Bitcoin Forum
April 18, 2021, 12:38:42 AM *
News: Latest Bitcoin Core release: 0.21.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 ... 2076 2077 2078 2079 2080 2081 2082 2083 2084 2085 2086 2087 2088 2089 2090 2091 2092 2093 2094 2095 2096 2097 2098 2099 2100 2101 2102 2103 2104 2105 2106 2107 2108 2109 2110 2111 2112 2113 2114 2115 2116 2117 2118 2119 2120 2121 2122 2123 2124 2125 [2126] 2127 2128 2129 2130 2131 2132 2133 2134 2135 2136 2137 2138 2139 2140 2141 2142 2143 2144 2145 2146 2147 2148 2149 2150 2151 2152 2153 2154 2155 2156 2157 2158 2159 2160 2161 2162 2163 2164 2165 2166 2167 2168 2169 2170 2171 2172 2173 2174 2175 2176 ... 2560 »
  Print  
Author Topic: NXT :: descendant of Bitcoin - Updated Information  (Read 2760180 times)
jl777
Legendary
*
Offline Offline

Activity: 1176
Merit: 1090


View Profile WWW
March 09, 2014, 11:45:57 PM
 #42501


Why shouldn't it be?

But it is very unlikely that somebody has control over this account.

What are the chances?
getAccountPublicKey.10388 {"errorCode":5,"errorDescription":"Unknown account"}


If somebody knows the key, they havent used it yet

http://www.digitalcatallaxy.com/report2015.html
100+ page annual report for SuperNET
1618706323
Hero Member
*
Offline Offline

Posts: 1618706323

View Profile Personal Message (Offline)

Ignore
1618706323
Reply with quote  #2

1618706323
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
pandaisftw
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
March 09, 2014, 11:50:37 PM
 #42502

Still catching up to the thread (at least 20 pages behind), but reiterating what I said earlier:

Now that I think about it, parallel chains is a very nice way to achieve the 1000 TPS goal. It is highly unlikely that everyone needs to use all the parallel chains at once, so by providing many, many chains, people would only have to secure the ones they are interested in. NXT as a whole could have 1000 TPS, but a regular user would probably only need to secure at most 100 TPS on the chains he/she is interested in.

It is unlikely someone in India using NXTIndia will need to secure the NXTChina parallel chain (although both would secure the master chain). So with just 10 countries using NXT at 100 TPS, you got your 1000 TPS without the entire network having to have super-mega-fast internet speeds.

Add in specialized services with their own chain, and this number could be much higher than 1000 TPS.

Pandaisftw

Why are people so concerned with a single "super-duper-high-speed-secured-by-super-hubs"-chain?

100 parallel chains at 10 TPS each is equivalent to 1 chain at 1000 TPS.
10 TPS can be done easily with even the lowest-end hardware and internet connections.

Case 1 (Assumptions):
These chains use NXT as their base currency, and the total NXT between all of these chains remains 1 bil.
There is a way for NXT to transfer across chains without having to create new NXT or destroying NXT (presumably atomic transactions). If not, why can't NXT transactions have a "chain-destination" field, allowing seamless cross-NXTchain transactions?

Case 2:
Even if Case 1 is not true, then each chain would simply have it's own "coin", but still secured by the master chain, thus part of the NXT ecosystem.

Why is this practical? Because no one needs to use all 100 chains at once. People only need to secure the chains they use (in addition to the master chain) - think NXTUSA or NXTChina. Thus, there is less waste (infrastructure costs) than creating a single chain that can do 1000 TPS, but only during spike periods. It may only do 100 TPS normally, or even less. And then there's the fact that only super-hubs (centralization) can secure this network. By letting people choose what chains they want to secure, this gives nodes the flexibility to support as many chains as their hardware and bandwidth allows. Therefore, average users with Pi's can support maybe 10 chains, while those running VPSs with high bandwidth connections can support hundreds. They can also dynamically allocate their resources depending on network load via switching chains they support.

This also gives us the flexibility to go beyond 1000 TPS without needing to upgrade any hardware or internet speeds. More users = more chains = more users to support more chains.

Additionally, more chains means less bloat per chain. A single 1000 TPS chain would have immense bloat, and would have to be trimmed at a rapid pace. Imagine trying to catch up to a 1000 TPS chain, the chain will be rapidly growing while you're trying to download it. At this rate, the chain would be growing at 460 megabytes per hour. With many, many parallel chains, you would only have to worry about the blockchains you are securing. So a raspi user securing 10 chains at 10 TPS each would only need to worry about 100 TPS worth of bloat... much more manageable.

So I'll ask again, why is there a need for a single 1000 TPS chain when you can have hundreds of 10 TPS chains?

NXT: 13095091276527367030
crazybonkers
Member
**
Offline Offline

Activity: 75
Merit: 10


View Profile
March 09, 2014, 11:51:51 PM
Last edit: March 10, 2014, 12:11:26 AM by crazybonkers
 #42503

He has 2100 followers...

https://i.imgur.com/fud4JGC.jpg

We know that a weak password is the user's responsibility, but it's also true that the current base client is not user friendly in that sense, at all. Regardless, in this case, contacting @onemanatatime, finding the related blockchain information and trying to perhaps partially or fully compensate the leeching would be a VERY smart PR move.

Edit: I just saw the amounts. 400K+. I'm sorry for him, but buying and transferring that amount without doing your homework is beyond reckless.

  

I agree his actions are beyond reckless, but HIS ACTIONS ARE KILLING NXT.  When one guy loses 20% of his portfolio on NXT due to poor password security and tweets it out to *** 2100 *** followers, WE JUST LOST 2100 PEOPLE WHO WON'T TOUCH NXT NOW.  

THIS IS A DISASTER.

WE COULD HAVE AVOIDED THIS DISASTER  IF WE HAD IMPLEMENTED INTEGRATED AUTOMATIC STRONG PASSWORD GENERATION IN ALL CLIENTS A MONTH AGO.

ARE WE IN AGREEMENT TO IMPLEMENT IT ACROSS THE BOARD NOW?




I agree. Developers must make the clients as easy and as fool proof as possible for the unaware user who doesn't quite grasp how important a very long passphrase is when using Nxt brain wallet.  
+infinity



YinCoin YangCoin ☯☯First Ever POS/POW Alternator! Multipool! ☯ ☯ http://yinyangpool.com/ 
Free Distribution! https://bitcointalk.org/index.php?topic=623937
Bwincoin - 100% Free POS. BGMvuxaH47mwfQJ7iZ6tgJipB1XQLRhFCP
jl777
Legendary
*
Offline Offline

Activity: 1176
Merit: 1090


View Profile WWW
March 09, 2014, 11:59:29 PM
 #42504

Still catching up to the thread (at least 20 pages behind), but reiterating what I said earlier:

Now that I think about it, parallel chains is a very nice way to achieve the 1000 TPS goal. It is highly unlikely that everyone needs to use all the parallel chains at once, so by providing many, many chains, people would only have to secure the ones they are interested in. NXT as a whole could have 1000 TPS, but a regular user would probably only need to secure at most 100 TPS on the chains he/she is interested in.

It is unlikely someone in India using NXTIndia will need to secure the NXTChina parallel chain (although both would secure the master chain). So with just 10 countries using NXT at 100 TPS, you got your 1000 TPS without the entire network having to have super-mega-fast internet speeds.

Add in specialized services with their own chain, and this number could be much higher than 1000 TPS.

Pandaisftw

Why are people so concerned with a single "super-duper-high-speed-secured-by-super-hubs"-chain?

100 parallel chains at 10 TPS each is equivalent to 1 chain at 1000 TPS.
10 TPS can be done easily with even the lowest-end hardware and internet connections.

Case 1 (Assumptions):
These chains use NXT as their base currency, and the total NXT between all of these chains remains 1 bil.
There is a way for NXT to transfer across chains without having to create new NXT or destroying NXT (presumably atomic transactions). If not, why can't NXT transactions have a "chain-destination" field, allowing seamless cross-NXTchain transactions?

Case 2:
Even if Case 1 is not true, then each chain would simply have it's own "coin", but still secured by the master chain, thus part of the NXT ecosystem.

Why is this practical? Because no one needs to use all 100 chains at once. People only need to secure the chains they use (in addition to the master chain) - think NXTUSA or NXTChina. Thus, there is less waste (infrastructure costs) than creating a single chain that can do 1000 TPS, but only during spike periods. It may only do 100 TPS normally, or even less. And then there's the fact that only super-hubs (centralization) can secure this network. By letting people choose what chains they want to secure, this gives nodes the flexibility to support as many chains as their hardware and bandwidth allows. Therefore, average users with Pi's can support maybe 10 chains, while those running VPSs with high bandwidth connections can support hundreds. They can also dynamically allocate their resources depending on network load via switching chains they support.

This also gives us the flexibility to go beyond 1000 TPS without needing to upgrade any hardware or internet speeds. More users = more chains = more users to support more chains.

Additionally, more chains means less bloat per chain. A single 1000 TPS chain would have immense bloat, and would have to be trimmed at a rapid pace. Imagine trying to catch up to a 1000 TPS chain, the chain will be rapidly growing while you're trying to download it. At this rate, the chain would be growing at 460 megabytes per hour. With many, many parallel chains, you would only have to worry about the blockchains you are securing. So a raspi user securing 10 chains at 10 TPS each would only need to worry about 100 TPS worth of bloat... much more manageable.

So I'll ask again, why is there a need for a single 1000 TPS chain when you can have hundreds of 10 TPS chains?
Could the network automatically adapt and support the chains that they are able to? I doubt most users will know enough to properly select what chains to support. If the network can be smart and reallocate resources where it is needed, then that would be really cool. semi-intelligent emergent behavior?

http://www.digitalcatallaxy.com/report2015.html
100+ page annual report for SuperNET
SZZT
Sr. Member
****
Offline Offline

Activity: 273
Merit: 250


View Profile
March 10, 2014, 12:02:07 AM
 #42505

+1
User end = paralytic amoeba

+1

1HceYnNAUv5zBjJUhEncmmvxU1C7yjWoX8
jl777
Legendary
*
Offline Offline

Activity: 1176
Merit: 1090


View Profile WWW
March 10, 2014, 12:06:01 AM
 #42506

He has 2100 followers...

https://i.imgur.com/fud4JGC.jpg

We know that a weak password is the user's responsibility, but it's also true that the current base client is not user friendly in that sense, at all. Regardless, in this case, contacting @onemanatatime, finding the related blockchain information and trying to perhaps partially or fully compensate the leeching would be a VERY smart PR move.

Edit: I just saw the amounts. 400K+. I'm sorry for him, but buying and transferring that amount without doing your homework is beyond reckless.

  

I agree his actions are beyond reckless, but HIS ACTIONS ARE KILLING NXT.  When one guy loses 20% of his portfolio on NXT due to poor password security and tweets it out to *** 2100 *** followers, WE JUST LOST 2100 PEOPLE WHO WON'T TOUCH NXT NOW. 

THIS IS A DISASTER.

WE COULD HAVE AVOIDED THIS DISASTER  IF WE HAD IMPLEMENTED INTEGRATED AUTOMATIC STRONG PASSWORD GENERATION IN ALL CLIENTS A MONTH AGO.

ARE WE IN AGREEMENT TO IMPLEMENT IT ACROSS THE BOARD NOW?




I agree. Developers must make the clients as easy and as fool proof as possible for the unaware user who doesn't quite grasp how important a very long passphrase is when using Nxt brain wallet.  
+infinity
I suggested to Wesley adding a reverse steganographic password generator combined with PIN
I think that makes it super easy.

http://www.digitalcatallaxy.com/report2015.html
100+ page annual report for SuperNET
crazybonkers
Member
**
Offline Offline

Activity: 75
Merit: 10


View Profile
March 10, 2014, 12:11:54 AM
 #42507

He has 2100 followers...

https://i.imgur.com/fud4JGC.jpg

We know that a weak password is the user's responsibility, but it's also true that the current base client is not user friendly in that sense, at all. Regardless, in this case, contacting @onemanatatime, finding the related blockchain information and trying to perhaps partially or fully compensate the leeching would be a VERY smart PR move.

Edit: I just saw the amounts. 400K+. I'm sorry for him, but buying and transferring that amount without doing your homework is beyond reckless.

  

I agree his actions are beyond reckless, but HIS ACTIONS ARE KILLING NXT.  When one guy loses 20% of his portfolio on NXT due to poor password security and tweets it out to *** 2100 *** followers, WE JUST LOST 2100 PEOPLE WHO WON'T TOUCH NXT NOW. 

THIS IS A DISASTER.

WE COULD HAVE AVOIDED THIS DISASTER  IF WE HAD IMPLEMENTED INTEGRATED AUTOMATIC STRONG PASSWORD GENERATION IN ALL CLIENTS A MONTH AGO.

ARE WE IN AGREEMENT TO IMPLEMENT IT ACROSS THE BOARD NOW?




I agree. Developers must make the clients as easy and as fool proof as possible for the unaware user who doesn't quite grasp how important a very long passphrase is when using Nxt brain wallet.  
+infinity
I suggested to Wesley adding a reverse steganographic password generator combined with PIN
I think that makes it super easy.


Jus an added thought...

Is there not a way that we could add a maximum number of tries to unlock an account? After the maximum number of tries you have to wait 1 minute before you can try again (or however long is a good time). I'm not sure how hackers hack a passphrase. Im assuming they need to keep entering a different passphrase until they hit one? Having a max limit to the number of times you can enter your passphrase would slow a hacker down?

This is just a thought and I don't know if this could be implemented to the clients or if im understanding things correctly as im neither a hacker or a coder Wink Just trying to help.

YinCoin YangCoin ☯☯First Ever POS/POW Alternator! Multipool! ☯ ☯ http://yinyangpool.com/ 
Free Distribution! https://bitcointalk.org/index.php?topic=623937
Bwincoin - 100% Free POS. BGMvuxaH47mwfQJ7iZ6tgJipB1XQLRhFCP
pandaisftw
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
March 10, 2014, 12:16:07 AM
 #42508

Still catching up to the thread (at least 20 pages behind), but reiterating what I said earlier:

Now that I think about it, parallel chains is a very nice way to achieve the 1000 TPS goal. It is highly unlikely that everyone needs to use all the parallel chains at once, so by providing many, many chains, people would only have to secure the ones they are interested in. NXT as a whole could have 1000 TPS, but a regular user would probably only need to secure at most 100 TPS on the chains he/she is interested in.

It is unlikely someone in India using NXTIndia will need to secure the NXTChina parallel chain (although both would secure the master chain). So with just 10 countries using NXT at 100 TPS, you got your 1000 TPS without the entire network having to have super-mega-fast internet speeds.

Add in specialized services with their own chain, and this number could be much higher than 1000 TPS.

Pandaisftw

Why are people so concerned with a single "super-duper-high-speed-secured-by-super-hubs"-chain?

100 parallel chains at 10 TPS each is equivalent to 1 chain at 1000 TPS.
10 TPS can be done easily with even the lowest-end hardware and internet connections.

Case 1 (Assumptions):
These chains use NXT as their base currency, and the total NXT between all of these chains remains 1 bil.
There is a way for NXT to transfer across chains without having to create new NXT or destroying NXT (presumably atomic transactions). If not, why can't NXT transactions have a "chain-destination" field, allowing seamless cross-NXTchain transactions?

Case 2:
Even if Case 1 is not true, then each chain would simply have it's own "coin", but still secured by the master chain, thus part of the NXT ecosystem.

Why is this practical? Because no one needs to use all 100 chains at once. People only need to secure the chains they use (in addition to the master chain) - think NXTUSA or NXTChina. Thus, there is less waste (infrastructure costs) than creating a single chain that can do 1000 TPS, but only during spike periods. It may only do 100 TPS normally, or even less. And then there's the fact that only super-hubs (centralization) can secure this network. By letting people choose what chains they want to secure, this gives nodes the flexibility to support as many chains as their hardware and bandwidth allows. Therefore, average users with Pi's can support maybe 10 chains, while those running VPSs with high bandwidth connections can support hundreds. They can also dynamically allocate their resources depending on network load via switching chains they support.

This also gives us the flexibility to go beyond 1000 TPS without needing to upgrade any hardware or internet speeds. More users = more chains = more users to support more chains.

Additionally, more chains means less bloat per chain. A single 1000 TPS chain would have immense bloat, and would have to be trimmed at a rapid pace. Imagine trying to catch up to a 1000 TPS chain, the chain will be rapidly growing while you're trying to download it. At this rate, the chain would be growing at 460 megabytes per hour. With many, many parallel chains, you would only have to worry about the blockchains you are securing. So a raspi user securing 10 chains at 10 TPS each would only need to worry about 100 TPS worth of bloat... much more manageable.

So I'll ask again, why is there a need for a single 1000 TPS chain when you can have hundreds of 10 TPS chains?
Could the network automatically adapt and support the chains that they are able to? I doubt most users will know enough to properly select what chains to support. If the network can be smart and reallocate resources where it is needed, then that would be really cool. semi-intelligent emergent behavior?

Yes, this can actually be done without the user ever knowing, if the user doesn't want to know. Advanced users can specify which chains specifically to support, while new users just let the client decide for them. A client can simply have a few fields such as "Max bandwidth", "Max chains", etc. to control how many chains the node will support. The client will then find the the most profitable chains to forge - profitability is a function of the number of people forging a particular chain + the number of transactions. It should balance out by itself, no chain will ever be unsupported because it would be so profitable that clients would jump on it immediately.

It would be a semi-intelligent emergent behavior, based on the laws of economics. If a particular chain is used more (more transactions) it will attract more powerful nodes to support it, until equilibrium between # of forgers and profitability is reached.

NXT: 13095091276527367030
funnynews
Full Member
***
Offline Offline

Activity: 271
Merit: 100



View Profile
March 10, 2014, 12:17:35 AM
 #42509

Crazy idea, someone has already thought of it?
A coin as the NXT might have similar features with ebay?

1 - I own the account 111111
2 - I want to buy something from the seller who has the account 22222
3 - I send 100NXT, which would be trapped in blockchain at to confirm that I received my purchase.
4 - If I receive the product unlock the 100NXT account for 222.
5 - If not receive but gets stuck and only come back to me if the account venderdor 222 mark as not completed.
6 - Upon completion of the deal or not, we could both evaluate and add 1 point to the "reputation system" of accounts.
7 - Accounts with high reputation, could mediate situations where there was no agreement.

So instead of being added to ebay, etc ... that is the dream of any currency, would replace. To facilitate the exchange of NXT for other currencies without using exchange.
What if acct 111111 receives the product, but doesnt mark it as so? acct 22222 will not be happy.
If you can solve that part, this could work

James

7 - Accounts with high reputation, could mediate situations where there was no agreement.

Has no the advantage, since NxT is stuck until enter into any agreement or Intervene mediator. if you do not pay do not receive a positive rating.
Accounts with high reputation could be mediators(optional) for and receive NXT some reward.

We have a clone of ebay here in my country Brazil using reputation system:
http://perfil.mercadolivre.com.br/SO+FAST.COM
The reputation points are the "gold" for sellers and buyers.

In case the blocchain could charge a fee to reward mediators in the case of such transaction buying and selling.

jl777
Legendary
*
Offline Offline

Activity: 1176
Merit: 1090


View Profile WWW
March 10, 2014, 12:26:37 AM
 #42510

He has 2100 followers...

https://i.imgur.com/fud4JGC.jpg

We know that a weak password is the user's responsibility, but it's also true that the current base client is not user friendly in that sense, at all. Regardless, in this case, contacting @onemanatatime, finding the related blockchain information and trying to perhaps partially or fully compensate the leeching would be a VERY smart PR move.

Edit: I just saw the amounts. 400K+. I'm sorry for him, but buying and transferring that amount without doing your homework is beyond reckless.

  

I agree his actions are beyond reckless, but HIS ACTIONS ARE KILLING NXT.  When one guy loses 20% of his portfolio on NXT due to poor password security and tweets it out to *** 2100 *** followers, WE JUST LOST 2100 PEOPLE WHO WON'T TOUCH NXT NOW. 

THIS IS A DISASTER.

WE COULD HAVE AVOIDED THIS DISASTER  IF WE HAD IMPLEMENTED INTEGRATED AUTOMATIC STRONG PASSWORD GENERATION IN ALL CLIENTS A MONTH AGO.

ARE WE IN AGREEMENT TO IMPLEMENT IT ACROSS THE BOARD NOW?




I agree. Developers must make the clients as easy and as fool proof as possible for the unaware user who doesn't quite grasp how important a very long passphrase is when using Nxt brain wallet.  
+infinity
I suggested to Wesley adding a reverse steganographic password generator combined with PIN
I think that makes it super easy.


Jus an added thought...

Is there not a way that we could add a maximum number of tries to unlock an account? After the maximum number of tries you have to wait 1 minute before you can try again (or however long is a good time). I'm not sure how hackers hack a passphrase. Im assuming they need to keep entering a different passphrase until they hit one? Having a max limit to the number of times you can enter your passphrase would slow a hacker down?

This is just a thought and I don't know if this could be implemented to the clients or if im understanding things correctly as im neither a hacker or a coder Wink Just trying to help.

password cracking can be done with local copy of blockchain.
I believe at the lowlevel bitcoin is the same way, they just have a standard wallet.dat overlay that hides this

http://www.digitalcatallaxy.com/report2015.html
100+ page annual report for SuperNET
bakedrice
Sr. Member
****
Offline Offline

Activity: 338
Merit: 250


View Profile WWW
March 10, 2014, 12:30:49 AM
 #42511


Alright,

I Talked to @onemanatatime.

He is saying that he wasn't redirected to another account. It was a misunderstanding.

This is his account;
http://87.230.14.1/nxt/nxt.cgi?action=3000&acc=2541298766073278713

Account of thief;
http://87.230.14.1/nxt/nxt.cgi?action=3000&acc=10715382765594435905

He said he used 8 characters as a password.

This is his Cryptsy account;
3706829054823951351

If you guys can lessen his pain it would be great. We have lost faith of some users because of his tweets.
But if we show him how great our community is. He will show his love to us again.

Thanks for helping me out and letting the community know about what happened. I know that the NXT team is hard at work & continually making improvements. Keep it up!

I hope this can help developers quickly sort out the problems I highlight, and make it easier for the end user to use NXT as a currency.


He has 2100 followers...

https://i.imgur.com/fud4JGC.jpg

We know that a weak password is the user's responsibility, but it's also true that the current base client is not user friendly in that sense, at all. Regardless, in this case, contacting @onemanatatime, finding the related blockchain information and trying to perhaps partially or fully compensate the leeching would be a VERY smart PR move.

Edit: I just saw the amounts. 400K+. I'm sorry for him, but buying and transferring that amount without doing your homework is beyond reckless.

  

I agree his actions are beyond reckless, but HIS ACTIONS ARE KILLING NXT.  When one guy loses 20% of his portfolio on NXT due to poor password security and tweets it out to *** 2100 *** followers, WE JUST LOST 2100 PEOPLE WHO WON'T TOUCH NXT NOW.  

THIS IS A DISASTER.

WE COULD HAVE AVOIDED THIS DISASTER  IF WE HAD IMPLEMENTED INTEGRATED AUTOMATIC STRONG PASSWORD GENERATION IN ALL CLIENTS A MONTH AGO.

ARE WE IN AGREEMENT TO IMPLEMENT IT ACROSS THE BOARD NOW?

Actually, I just looked at his account and he is very open about using a short and unsafe pass.
He isn't attacking Nxt at all and acknowledges he wasn't smart to do it.

I don't see it as a major PR problem. The reactions he gets are good, too. Most of his followers are traders themselves who had losses, too.

I'm not saying I think we shouldn't care, but he did this himself and knows it was stupid. If people want to help him, that's cool.

And we should get it sorted, but that will be done.




Thanks for highlighting this. I am not here to flame NXT of course. I like the innovation, and met a few NXTcoin representatives in Berlin recently, and also know of some upcoming development plans. I have always kept my NXTcoins in DGEX since I first bought them, but since DGEX removed the NXT fees, I decided to move them into a local client. Explained at the bottom is why I used an 8 character password.

I'm just here to say 1 thing; security is a huge issue with cryptocurrencies and I understand that, and take necessary precautions to protect my funds. I'm not a developer designer or anything, but I consider myself a rather tech-savvy person that could navigate around websites, software, and hardware without reading a manual. But this is the first time I've ever used a login process which only requires a password and acts also as a username.

On hindsight, I am surprised the client does not automatically prevent you from using a non secure password. If a website requires a secure password, they implement several restrictions to help their users save themselves in case they are careless. As much as this version of the client is a "beta" version, I am still disappointed that the system allows users to make such a simple error, knowing very well that creating an account and sending NXT into any account w <20 chars password will get hacked immediately.

Like I said, security is #1 priority in crypto. I just find it amusing that the client has such a big loophole to leave users vulnerable.




I don't think its a disaster, its unfortunate, and when the 'official' client's are all out with a better solution, put up a page and tweet a url to it with the same tags.

I agree we have to protect the unwary from having direct access to a brain wallet but we will always have this if people do not follow instructions, he doesn't say what client he uses... Was it NRS directly?

Currently you get this when you click 'unlock' in NRS....

Quote
If opening a new account, please note:
A simple passphrase will certainly result in your NXT being stolen!
Do not use any phrase that appears in any printed or online material,
no matter how long or obscure. A secure passphrase will be at least
35 characters long and consist of random letters, numbers, and special
characters, or a meaningless combination of 10 random words.

And if you ignore that and type in a stupid password you get...

Quote
Your secret phrase is too short
and can be easily picked by a hacker!

So that was TWO WARNINGS that he did something stupid, unless he used some other client and that means we have a downloadable client on our site that accepts bad practice without any warnings, or he got a client from somewhere else which means it could have a trojan in it anyway...

We cannot protect the gullible from themselves and we cannot protect ourselves completely from the bad news that the gullible being taken advantage of will always generate... But I do agree we could/need-to be better at security than we are currently.

Yes chanc3r we need a better & more secure system that can cater to non-technical users, which imo is the most vital ingredient in making NXT a viable and sustainable currency. But as to why I continued to be stupid and use a short password:


It's not about the password. I misintepreted how the client functions. I expected it to work like how a normal wallet works; that you require 1 username and 1 password to access the account. I assumed the password entered was an encryption password or similar. even up reading the warnings, it doesn't at any point ring any bells that this password is both an account username & password together.

I admit, it's a simple but costly mistake. But my point here is that the NXT client is really un-user-friendly. I like the idea of having ur password as your login, but most users are not accustomed to such a system. the NXTcoin teams needs to seriously educate users properly about how to manage the wallet etc. I followed the guide on nxtcrypto.org, and the guide doesn't mention the differences the client has with a normal Cryptocoin wallet. If any other user like me blindly follows this guide, I'm sure a small percentage would have done the exact same thing I did.

bidji29
Sr. Member
****
Offline Offline

Activity: 392
Merit: 250


View Profile
March 10, 2014, 12:47:14 AM
 #42512

password cracking can be done with local copy of blockchain.
I believe at the lowlevel bitcoin is the same way, they just have a standard wallet.dat overlay that hides this

http://directory.io/
List of all the bitcoin adress with the corresponding private key. Good luck ^^

http://www.freebieservers.com/  100% FREE GAME SERVERS
funnynews
Full Member
***
Offline Offline

Activity: 271
Merit: 100



View Profile
March 10, 2014, 12:49:28 AM
 #42513

OK, But should have a validation in the next versions of the client for existing accounts saying:
 
Hello asshole, you have 50,000 NXT and uses a 10-character password?
You are asking to get screwed, please create another account with a password of over 30 characters including numbers, letters and special characters and move your values or soon someone will steal you. Do not cry when it happens. You have been warned.

bakedrice
Sr. Member
****
Offline Offline

Activity: 338
Merit: 250


View Profile WWW
March 10, 2014, 12:54:21 AM
 #42514

OK, But should have a validation in the next versions of the client for existing accounts saying:
 
Hello asshole, you have 50,000 NXT and uses a 10-character password?
You are asking to get screwed, please create another account with a password of over 30 characters including numbers, letters and special characters and move your values or soon someone will steal you. Do not cry when it happens. You have been warned.

The client should not even allow anything like that from happening. Put a minimum password length of 20 characters, what so hard about that?  Huh  Huh

I think using that exact language would have worked so much better though.

Damelon
Legendary
*
Offline Offline

Activity: 1092
Merit: 1001



View Profile
March 10, 2014, 12:56:00 AM
 #42515

Thanks for highlighting this. I am not here to flame NXT of course. I like the innovation, and met a few NXTcoin representatives in Berlin recently, and also know of some upcoming development plans. I have always kept my NXTcoins in DGEX since I first bought them, but since DGEX removed the NXT fees, I decided to move them into a local client. Explained at the bottom is why I used an 8 character password.

I'm just here to say 1 thing; security is a huge issue with cryptocurrencies and I understand that, and take necessary precautions to protect my funds. I'm not a developer designer or anything, but I consider myself a rather tech-savvy person that could navigate around websites, software, and hardware without reading a manual. But this is the first time I've ever used a login process which only requires a password and acts also as a username.

On hindsight, I am surprised the client does not automatically prevent you from using a non secure password. If a website requires a secure password, they implement several restrictions to help their users save themselves in case they are careless. As much as this version of the client is a "beta" version, I am still disappointed that the system allows users to make such a simple error, knowing very well that creating an account and sending NXT into any account w <20 chars password will get hacked immediately.

Like I said, security is #1 priority in crypto. I just find it amusing that the client has such a big loophole to leave users vulnerable.

Hello,

I REALLY appreciate you even posting here. I don't know if I would have taken the time for that, had I taken such a loss. Over 400,000 Nxt is a big number!

To me that shows real commitment and character, and I want to thank you for that.

There is still much to be done and we all hope and work that this will be done soon. It is a real pity that people like you have to go through this...


Member of the Nxt Foundation | Donations: NXT-D6K7-MLY6-98FM-FLL5T
Join Nxt Slack! https://nxtchat.herokuapp.com/
Founder of Blockchain Workspace | Personal Site & Blog
bakedrice
Sr. Member
****
Offline Offline

Activity: 338
Merit: 250


View Profile WWW
March 10, 2014, 12:57:54 AM
 #42516


Hello,

I REALLY appreciate you even posting here. I don't know if I would have taken the time for that, had I taken such a loss. Over 400,000 Nxt is a big number!

To me that shows real commitment and character, and I want to thank you for that.

There is still much to be done and we all hope and work that this will be done soon. It is a real pity that people like you have to go through this...



Life has to go on, right?

I died for about 1 minute but I think that was about it.  Grin

xyzzyx
Sr. Member
****
Offline Offline

Activity: 490
Merit: 250


I don't really come from outer space.


View Profile
March 10, 2014, 01:10:30 AM
 #42517

The client should not even allow anything like that from happening. Put a minimum password length of 20 characters, what so hard about that?  Huh  Huh

Sorry for your troubles, man.

Part of the problem is that the NRS client is close to the low-level network functions of Nxt.  NRS is the reference implementation -- it is meant to be a temporary interface to the Nxt functions until the community comes up with alternative higher-level clients.  When this happens (soon, it appears), NRS will be discarded.

Edit: and there are already several alternative clients available for Nxt.  I shouldn't leave that info out.

"An awful lot of code is being written ... in languages that aren't very good by people who don't know what they're doing." -- Barbara Liskov
gs02xzz
Full Member
***
Offline Offline

Activity: 221
Merit: 100


View Profile
March 10, 2014, 01:26:01 AM
 #42518


Hello,

I REALLY appreciate you even posting here. I don't know if I would have taken the time for that, had I taken such a loss. Over 400,000 Nxt is a big number!

To me that shows real commitment and character, and I want to thank you for that.

There is still much to be done and we all hope and work that this will be done soon. It is a real pity that people like you have to go through this...



Life has to go on, right?

I died for about 1 minute but I think that was about it.  Grin

I am sorry for your loss. Your spending 20% of your money on Nxt was a big endorsement to Nxt. You must have thought that Nxt have some potentials in the future. It could have some good marketing effects for Nxt. I hope Nxt and some big whales will give you a Marketing bounty for that.
jl777
Legendary
*
Offline Offline

Activity: 1176
Merit: 1090


View Profile WWW
March 10, 2014, 01:31:03 AM
 #42519

OK, But should have a validation in the next versions of the client for existing accounts saying:
 
Hello asshole, you have 50,000 NXT and uses a 10-character password?
You are asking to get screwed, please create another account with a password of over 30 characters including numbers, letters and special characters and move your values or soon someone will steal you. Do not cry when it happens. You have been warned.
We are already doing this!

NxtMac currently says:
"If opening a new account, please note:
A simple passphrase will certainly result in your NXT being stolen! Do not use any phrase that appears in any printed or online material, no matter how long or obscure. A secure passphrase will be at least 35 characters long and consist of random letters, numbers, and special characters, or a meaningless combination of 10 random words."

The problem is that people dont necessarily read or understand or follow the warnings that are already there.
We probably need to make it hard for people to not create a good password.

The following generates a decent password:
openssl rand -base64 50


http://www.digitalcatallaxy.com/report2015.html
100+ page annual report for SuperNET
bakedrice
Sr. Member
****
Offline Offline

Activity: 338
Merit: 250


View Profile WWW
March 10, 2014, 01:42:45 AM
 #42520


Hello,

I REALLY appreciate you even posting here. I don't know if I would have taken the time for that, had I taken such a loss. Over 400,000 Nxt is a big number!

To me that shows real commitment and character, and I want to thank you for that.

There is still much to be done and we all hope and work that this will be done soon. It is a real pity that people like you have to go through this...



Life has to go on, right?

I died for about 1 minute but I think that was about it.  Grin

I am sorry for your loss. Your spending 20% of your money on Nxt was a big endorsement to Nxt. You must have thought that Nxt have some potentials in the future. It could have some good marketing effects for Nxt. I hope Nxt and some big whales will give you a Marketing bounty for that.

I saw NXT's potential and bought all of them when it was 1300 Satoshi. I had a little more than this previously. So no I didn't exactly spend 20%, but it was worth 20% when I lost it.

Pages: « 1 ... 2076 2077 2078 2079 2080 2081 2082 2083 2084 2085 2086 2087 2088 2089 2090 2091 2092 2093 2094 2095 2096 2097 2098 2099 2100 2101 2102 2103 2104 2105 2106 2107 2108 2109 2110 2111 2112 2113 2114 2115 2116 2117 2118 2119 2120 2121 2122 2123 2124 2125 [2126] 2127 2128 2129 2130 2131 2132 2133 2134 2135 2136 2137 2138 2139 2140 2141 2142 2143 2144 2145 2146 2147 2148 2149 2150 2151 2152 2153 2154 2155 2156 2157 2158 2159 2160 2161 2162 2163 2164 2165 2166 2167 2168 2169 2170 2171 2172 2173 2174 2175 2176 ... 2560 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!