Look, ask Graviton about all of the Other People's NXT from Dgex he's got combined for storage into one of the biggest NXT accounts in the blockchain.  Graviton, which would let you sleep better at night - the current NXT account setup, or the current NXT account setup plus an additional account withdrawal freeze code capability?

This is true.  I suggest the client software could display it as an animated gif perhaps  with random 3 to 5 second intervals between key fragment displays, so that a single screen grab or even multiple screen grabs wouldn't get it.  Whereupon the Trojan could be written to...

We can go a long way down this hall of mirrors.  I still think it is worthwhile to implement user account withdrawal freeze codes as I have described in the blockchain, for the psychological comfort aspect as well as the undeniable increased security aspect, hypothetical screengrabber Trojans or no.  

I will keep parrying about if this then that if you want.  Deciding as a community whether or not  to actually implement it is a completely separate issue that I still would like resolution upon.

I think that if you requested withdrawals from your account be frozen until you reenter the private key code, and the client software generates internally and displays to you that private key code for you to write down on paper with a pencil for use at a later date, then yes, I do not see how either a keylogger or a Trojan could get the private key unfreeze code.  

OK, look, I'm not a heavy hitter coder to pitch in and help here, and I wish I was.  But this security stuff is serious with major psychological/political overtones for the acceptance of NXT.  I really want to get a consensus here on a proposed course of action.  Many pages back on this thread there was a prioritized list of what was to be added to NXT in the way of features.  Where does my proposed account withdrawal freeze code idea (or something similar) rank on this in the eyes of the community, and what is the path we take to either reject it from consideration as an add-on or agree that yes, it will be implemented?

Not trying to be pushy, I just think this is too important to let it fade out when we go off chasing the next squirrel topic ten pages from now (an allusion to the dog in Up).

Dun dun DUN. (music)

I totally agree with these ballpark estimates.

I would note that if my proposed public / private key account freeze page were implemented in the client, it would be virtually immune to a keylogger since the private part of the unfreeze key would be written down manually, and the one time it's typed in is to unlock the account anyway.  Presumably the user would send NXT out of a high value account and immediately refreeze it once the transaction was gone.

Tho just to stay paranoid, there's also screengrab loggers that could get a visual unfreeze private key in my scheme...

You can take bitcoin offline and put it in a safe deposit box with an airgap disconnected from the internet.  Not everybody does this, but IT IS AN AVAILABLE OPTION.  We need a similar available option.

Jl777 and I absolutely see eye to eye on all of this.

You are probably right - but you can't be sure.   And this difference between "probably right / probably safe" and "sure / certain" is the shadow of doubt that the public mind will seize upon that will hinder widespread adaptation of NXT.  Bitcoin will always be able to claim an air gap option that we will not.  Getting ahead of this with some form of account freeze blockchain option / two step authentication scheme is the right thing to do.

As long as I'm wishing for a shiny new security add-on that allows frozen accounts that would take NXT out of circulation, I would also note that tabulating from the blockchain just how much NXT was indeed frozen and OUT of circulation helps the market know just how much is IN circulation - and would be an upward pressure on NXT prices.

Dude, it's time to roll out the Nike slogan:  Just Do It.

Amen brother, preach on.  When the public realizes that a hacker attacking NXT isn't trying to break into a specific big account but is going after ALL ACCOUNTS SIMULTANEOUSLY INCLUDING THEIRS - I'm telling you, the psychology outweighs the math.  You've got to give them some way to do something that makes them feel more secure - and actually BE more secure - than the current brainwallet scheme that requires Faith In Math.

The public ain't got no stinkin' Faith In Math.

"It's like you guys are building a really high-performance car, and then criticizing the roads for being too bumpy and drivers for being unskilled. It's a great car, and it can do amazing things, but if it isn't adapted to the world as it is or drivers as they are (and not as you want them to be), then it will not have widespread adoption."

I agree.

OK, just to bubble this to the top again, I officially request that a function be implemented in the NXT client and server that allows an account to publicly declare in the blockchain that it is closed to withdrawals until further notice.  Until this notice is given and verified, all attempts to withdraw from this account are to be deemed invalid by whoever is processing the block with the withdrawal request.

This function would be implemented by accessing a special lock page in the client software where a fee would be assessed for utilizing this option.  Clicking on the "accept fee" key on this page does two things: (1) sends out a colored coin or equivalent containing the account number, the freeze notification, and the public half of an unfreeze code (2) displays for the user the private half of an unfreeze code that is to be copied down manually.

During the account lockdown freeze period, all pending transactions on the blockchain are compared against a list of locked accounts as part of the verification process.  If the withdrawal is against a frozen account, it is rejected as invalid.

To unfreeze the account, a user goes to a special unfreeze page in the client, enters the previously copied private key half generated during the original account locking, pays a fee, and sends a colored coin or equivalent containing the account number, the unfreeze notification, and the private half of the unfreeze code.  A server processing a block containing a colored account unlock code verifies the public / private keys unfreeze the account correctly and removes the specified account from the frozen list.  There may be a time delay while this information is propogated throughout the system and this delay would be accepted as part of the unfreeze process.  

This effectively would implement two factor authentication for sending NXT from a high-value account because the sender would need both the unfreeze code and the original account passphrase.

This scheme is NOT the same as transferring large sums to a new and seldom used NXT account for safekeeping.  Such an account still has an extremely small but non-zero probability of being opened via a brute force or lucky hit of its password, or of being keylogged or trojaned.  Publically announced frozen accounts have a zero chance of being drained.  This difference between extremely small chance and zero is huge in the public mind and will go a long way in making the general public accept the NXT always-online brainwallet concept.

Question one:  is this technically possible, yes or no.

[quote rickyjames=msin link=topic=345619.msg4255905#msg4255905 date=1388594564]
  We have to do more that just say, "Well, if you used a strong password, it wasn't hacked by brute force".
[/quote]

Yeah, these posts are just trolls, if you have a 35 character random password, you are not getting hacked.
[/quote]

If I say it again, do I start an infinite loop here?

I agree they probably didn't get brute force hacked - but it's theoretically possible.  Maybe somebody else hit the powerball jackpot - that's theoretically possible, however unlikely, too.  Keystroke loggers and Trojans are sure as hell possible.

Having an option to tell the world an account is locked for withdrawals, period, until further notice via a second one-use password, addresses these problems.  This option will address a public fear.  Calming public worries about NXT is good.  Let's do it.

No.  If it is a dual colored coin scheme, attempts to unlock the account for withdrawals are publically seen on the blockchain and can be monitored and throw up warnings that an account is under attack.  If somebody hits the powerball jackpot and gets into an account through a miskey of another password, that is a one-time private event that is all over in under a minute and nobody even realizes it has happened until the next time they open their account or check it on the block chain.

I understand the math on how unlikely it is that a miskeyed password could open the fattest wallet by accident.  This isn't about math.  It's about public psychology.  Saying as a programmer it isn't necessary ignores the popularity of Powerball in the public mind and the psychology bias it introduces against brain wallets.

The problem is that the "lucky gold strike" loophole for somebody else to hit this new account when miskeying their own password exists just like it exists for the old one.  Psychologically to the public this is always going to be perceived as a flaw because they don't understand how unlikely it is.  You haven't increased security one iota, you have only created a different winning lottery number.  

Publically announcing to the world not to accept withdrawals from an account until further notice via a second and completely different one-use-only password closes this loophole.  That will make a huge psychological difference to the public.  And I am telling you, for NXT to succeed with the public, irrational psychological issues are going to have to be addressed.

I want to tell the world to never accept a withdrawal from my NXT account.  To do this I click a button on my client and go to a special page.  I pay a NXT fee and the page generates two numbers, a public key and a private key.  I attach the public key to a colored coin.  THis is my announcement to the world to lock my account.  I copy down the private key and hide it for a year.  NXT goes to $500 per coin and I want to cash in.  I go back to my client and send my private key out on a second colored coin twinned with the first one.  Now I am making my private key public but I don't care, it's one-use-only.  The blockchain processing software matches the two colored coins, sees that they are a lock and key fit, and my account is now unlocked for the first time in a year for withdrawals.

This could work, right?  You would see any attempts to "pick the lock" as invalid colored coins with fake private unlock keys being injected into the system..

As a public key on a colored coin?  The private key could be attached to a second colored coin when used one time to unlock the account for withdrawals, after that it's invalid

How about this - you can pay a fee to tell the blockchain that no further withdrawals are to be accepted from this account for all future times, and upon payment of the fee you register a second 50+ character password that can be used in the future to inform the blockchain to reauthorize withdrawals from the subject account.

We gotta do something here.  There are multiple reports of people having their NXT wallets emptied when they didn't want it to be during the low volume alpha / beta operations shakedown of NXT.  We have to do more that just say, "Well, if you used a strong password, it wasn't hacked by brute force".

OK, using cellphone is not immediately feasible except as an add-on service later.  But I really do believe that some kind of hooks for a 2 factor authorization should be built into the code for transfers above a certain amount.  It would be slow because you would have to wait for the blockchain to generate the authorization code and get it back to you some minutes after you requested it, but I guarantee you that many users would pay extra fees for this to disallow transfers over a certain threshold without a blockchain generated authorization code.  I would pay for it right now.  

As programmers and math geeks, this seems unnecessary.  For public acceptance by high value users, it is mandatory or close to it.