|
opticalcarrier
|
 |
February 19, 2014, 05:31:33 PM |
|
Best case is to wait for a javascript client that signs outbound transactions and polls public nodes for inbound transactions. We REALLY need this, if this comes out....price will skyrocket.
Umm isn't that what my client does ? http://nxtra.org/nxt-client (ok, it doesn't yet sign outbound transactions, but it's on my todo list :-)) right, what I mean is the ability to have a wallet where your passphrase is kept completely local. a system with no trust. |
|
|
|
|
|
wesleyh
|
|
February 19, 2014, 05:32:27 PM |
|
Best case is to wait for a javascript client that signs outbound transactions and polls public nodes for inbound transactions. We REALLY need this, if this comes out....price will skyrocket.
Umm isn't that what my client does ? http://nxtra.org/nxt-client (ok, it doesn't yet sign outbound transactions, but it's on my todo list :-)) right, what I mean is the ability to have a wallet where your passphrase is kept completely local. a system with no trust. Yes well that's what my wallet will do (it will be downloadable, not just on the web) |
|
|
|
|
ChuckOne
Sr. Member
 Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
|
February 19, 2014, 05:33:06 PM |
|
Guys I have been thinking (<- typical  ). If I am mining with alot of nxt and I wasn to send a transaction but I am okay if it takes the whole day to include, How about I DONT broadcast my transactions and just try to generate a block with my transactions + others. So whenever I find a block I will actually be sending NXT for free. Is there any major flaws in this logic, I mean can anyone here point them out because sure there are plenty  . - Lophie When TF is extended to group forging then you might loose the race and therefore your fees. |
|
|
|
|
msin
Legendary
Offline
Activity: 1484
Merit: 1006
|
|
February 19, 2014, 05:33:43 PM |
|
Don't trust online wallets.
THIS THIS THIS. you can never fully trust online wallets! EVEN IF they have SSL certs! By trusting an online wallet you are trusting anyone who has access to the server. Do you know how many people that is? If its a VPS its even worse! Best case is to wait for a javascript client that signs outbound transactions and polls public nodes for inbound transactions. We REALLY need this, if this comes out....price will skyrocket. Umm isn't that what my client does ? http://nxtra.org/nxt-client (ok, it doesn't yet sign outbound transactions, but it's on my todo list :-)) Great.  We would love to see it. ChuckOne, hope you don't mind, but I added your name for Nxt Technical Committee for unreleased funds. |
|
|
|
|
|
lophie
|
|
February 19, 2014, 05:34:35 PM |
|
Guys I have been thinking (<- typical ). If I am mining with alot of nxt and I wasn to send a transaction but I am okay if it takes the whole day to include, How about I DONT broadcast my transactions and just try to generate a block with my transactions + others. So whenever I find a block I will actually be sending NXT for free. Is there any major flaws in this logic, I mean can anyone here point them out because sure there are plenty . - Lophie When TF is extended to group forging then you might loose the race and therefore your fees. How?  I will not even broadcast them! |
Will take me a while to climb up again, But where is a will, there is a way...
|
|
|
msin
Legendary
Offline
Activity: 1484
Merit: 1006
|
|
February 19, 2014, 05:34:47 PM |
|
Best case is to wait for a javascript client that signs outbound transactions and polls public nodes for inbound transactions. We REALLY need this, if this comes out....price will skyrocket.
Umm isn't that what my client does ? http://nxtra.org/nxt-client (ok, it doesn't yet sign outbound transactions, but it's on my todo list :-)) right, what I mean is the ability to have a wallet where your passphrase is kept completely local. a system with no trust. Yes well that's what my wallet will do (it will be downloadable, not just on the web) Will it be open source? |
|
|
|
|
|
abuelau
|
|
February 19, 2014, 05:35:03 PM |
|
In short:
1) Nxt Account Private Keys are 50 chars randomly generated by cryptographic standard algorithm
2) Keys are AES 256 encrypted twice. One time using a site-wide private AES key and one time using the user's salted password.
3) Only SSL is allowed through the site
If an attacker ever gets on hold of my database, they won't be able to decrypt the account private keys without having both the user password AND the site-wide AES private key.
No system is 100% safe, we all know this. But I think this wallet is much safer than simply using brain wallets (as it is today). Humans are not very good in creating and then storing truly random passwords.
Sounds good. What is the cryptographic standard algorithm for creating the passwords? Linux's urandom whch uses environmental noise from drivers to generate truly random numbers. Thank you. This should be the certificate fingerprints: sha-256: 15 0B D5 E2 89 C9 73 4A D5 89 29 07 10 28 22 F4 4B 8F 9B 72 90 B9 58 AF 47 73 E7 98 7B BD 0C 79 sha-1: 88 5F 57 E9 93 51 F9 48 96 9F 1A 31 A6 B9 93 C9 8E 28 3E A0 issued on 2/2/14 expires on 2/3/15 I think that should be enough data for everyone to decide whether they trust you and the security of the server. Am I right that the physical device is in the cloud? yes, thanks. What do you mean by "device is in the cloud"? |
|
|
|
martismartis
Legendary
Offline
Activity: 1162
Merit: 1005
|
|
February 19, 2014, 05:35:16 PM |
|
Just to inform, 0.7.6 runs smoothly on Android TV stick public node. For a while Picuntu? Please share hardware and software information, I am VERY interested... I bricked a stick for this... Ubuntu 13.10 in Android, TV stick with RK3066 chip |
|
|
|
|
|
wesleyh
|
|
February 19, 2014, 05:35:42 PM |
|
Best case is to wait for a javascript client that signs outbound transactions and polls public nodes for inbound transactions. We REALLY need this, if this comes out....price will skyrocket.
Umm isn't that what my client does ? http://nxtra.org/nxt-client (ok, it doesn't yet sign outbound transactions, but it's on my todo list :-)) right, what I mean is the ability to have a wallet where your passphrase is kept completely local. a system with no trust. Yes well that's what my wallet will do (it will be downloadable, not just on the web) Will it be open source? Of course. |
|
|
|
|
ChuckOne
Sr. Member
Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
|
February 19, 2014, 05:35:45 PM |
|
ChuckOne, hope you don't mind, but I added your name for Nxt Technical Committee for unreleased funds.
I do not mind. I am not sure how this committee will work, though. Let us see. |
|
|
|
|
pinarello
Full Member
Offline
Activity: 266
Merit: 100
NXT is the future
|
|
February 19, 2014, 05:36:15 PM |
|
committee members: if no objection these project will be granted a bounty, please have a look. |
|
|
|
pinarello
Full Member
Offline
Activity: 266
Merit: 100
NXT is the future
|
|
February 19, 2014, 05:37:04 PM |
|
ChuckOne, hope you don't mind, but I added your name for Nxt Technical Committee for unreleased funds.
I do not mind. I am not sure how this committee will work, though. Let us see. why shouldnt it work? |
|
|
|
|
wesleyh
|
|
February 19, 2014, 05:38:02 PM |
|
ChuckOne, hope you don't mind, but I added your name for Nxt Technical Committee for unreleased funds.
I do not mind. I am not sure how this committee will work, though. Let us see. why shouldnt it work? Would be better with 3 subforums, and 1 thread per suggested project. Too much in 1 thread now (like here). |
|
|
|
|
ChuckOne
Sr. Member
Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
|
February 19, 2014, 05:38:09 PM |
|
In short:
1) Nxt Account Private Keys are 50 chars randomly generated by cryptographic standard algorithm
2) Keys are AES 256 encrypted twice. One time using a site-wide private AES key and one time using the user's salted password.
3) Only SSL is allowed through the site
If an attacker ever gets on hold of my database, they won't be able to decrypt the account private keys without having both the user password AND the site-wide AES private key.
No system is 100% safe, we all know this. But I think this wallet is much safer than simply using brain wallets (as it is today). Humans are not very good in creating and then storing truly random passwords.
Sounds good. What is the cryptographic standard algorithm for creating the passwords? Linux's urandom whch uses environmental noise from drivers to generate truly random numbers. Thank you. This should be the certificate fingerprints: sha-256: 15 0B D5 E2 89 C9 73 4A D5 89 29 07 10 28 22 F4 4B 8F 9B 72 90 B9 58 AF 47 73 E7 98 7B BD 0C 79 sha-1: 88 5F 57 E9 93 51 F9 48 96 9F 1A 31 A6 B9 93 C9 8E 28 3E A0 issued on 2/2/14 expires on 2/3/15 I think that should be enough data for everyone to decide whether they trust you and the security of the server. Am I right that the physical device is in the cloud? yes, thanks. What do you mean by "device is in the cloud"? Hmm, is the server a virtual one hosted by Amazon or is it plain metal in your grand-mother's garage? We don't specifics but to have everyone informed about the physical position of the server. |
|
|
|
|
ChuckOne
Sr. Member
Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
|
February 19, 2014, 05:38:58 PM |
|
ChuckOne, hope you don't mind, but I added your name for Nxt Technical Committee for unreleased funds.
I do not mind. I am not sure how this committee will work, though. Let us see. why shouldnt it work? How. Not why.  |
|
|
|
|
|
lophie
|
|
February 19, 2014, 05:41:43 PM |
|
Guys I personally volunteer to fund http://nxtra.org/nxt-client/. I am waiting for his response. |
Will take me a while to climb up again, But where is a will, there is a way...
|
|
|
|
abuelau
|
|
February 19, 2014, 05:43:15 PM |
|
In short:
1) Nxt Account Private Keys are 50 chars randomly generated by cryptographic standard algorithm
2) Keys are AES 256 encrypted twice. One time using a site-wide private AES key and one time using the user's salted password.
3) Only SSL is allowed through the site
If an attacker ever gets on hold of my database, they won't be able to decrypt the account private keys without having both the user password AND the site-wide AES private key.
No system is 100% safe, we all know this. But I think this wallet is much safer than simply using brain wallets (as it is today). Humans are not very good in creating and then storing truly random passwords.
Sounds good. What is the cryptographic standard algorithm for creating the passwords? Linux's urandom whch uses environmental noise from drivers to generate truly random numbers. Thank you. This should be the certificate fingerprints: sha-256: 15 0B D5 E2 89 C9 73 4A D5 89 29 07 10 28 22 F4 4B 8F 9B 72 90 B9 58 AF 47 73 E7 98 7B BD 0C 79 sha-1: 88 5F 57 E9 93 51 F9 48 96 9F 1A 31 A6 B9 93 C9 8E 28 3E A0 issued on 2/2/14 expires on 2/3/15 I think that should be enough data for everyone to decide whether they trust you and the security of the server. Am I right that the physical device is in the cloud? yes, thanks. What do you mean by "device is in the cloud"? Hmm, is the server a virtual one hosted by Amazon or is it plain metal in your grand-mother's garage? We don't specifics but to have everyone informed about the physical position of the server. It's an Amazon AWS EC2, I have a lot of experience working with AWS. |
|
|
|
|
lophie
|
|
February 19, 2014, 05:43:27 PM |
|
Just to inform, 0.7.6 runs smoothly on Android TV stick public node. For a while Picuntu? Please share hardware and software information, I am VERY interested... I bricked a stick for this... Ubuntu 13.10 in Android, TV stick with RK3066 chip would you be nice enough to post a few pics, usually the chip name doesnt come on the package, I just want to know how it looks so when I go search for it I would know, thank you. |
Will take me a while to climb up again, But where is a will, there is a way...
|
|
|
|
swartzfeger
|
|
February 19, 2014, 05:45:01 PM
Last edit: February 19, 2014, 06:34:30 PM by swartzfeger |
|
Just a quick update for those not following the other thread: Nxtopia bounty has broken the 21,000 NXT mark after receiving our latest donation from msin. -- Nxtopia -- MMORPG built on-top of the NXT networkcurrent bounty: 21,000 NXT5000 - jl777 1000 - swartzfeger (Transaction id: 12550164158045962834) 3000 - chanc3r (Transaction id: 5658009271669858297) 1000 - MyZhre (Transaction id: 8826881503135433086) 3000 - Damelon (Transaction id: 17094914052077797717) 1000 - DrearyUrbanite (Transaction id: 5539495976647418930) 1000 - brooklynbtc (Transaction id: ) 0500 - rdanneskjoldr (Transaction id: 91193539943795488) 5000 - msin (Transaction id: ) 0500 - EvilDave (Transaction id: ) This is an opportunity to support an online game that leverages many of Nxt's advanced features, one of the highlights being a user-driven crafting economy. Donations can be sent to 13776816462073143763; please include tx id so I can include it when updating this post and making it easier for James to keep track of incoming transactions. We're also considering implementing a kickstarter-style tier system for bounty donators. These would be cosmetic rewards that wouldn't be available after game launch. Something like: 10 NXT - badge 100 NXT - cap 1000 NXT - cape 10000 NXT - beta access (?) Depending on how we handle character death/respawning, these items may be also confer a quicker resurrection. |
|
|
|
|
ChuckOne
Sr. Member
Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
|
February 19, 2014, 05:45:08 PM |
|
It's an Amazon AWS EC2, I have a lot of experience working with AWS.
Great. That should be it. Regardless of the issues presented above. I think you did a great service to NXT. Have you already been supported/funded by some of these committees? |
|
|
|
|
|
