Switch to ArdorForum

The question is: Why should we improve this software which could crack our accounts?

It can't crack your "regular" accounts - it is for HiberNXT (or DarkNXT if you like) only.
This means lost NXT, which the developers want to be "mined".

Quote

DarkNXT

Occasionally, someone sends Nxt to an account that nobody is using. Since these Nxt are "locked" until the passphrase for that account is discovered and used, the Nxt in the account is referred to as "DarkNXT".

Ahhh, I see. Cool. So this is only possible because these accounts have no outgoing transactions and a weaker "security state"?! Is there a list with DarkNXT accounts?

Exactly.
I have found a list of DarkNXT in another thread here on this forum:
http://nopaste.info/4dde524b73.html

There are some interesting accounts worth 500 BTC and more there.

So, with 15 Million tries per second, how long will it take to crack a DarkNXT account? And have you been successful with one of these accounts?

By the way, there is a typo in your software. It should be "elapsed time" (-;

Have you found such accounts already? What if thousands of people use this software and improve it such that the software always generate 'untested' passphrases? Could it be that accounts with strong passphrases getting cracked? There are nice calculations that a safe passphrase can't be cracked in million years but is this still valid if thousands of people use such tools and the tools getting better?

Have you found such accounts already?

No  I am just developing this software and not running it myself.

There are nice calculations that a safe passphrase can't be cracked in million years but is this still valid if thousands of people use such tools and the tools getting better?

The thing is, that we are not targeting the "real" accounts with 256 bit private keys, but the HiberNXT accounts that only have 64 bits of entropy. This way there are dozens of public/private key pairs that match the wanted account number.
I have no calculations how long this would take, though. Let me do a quick "math".

64 bit means basically 18446744073709551616 different tries. On average you would need half that much.
Let us assume every one has 10 computers which do a total of 150.000.000 tries per second. Further lets assume we have 1000 users using it. This would mean on average, after 10000000 seconds an account would be cracked. Most likely a lot faster.

I am sure we can make this software a lot better, so we can get closer to 1000 or 10000 seconds. You must understand the current GIT status as the first proof of concept, from where we can start improving.

NOTE: This calculation is for 1 Account only, as we have around 15000 Hibernxt accounts, it would take 10000000/15000 = 600 seconds to hit any one of them. It is pretty fast imho.

TODO: At the current stage, the software is not able to check for multiple accounts simultaneously. This fix should be a quick one though. Feel free to forge and hack.

So, with 15 Million tries per second, how long will it take to crack a DarkNXT account? And have you been successful with one of these accounts?

If you are targeting just one account, average would be 20,000 years.

15 million isn't enough.

it needs to be 1 trillion per second to bring average to 3 months for one account.

However, if you are targeting 15K accounts all together at the same time, you have better odds, but 15 million still isn't enough. It needs to be more than 1 billion at least to be profitable. 

Either way, I'm glad my password is 100 near-truly random characters.

Either way, I'm glad my password is 100 near-truly random characters.

This has nothing to do with password. You can have million char password, but until outgoing transaction is made, the account is protected by 64 bits account ID.

Plus your account max strength ever is Curve25519 public key, which can be cracked in 128 bits operation (that's a lot lower than your 100 char password).

Where can we get a list of accounts without public IDs?