WARNING: DO NOT USE VANITYGEN

If you have an account with any significant amount of NXT in it, it is quite possible that somebody is using the vanitygen's algorithm to scan for your acct.

I am not sure how random the vanitygen program is and until we verify that it is indeed very random, it is possible for somebody to see an acct published here, look it up in the blockchain website, see that it is worth cracking and then using a tweaked vanitygen to bruteforce search for passwords that match your acct number. The bruteforce search for password can be done offline, so there is no way to detect this is happening, until it is too late.

I am not familiar with vanitygen's source, so this could be a false alert. However, for matters like this it is better to be safe than sorry.

High entropy random passwords are needed. Any method like vanity address generation can constrain the accts and the reduced number of them can potentially leave them open to a bruteforce attack. I am sure it is possible to create a vanitygen that is secure enough, I am just not convinced if the vanitygen that was posted a while back is secure enough from a mathematical standpoint.

Apologies to author of vanitygen, this is all conjecture on my part and I do not know if the previous unsolved theft had anything to do with vanitygen. I remember reading the release notes that the vanitygen program was not really finished and maybe password entropy maximization was one of the unfinished items?

James