundred of times already, your account is your PK, which is 256bits,
once you do first trasaction, you're safe.
full member
Activity: 137
Merit: 100
January 15, 2014, 04:53:09 AM
I guess it is not my "birthday", (after some hinting) Wink and i am not going too have my small investment stolen by some 16 year old script kiddie.
Therefore, im creating my own cryptocurrency, whos with me?

You haven't understood how "accounts" work in Nxt - once you have spent from an account (or forged a block) then your public key (256 bits) is being used to protect your account.


I am talking about the visible public key, which people transfer money too.

Humble regards
j0b

I am under the impression if someone registered their public key (by sending out a transaction, alias, etc), no one else could make another account with the same 20-digit visible key (ie. the client would return an error stating that account # is in use). Your account is still safe, of course, because it is protected by 256bits.

I have tried to find the function where you get rejected because of this, however i can not find it in the src of 0.4.8e

Humble regards
legendary
Activity: 2142
Merit: 1010
Newbie
January 15, 2014, 04:50:29 AM
I am under the impression if someone registered their public key (by sending out a transaction, alias, etc), no one else could make another account with the same 20-digit visible key (ie. the client would return an error stating that account # is in use). Your account is still safe, of course, because it is protected by 256bits.

Right. The other guy has to chose another passphrase.
full member
Activity: 224
Merit: 100
January 15, 2014, 04:47:33 AM
I guess it is not my "birthday", (after some hinting) Wink and i am not going too have my small investment stolen by some 16 year old script kiddie.
Therefore, im creating my own cryptocurrency, whos with me?

You haven't understood how "accounts" work in Nxt - once you have spent from an account (or forged a block) then your public key (256 bits) is being used to protect your account.


I am talking about the visible public key, which people transfer money too.

Humble regards
j0b

I am under the impression if someone registered their public key (by sending out a transaction, alias, etc), no one else could make another account with the same 20-digit visible key (ie. the client would return an error stating that account # is in use). Your account is still safe, of course, because it is protected by 256bits.
full member
Activity: 137
Merit: 100
January 15, 2014, 04:46:50 AM
I am talking about the visible public key, which people transfer money too.

Humble regards
j0b

Birthday attack is not a problem if u use truly random passphrase. What odds to hit an already reserved account with 10 attempts?

One in ~10^18. I do not think that is an valid argument though.

Humble regards
legendary
Activity: 2142
Merit: 1010
Newbie
January 15, 2014, 04:39:22 AM
I am talking about the visible public key, which people transfer money too.

Humble regards
j0b

Birthday attack is not a problem if u use truly random passphrase. What odds to hit an already reserved account with 10 attempts?
full member
Activity: 137
Merit: 100
January 15, 2014, 04:36:33 AM
I guess it is not my "birthday", (after some hinting) Wink and i am not going too have my small investment stolen by some 16 year old script kiddie.
Therefore, im creating my own cryptocurrency, whos with me?

You haven't understood how "accounts" work in Nxt - once you have spent from an account (or forged a block) then your public key (256 bits) is being used to protect your account.


I am talking about the visible public key, which people transfer money too.

Humble regards
j0b
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
January 15, 2014, 04:34:50 AM
I guess it is not my "birthday", (after some hinting) Wink and i am not going too have my small investment stolen by some 16 year old script kiddie.
Therefore, im creating my own cryptocurrency, whos with me?

You haven't understood how "accounts" work in Nxt - once you have spent from an account (or forged a block) then your public key (256 bits) is being used to protect your account.
legendary
Activity: 2142
Merit: 1010
Newbie
January 15, 2014, 04:34:17 AM
I guess it is not my "birthday", (after some hinting) Wink and i am not going too have my small investment stolen by some 16 year old script kiddie.
Therefore, im creating my own cryptocurrency, whos with me?

Post here the link to ur thread when u create it, plz. I support all innovative cryptocoins.
legendary
Activity: 2142
Merit: 1010
Newbie
January 15, 2014, 04:32:23 AM
Is anyone offering the service of creating an altcoin based on the algorithm of Nxt?

I'm launching a coin based on Nxt soon. It will use AM and Nxt blockchain. Sources will be written in JavaScript and completely open. (https://bitcointalksearch.org/topic/2-415580)
full member
Activity: 137
Merit: 100
January 15, 2014, 04:28:58 AM
The visible public account number (your public key) is a maximum of 20 digits, 64 bits, long (10 as in decimal).
Anyone heard of the "birth day attack" ? For you who have not, http://en.wikipedia.org/wiki/Birthday_attack.

With 64 bits, 1.8 * 10^19 there would be 1% probability of collision if 1.9 * 10^8 accounts exists in the network.
If however, 5.1*10^9, 5.1 billion (people/accounts) have been created there are a chance of 50% that someone
uses a password that generates the public visible key. Now there are 6.5*10^19 people on this small planet. If 7.2*10^19
people creates an account then there is a 75% probability of collision.

With the large amounts of bruteforce attacks in the network.. 1.8 * 10^19 public key digits is not enough.

I guess it is not my "birthday", (after some hinting) Wink and i am not going too have my small investment stolen by some 16 year old script kiddie.
Therefore, im creating my own cryptocurrency, whos with me?

Regards
j0b
sr. member
Activity: 448
Merit: 250
January 15, 2014, 04:28:02 AM
Is anyone offering the service of creating an altcoin based on the algorithm of Nxt?
legendary
Activity: 2142
Merit: 1010
Newbie
legendary
Activity: 866
Merit: 1002
legendary
Activity: 866
Merit: 1002
January 15, 2014, 02:26:48 AM
Why the "getBaseTarget" is recalculated each time for the same (last) block?  For simplicity?

Yes. This is a reference code.


also it costs almost 0, and it's easier just to recalculate it, than cache it somewhere
(you'd have to place it everywhere where lastBlock is altered)
legendary
Activity: 2142
Merit: 1010
Newbie
January 15, 2014, 01:14:06 AM
I have questions about the code sometimes. Which topic is better suited to these questions?

Ask them here.


Why the "getBaseTarget" is recalculated each time for the same (last) block?  For simplicity?

Yes. This is a reference code.


How can I determine that I am in the wrong chain?

U can't, all that u need is just try to stick to the "longest" chain.


Why peers that send a lot of wrong transactions are not stored in the blacklist automatically?
I can send many not verified transactions to each peer and every time they process their (through POST and GET for public which brodcast them to some other peers).

Sending data is much expensive than receiving it. For example, asymmetric home links have higher bandwidth for downloading, dedicated servers don't pay for inbound traffic, etc.
newbie
Activity: 35
Merit: 0
January 14, 2014, 10:44:36 PM
Come-from-Beyond

I have questions about the code sometimes. Which topic is better suited to these questions?

Why the "getBaseTarget" is recalculated each time for the same (last) block?  For simplicity?

How can I determine that I am in the wrong chain?

Why peers that send a lot of wrong transactions are not stored in the blacklist automatically?
I can send many not verified transactions to each peer and every time they process their (through POST and GET for public which brodcast them to some other peers).

hero member
Activity: 784
Merit: 501
January 14, 2014, 07:25:34 PM
wait. not remember if someone mentioned this before.
from line 4552 to 4631.
If the attacker send infinite garbage blocks, futureBlocks will out of memory...
Remember that famous payloadLength=2147483647?...
what's that, 2^31 - 1?
Yes. Integer.MAX_VALUE. Maximum size of array.
legendary
Activity: 866
Merit: 1002
January 14, 2014, 06:59:40 PM
Are you saying that you can't verify 25% of signatures? Isn't that a pretty serious issue?

It was already reported.

Where? What am I missing? Why isn't this a big deal?

there's uber hack for this:  sign;  while( cannot verify) { change timestamp; sign again }
Pages:
Jump to: