NXT :: descendant of Bitcoin - Updated Information

[l8orre]

@CfB: I have 41 api calls so far. Would the prototype for the 'getAccount' call (number42) look like this:
    
        # 42
        self.getAccount= {
                                        "requestType" : "getAccount" , \
                                        "account" : "ACCNUM"
                                        }
        
thanks for putting it in!

ps: reason why I am asking is that the TESTNET is bitching again about 'too many connection requests' - even on my first attempt today ...

[Eadeqa]

I always liked the idea, but the problem might be that users will pick those combinations that are easier to remember and there goes your entropy.

You can generate the words randomly for the user!

Sure, but my fear is that users will keep generating secrets until they get one that is easy to remember.

Make all 1626 words easy, very very easy, so everyone will look just as easy as the other.

It doesn't matter what words are in the dictionary, as entropy remains 128-bit with 12 words.

"users will keep generating secrets until they get one that is easy to remember."

Even if  a user is generating 1 trillion combinations a second   (to find the one he/she likes the best) , it will take them 10830285071923307579  YEARS to go through the list.

Let them keep "generating"  it until they find the one they like. It doesn''t matter.   All the words in the dictionary should be easy (like "dog" "night" "sun" etc) . Different people might like different words, so what?  
 
128 bit a BIG number ...

 

By the way, if you do use this (or any other system) make sure to force the user to retype the pass phrase once on the next screen. That will guarantee that the user has saved it or memorized it.  


You should try it on Electrum 

https://electrum.org/download.html

to see how it works

[Passion_ltc]

Jackpot! Forged a block with 85 NXT inside.

If NXT gets big this is a nice sum for something I get for doing nothing.

[NxtChg]

Funny thing. Lyaffe made a challenge with guessing a passphrase https://nextcoin.org/index.php/topic,3718.0.html

I decided to simplify rules, created an account with simple passphrase and sent 100 Nxt to that account. The passphrase was an answer to the question: "I'm a big fun of soap operas and have no idea about security.". Guess what. Someone stole 100 Nxt before I even managed to post the question

What the hell? How is that possible?

[marcus03]

No one needs more than 128-bits. The public signature system curve25519 itself is not stronger than 128-bits, so if someone really wants to brute force, they might just as well try it on curve25519 instead of user's password.

Ok, the generated secret now consists of 20 characters from the following set of characters: ['a'..'z','A'..'Z','0'..'9','''','!','"','#','$','%','&','(',')','*','+',',','-','.','/',':',';','<','=','>','?','@','[','\',']','^','_','`','{','|','}','~']. 96 different characters (space removed, since it gets truncated too easily at the beginning and end).

Entropy: ln(96^20)/ln 2 => 131 bit

[NxtChg]

jl777, would you calm down? You look like a crazy, agitated maniac.

You wrote like 100 posts while I slept, on both forums, all about the same useless idea to use old zerocoin code.

What are you, an automated typing machine? Geez...

[TwinWinNerD]

Funny thing. Lyaffe made a challenge with guessing a passphrase https://nextcoin.org/index.php/topic,3718.0.html

I decided to simplify rules, created an account with simple passphrase and sent 100 Nxt to that account. The passphrase was an answer to the question: "I'm a big fun of soap operas and have no idea about security.". Guess what. Someone stole 100 Nxt before I even managed to post the question

What the hell? How is that possible?

It is already known that there is a bot running that checks the balances of very simple passwords. If you send some NXT to accounts of passphrases "1" or smthg, it will be gone within 45 seconds!

[EvilDave]

Solar powered NXT node for conferences!

Berlin conference first! 

I want to support the next conferences with a RasPI completly solar powered in a nice box.
- RasPI model B
- Wlan USB Stick with preconfigured DHCP settings (just turn on wifi tethering on your mobile phone with SSID: NXT, PW: RasPI-NXT)
- Solar panel on top of the box
- 2x Li-Ion battery powerbank (up to 4x 18650 Li-Ion recharchable batterys each) (up to 27'200mAh! It will be able to run NXT node up to 30 hours without Sun!)

.....snip....

If the community like it, I can send it to one of the Berlin conference people. Well, please resend to me when finished

Todo:
- testing odroid U3 + XU
- measure power consumption of all parts, batteries and solar panel to optimice power usage for offgrid solar NXT nodes
- make a list off all pars + weblinks to shops
- howto
- ...

Greets,
eb

Nice work, ebereon.

Putting a solar RaspPi NXT node on display at the conferences will give us a unique talking/selling point for NXT, so I think that we need to prioritise these as promo material.

So, 3 points to begin with:

Ebereon: can u put more of these together for both Berlin and Amsterdam canferences ?
I have some conference experience and the chances of just one system surviving 2 conferences is minimal.....

To everyone else: Is their a friendly whale who can finance Ebereon ? Or can he get some NXT from the promo fund for this?

Can we start dedicated conference threads on another forum, just to give us a central point for the prep work ?

Heres Amsterdam:
https://nextcoin.org/index.php/topic,2277.0.html

Last thought for the moment on conferences.....we need some large(ish) infographics/pretty pictures for a table display, at least A3 sized, preferably larger, fairly solid and freestanding, so ideas for that will be welcome.

On other topics:

this has to be a record amount of time between comments in this thread

An hour ? Bloody hell, thats almost dead.....

So, because Utopian is a Nxt support, it's okay for him to create a clone?

It's OK to clone even for u as long as u don't try to scam ppl.

+1, Beyonce shoots, he scores....

[Eadeqa]

Funny thing. Lyaffe made a challenge with guessing a passphrase https://nextcoin.org/index.php/topic,3718.0.html

I decided to simplify rules, created an account with simple passphrase and sent 100 Nxt to that account. The passphrase was an answer to the question: "I'm a big fun of soap operas and have no idea about security.". Guess what. Someone stole 100 Nxt before I even managed to post the question

What the hell? How is that possible?

His password was "santabarbara"

About 19,600,000 results  (on google search) for "santabarbara"

Maybe someone has Rainbow table and a bot setup so whenever a new account is created that exists in hackers database, the money is transferred automatically.  

[nxtru]

ANNOUNCEMENT  Nxt Net Application http://95.85.8.113:9000/nxtnet

P.S. I'm surprised nobody tried to upload a torrent file; I recall someone wanted this feature very much.

I think its cause no one got how to do.
With an step by step how to it would get more drive...

so is this a torrent explorer like piratebay?

It's better: it can't be shutdown by authorities because data is stored in Nxt blockchain.

If people are interested I can release a desktop app similar to the web app that connects directly to NRS node.

[Come-from-Beyond]

@CfB: I have 41 api calls so far. Would the prototype for the 'getAccount' call (number42) look like this...

Yes.

[NxtChg]

As you know some of us are working on NxtCash, an anonymity system for Nxt. There are a few questions that concern everybody, so I'd like to discuss them here.

So, to prevent unlimited blockchain growth we probably need to introduce a mandatory coin TTL (time-to-live) with max limit of, say, 6 months or 1 year.

We can also tie min transaction fee for minting a coin to TTL, for example: 1 month = 1 NXT, 2 months = 2 NXT, etc.

What do you think, gentlemen?

P.S. Not sure how purging will work technically, but probably the block forger will be able to issue "cleanOldCoin" transactions and get an additional fee if there is a surplus in the main NxtCash account.

For this it might be better to store coin timestamps as max blockchain height.

[NxtChg]

His password was "santabarbara"

About 19,600,000 results  (on google search) for "santabarbara"

Maybe someone has Rainbow table and a bot setup so whenever a new account is created that exists in hackers database, the money is transferred automatically.  

Oh, sorry, I thought the question was his passphrase

Still, 12 symbols are so easily cracked? That's some serious brute-forcing...

Maybe some bitcoin miners repurposed their GPUs?

[Come-from-Beyond]

Would anyone sell DOGEs for NXTs?

(Shameless attempt to see if market manipulation works)

[Eadeqa]

His password was "santabarbara"

About 19,600,000 results  (on google search) for "santabarbara"

Maybe someone has Rainbow table and a bot setup so whenever a new account is created that exists in hackers database, the money is transferred automatically.  

Oh, sorry, I thought the question was his passphrase

Still, 12 symbols is not safe now? That's some serious brute-forcing...

Maybe some bitcoin miners repurposed their GPUs?

"santabarbara" is one word with 19 million google results. Someone has obviously pre computed the hashes of common passwords, so he is not brute forcing it on the spot. They already exist in attacker's database,   The bot just checks if the account already exists in it's pre computed database.

If the password was sanTabarbara it might not have existed in attacker's database.  

[TwinWinNerD]

Who is the owner of the blockexplorer?

The "statistics" page shows a chart of the daily fees. I would like to see this data, but there was a day with 500.000 NXT fee that just fucks up the whole data. Would it be possible to make a log chart?

http://87.230.14.1/nxt/nxt.cgi?action=40&sub=4

[Labteck]

ANNOUNCEMENT  Nxt Net Application http://95.85.8.113:9000/nxtnet

P.S. I'm surprised nobody tried to upload a torrent file; I recall someone wanted this feature very much.

I think its cause no one got how to do.
With an step by step how to it would get more drive...

so is this a torrent explorer like piratebay?

It's better: it can't be shutdown by authorities because data is stored in Nxt blockchain.

If people are interested I can release a desktop app similar to the web app that connects directly to NRS node.

awesome

[dzarmush]

Funny thing. Lyaffe made a challenge with guessing a passphrase https://nextcoin.org/index.php/topic,3718.0.html

I decided to simplify rules, created an account with simple passphrase and sent 100 Nxt to that account. The passphrase was an answer to the question: "I'm a big fun of soap operas and have no idea about security.". Guess what. Someone stole 100 Nxt before I even managed to post the question

What the hell? How is that possible?

Obviously someone has an instant access to the account with passphrase "santabarbara" and auto withdrawal.

[l8orre]

@CfB: I have 41 api calls so far. Would the prototype for the 'getAccount' call (number42) look like this...

Yes.

heyhey - the new api call works!

balance - 145402
assetBalances - [{'balance': 999837, 'asset': '14269709746849295412'}, {'balance': 60000, 'asset': '7527606552308067548'}, {'balance': 499998, 'asset': '15328485893864579482'}, {'balance': 100, 'asset': '7684392128795615477'}, {'balance': 49999910, 'asset': '12071405555361162374'}]
publicKey - 58be6060e13815503922acc3f0a9d4524f71b09b4d4a4a7c247907e4432af44c
effectiveBalance - 145400

 and even better: I have the API wrapped up so nicely, I can just add an extra call in half an hour! 

[swartzfeger]

The fact that dollar has been reserve currency for the world (international trade denominated in dollars) has allowed america to do one thing no other country could. Print money to get stuff from other countries. Nice advantage that allowed deficit spending for so long.

James

It's also allowed us to export our inflation, which does nothing to endear us to the folks that have to bear the brunt of our completely fucked fiscal policy.