There is an option to not use the auto-generated pass phrase, is this not what you want?  +1. One suggestion: can you always use "secret phrase" in the wording, instead of one time using "secret phrase" and another time using "password"? imho. Yeah, replace both with "passphrase" |
|
|
|
On "What happens to the static key if you lose your Yubikey?" You are only storing one part of your NXT Passphrase in the pseudo 2 factor authentication use case described. If lost, it cannot be used to gain access to your Nxt account without ALSO knowing the first part of the Nxt Passphrase (which user would memorize)
So you have to type the part that you memorized every time and rest is filled by Yubikey? I realize that Lastpass signs and encrypts locally before transmitting encrypted data. STILL, some security paranoid users may not feel comfortable with any option but LOCAL backup of private keys.
To each their own. I like having encrypted version backed up online, as I know I can access it even if everything in my house is stolen. As long as the master password is strong, I am not bothered with online back ups. I like it even better. |
|
|
|
Yubikey offers a Key Registration service that allows multiple keys to be remotely wiped at https://admin.yubico.com/yubirevoke/login.phpA Yubikey costs $30 and is worth far more than that to protect valuable digital assets. Lastpass uses a third party server verification and for the most security paranoid this is not acceptable. Wesleyh, can you code your login so that users can enter their OWN STRONG password so that the described Yubikey pseudo 2 factor authentication method can be used? I agree the Yubikey standard looks like an interesting option. (emphasis mine) I am still not sure Yubikey does anything. It's main purpose (as I understand it) is for 2 factor authentication (dynamic part of password that changes). By the way, does anyone know how you restore your Yubikey if you lose it? |
|
|
|
Yubikey offers a Key Registration service that allows multiple keys to be remotely wiped at https://admin.yubico.com/yubirevoke/login.phpA Yubikey costs $30 and is worth far more than that to protect valuable digital assets. Lastpass uses a third party server verification and for the most security paranoid this is not acceptable. Wesleyh, can you code your login so that users can enter their OWN STRONG password so that the described Yubikey pseudo 2 factor authentication method can be used? No, I meant what happens to the static password if you lose your Yubikey? How are you going to get your money out of Nxt account? That static key must be saved somewhere (as a back up). Wiping key doesn't help you to login to Nxt. So there must be a backup somewhere. Where is that backup? On Yubikey server? As for Lastpass, encryption is done locally on the computer. Only encrypted blob is sent to Lastpass server. |
|
|
|
To quote Eadeqa, "Huh? I never mentioned yubikey. I think that's for 2-factor authentication. It won't even work with Nxt as Nxt is local login to NRS. "
Yubikey has a second slot for a user programmed static password. The second slot is not involved with 2-factor authentication by server.
What happens to static password if you lose Yubikey? Yubikey costs money. Given small Nxt community you probably will be the only one who will use it. There is much easier (and free) solution to make it easier. Use Lastpass browser plugin https://lastpass.com/Then you don't have to type anything as Lastpass will autofill the password. Plus you can use Yubikey (as it was intended for 2 factor authentication) with Lastpass. |
|
|
|
optical, bidji29. i think you are (we all are) biased because we know this shit for a long time. what the fuck is a wallet file. but a password, hell, everybody knows that.
But newbie don't even need to know there is a wallet.dat when they first launch the client. They directly have an account and can send NXT on it. It's an easier solution. This is dangerous. They need to know where it is so they can back it up for future use (different computer, hard drive crashes, etc). Otherwise, just leave it as it is. They just need to save the generated passphrase. They won't be able to login without the passphrase, so it's safe to assume they saved it. |
|
|
|
This good enough for a start page? Shown ONLY ONCE to the user, afterwards it's back to the secret phrase input box being shown by default.  I think that's perfect. Lets integrate this with next NRS release as default client. |
|
|
|
I have a question about this.
If the password cracker knows what dictionary you are using, couldn't they just make a database of these words and cycle through every possible combination of said words instead of cycling through letter by letter?
Yes, and now calculate the combinations and come back with the number  I have not the math skills to do even this. 1600 * 10 = 16,000 It's 12 words (not 10), so it's 1626 * 1626 * 1626 * 1626 * 1626 * 1626 * 1626 * 1626 * 1626 * 1626 * 1626 * 1626 |
|
|
|
I have a question about this.
If the password cracker knows what dictionary you are using, couldn't they just make a database of these words and cycle through every possible combination of said words instead of cycling through letter by letter?
Yes, and now calculate the combinations and come back with the number Since it's open source, everyone knows the dictionary https://raw.github.com/spesmilo/electrum/master/lib/mnemonic.pyThe security shouldn't be based on "secrecy" . It's secure as 12 words from 1626 word choices is equal to 2^128 possible combination. |
|
|
|
Wesleyh, Good work on the nxtra.org client. I would like to be able to use my yubikey with a random static password that I append to a phrase. If the random number generator is required that may not be possible. Thoughts? I bring forward a motion for Jean-Luc to modify the NRS client to check string length of the passphrase and reject it if less than 15 characters AND it has zero transactions. (dont want to lock out any people that do have NXT with a 15 char password)
Here's my new logic for my client http://nxtra.org/nxt-client (to be available later today, not yet uploaded) Start page:  Can we get only "Login" and "Register" links here without the field to enter any random password as first option? I have no idea how a yubikey works, sorry. Huh? I never mentioned yubikey. I think that's for 2-factor authentication. It won't even work with Nxt as Nxt is local login to NRS. |
|
|
|
Curve2519 is "only" 128 bit strong (2^128) (10^38)
Even worse. It's 126-bit strong. Even more reasons not to force users to use stronger passwords than required. 12 words from 1626 dictionary is 128-bit strength. No one is cracking it anytime soon -- if at all, as long as the random number generated is secure and working fine. |
|
|
|
In the future will able to bruteforce the password (most computers are strong, they will do many calculations)
If in future computers can crack 128-bit passwords (highly unlikely), they might just as well attack curve25519 (much easier to crack) than random passwords. |
|
|
|
electrum database. (1626 words)
Perfect. hm, I'm not sure if that is perfect... 35 random characters (let's say from 50 different characters, numbers and signs) gives 10^59 possibilities. 12 words (or characters) out of 1626 are "only" 10^38 possibilites... What do you mean "only" 10^59". That's more than 128-bits Curve2519 is "only" 128 bit strong (2^128) (10^38) There is no point in using a stronger password than 128 bits. If the attacker can crack 128-bit, they might just as well crack Curve2519 than cracking the password (your public key is available on the blockchain) 128-bit cannot be brute forced http://en.wikipedia.org/wiki/Brute-force_attackThere is a physical argument that a 128-bit symmetric key is computationally secure against brute-force attack. The so-called Landauer limit implied by the laws of physics sets a lower limit on the energy required to perform a computation of kT · ln 2 per bit erased in a computation, where T is the temperature of the computing device in kelvins, k is the Boltzmann constant, and the natural logarithm of 2 is about 0.693. No irreversible computing device can use less energy than this, even in principle.[2] Thus, in order to simply flip through the possible values for a 128-bit symmetric key (ignoring doing the actual computing to check it) would theoretically require 2128 − 1 bit flips on a conventional processor. If it is assumed that the calculation occurs near room temperature (~300 K) the Von Neumann-Landauer Limit can be applied to estimate the energy required as ~1018 joules, which is equivalent to consuming 30 gigawatts of power for one year. This is equal to 30×109 W×365×24×3600 s = 9.46×1017 J or 262.7 TWh (more than 1/100th of the world energy production).[citation needed] The full actual computation – checking each key to see if you have found a solution – would consume many times this amount. Furthermore, this is simply the energy requirement for cycling through the key space; the actual time it takes to flip each bit is not considered, which is certainly greater than 0. |
|
|
|
I bring forward a motion for Jean-Luc to modify the NRS client to check string length of the passphrase and reject it if less than 15 characters AND it has zero transactions. (dont want to lock out any people that do have NXT with a 15 char password)
Here's my new logic for my client http://nxtra.org/nxt-client (to be available later today, not yet uploaded) Start page: Can we get only "Login" and "Register" links here without the field to enter any random password as first option? After clicking "Login" then the user will be able to enter the old password. Also, I think if the user chooses his own password, 35 is way too long. Maybe drop that to 25 |
|
|
|
... my point here is that the NXT client is really un-user-friendly. I like the idea of having ur password as your login, but most users are not accustomed to such a system. the NXTcoin teams needs to seriously educate users properly about how to manage the wallet etc.
- didn't you read this If opening a new account, please note:
A simple passphrase will certainly result in your NXT being stolen! Do not use any phrase that appears in any printed or online material, no matter how long or obscure. A secure passphrase will be at least 35 characters long and consist of random letters, numbers, and special characters, or a meaningless combination of 10 random words. when you create your account? People don't read everything if anything at all when signing up on sites or entering passwords. Just adding some text doesn't resolve this problem. |
|
|
|
But if we partially save the password and the users just have to remember a Pin code. There will be no problems.
The password can be saved to the hard drive encrypted by user's own password. That user password doesn't have to be very strong. Though the the user has to be careful to backup the file, in case of hard drive crash. |
|
|
|
wesleys client:
Is there any way to display also the forging transactions like in NRS?
Yes, will add this later on. Wesleyh, I understand your client is going to be the official client that will replace NRS at nxtcrypto.org this week. About passwords: It might be included already, but it is obvious we need something like a series of prompts to make sure new users use a long password. We don't need "prompts". Some people will never use strong passwords. And some will not even understand why the password is weak. We need a client that creates password for the user by default. Don't give user easy option to make their own password or you will continue to see this problem every month. |
|
|
|
Sure, but I think it's all unnecessary. Why not just call SecureRandom 12 times to pick 12 random numbers (range 0 to 1625 ). You can use that to choose 12 random words from array. That will be pretty simple and no security/implementation complications. The words would be chosen randomly and entropy would be 128-bit.
Thats how I did it already. Your approach intrigues me because I don't know how to do that, I dont like that  Microsoft patent actually describes how to represent any number as words (1626) https://www.google.com/patents/US5892470 In this example, the number is 3,481,269,321. The table of words contains 1626 words, which are indexed from 0 to 1625. To encode this number, the ME system divides the number by the radix, 1626, which yields an integer quotient of 2,141,002 and a remainder of 69 (line 102). The ME system then uses the remainder as an index into the table and retrieves the indexed word, which is "BUS." The system sets the mnemonic encoding to that indexed word. The ME system then divides the integer quotient by the radix, 1626, which yields a new integer quotient of 1316 and a remainder of 1186 (line 103). The ME system then uses the remainder 1186 as an index into the table and retrieves the indexed word, which is "ART." The ME system then adds the word as the left-most word of the mnemonic encoding, which is now "ART BUS." The ME system then divides the integer quotient by the radix 1626, which yields a new integer quotient of 0 and a remainder of 1316 (line 104). The ME system uses the remainder 1316 as an index into the table and retrieves the indexed word, which is "DRUM." The ME system then adds the word "DRUM" as the left-most word of the mnemonic encoding, which is now "DRUM ART BUS." Since the integer quotient is zero, the encoding is complete. To decode the mnemonic encoding of "DRUM ART BUS," the ME system initializes the number that is represented by the mnemonic encoding to zero (line 105). The ME system then removes the left-most word from the encoding, which is "DRUM." The ME system then determines the index for that word in the table. Since the index of that word is 1316, the ME system sets the resultant number to the value 1316 (line 106). The ME system then again removes the left-most word of the current encoding, which is "ART." The ME system then determines the index for that word in the table, which is 1186. The ME system then sets the value of the resultant number to 2,141,002, which is the sum of the index (1186) and of the resultant number (1316) times the radix (1626) (line 107). The ME system then removes the left-most word from the encoding, which is "BUS." The ME system then determines the index of that word in the table, which is 69 (line 108). The ME system then sets the resultant number to 3,481,269,321, which is the sum of the index (69) and of the resultant number (2,141,002) times the radix (1626). Since the encoding is now empty, the current value of the resultant number represents the number for the mnemonic encoding. Each word in the mnemonic encoding corresponds to a radix position in the numbering system. For example, the mnemonic encoding "DRUM ART BUS," which has indices 1316, 1186, and 69, respectively, represents the number that is the result of 1316 * 1626.sup.2 +1186 * 1626.sup.1 +69 * 1626.sup.0. |
|
|
|
think of 1626 words as numbers (base 1626)
1. word1
2. word2
3. word3
.
.
.
1626 word1626
so number 1627 would be equal to word1626word1
You can generate a 128-bit number (totally secure using secure random) and then convert it into words
I don't see how there can be any flaw in that implementation, as the original 128-bit was generated with secure random and it is only represented as words
This would be same as representing a binary number as hex or decimal.
The password made with that implementation can't be any weaker than 128-bit just as converting decimal number to hex doesn't make it weaker
Just out of curiosity. Could you give a brief example, I don't immediately see how to implement this. Sure, but I think it's all unnecessary. Why not just call SecureRandom 12 times to pick 12 random numbers (range 0 to 1625 ). You can use that to choose 12 random words from array. That will be pretty simple and no security/implementation complications. The words would be chosen randomly and entropy would be 128-bit. |
|
|
|
I have not heard that before, please do point at any references if you know of any. If it is true it should not be used, you are right.
In that case rand.nextInt(ARRAY.length) would be the safer bet.
I don't have a reference, but say you want to map a random value R between 0 and 15 to a value P between 0 and 9 and use P=(R modulo 10): R P
0 0
1 1
2 2
3 3
4 4
5 5
6 6
7 7
8 8
9 9
10 0
11 1
12 2
13 3
14 4
15 5
As you see, having the input value R completely random, doesn't mean that P is as random, since you will get values 0 to 5 twice as often as values 6 to 9. I picked the example to show the problem. With the very large ranges for R (e.g. integer) and very small ranges for P (e.g. 0 to 8191), the problem might just be a very theoretical one. think of 1626 words as numbers (base 1626) 1. word1 2. word2 3. word3 . . . 1626 word1626 so number 1627 would be equal to word1626word1 You can generate a 128-bit number (totally secure using secure random) and then convert it into words I don't see how there can be any flaw in that implementation, as the original 128-bit was generated with secure random and it is only represented as words This would be same as representing a binary number as hex or decimal. The password made with that implementation can't be any weaker than 128-bit just as converting decimal number to hex doesn't make it weaker This by the way means only 12 words are needed to convert any 128-bit number into words |
|
|
|
|
Show Posts
