|
bidji29
|
 |
March 10, 2014, 04:09:17 PM |
|
Come on. Do you really think a wallet file, which can get corrupted, or lost ("oh i deleted the program folder, didn't know that...."), or not found ("where is the fucking folder") is easier than a "please write this down"?
Yes it is easier. I described earlier the steps between the different method : A newcomer need to pass through 5 steps before having access to an account number.
- Launch the client
- Click on "Not registered? Click here!"
- Move his mouse arround
- Land on a complicated message. Then, copy a set of of 12 word (That's the worst step. Not user-friendly at all )
- Then recopy those word to finally have an account number
This solution is an improvment of course but I think a wallet.dat is really needed if we want to touch a wider audience.
With a wallet.dat. There is only ONE step :
-Launch the clientIt's always possible to encrypt and backup the wallet.dat later. I don't think those security measure should happen at the first launch, because it's not very user friendly. There is always the possibility to add a warning for that at the 5 or 10th launch of the client. And in case you didn't notice the first time : Wesley i'm ready to donate another 40k NXT to you if you implement the wallet.dat feature, with a high priority |
|
|
|
|
opticalcarrier
|
|
March 10, 2014, 04:10:41 PM |
|
optical, bidji29. i think you are (we all are) biased because we know this shit for a long time. what the fuck is a wallet file. but a password, hell, everybody knows that.
But newbie don't even need to know there is a wallet.dat when they first launch the client. They directly have an account and can send NXT on it. It's an easier solution. I'm only talking about the first second after someone launch the client, because that's the most important ones. It's the key. Each additional step neccesary to use NXT = Less people who will bother Come on. Do you really think a wallet file, which can get corrupted, or lost ("oh i deleted the program folder, didn't know that...."), or not found ("where is the fucking folder") is easier than a "please write this down"? we can make the same argument about writing something down "which can get corrupted, or lost" so not only do we want to introduce NXT to the world that's protocol is completely different than the de facto standard of bitcoin, we also want to change the main account access method? You guys are failing human computer interaction. Heres the deal: If we go the brainwallet method and people screw up, they look back and say "why arent you like BTC? if you were like BTC I wouldnt have lost my NXT. NXT sucks" Someone's previous suggestion of "users being too stupid" or whatever it was... yeah right, sure thats really the way to go. On the other hand if we go .dat file storage and they screw up, there is a long history of de facto standard that has precedence that protects NXT from blame. Do you have this protection with method of using brainwallet as default? nope you dont. |
|
|
|
|
|
rdanneskjoldr
|
|
March 10, 2014, 04:12:40 PM |
|
I think something like this could solve the passphrase problem,adapted to Nxt,keeping its essence of brain wallet,and no wallet.dat file.People could generate their passphrases with no need of knowing them in a super easy way,and would follow BCNext's first idea. http://braincontrol.me/http://betanomics.asia/blog/store-and-send-bitcoin-directly-from-your-brain-using-braincontrolBrainControl ultimately uses the following function to determenistically generate the necessary keys at the precise time required to perform any sensitive functionality such as send or backing-up: <script>
var keys = btc.keys(Crypto.SHA256(salt+url+Crypto.SHA256(username+password+pin)));
</script> |
|
|
|
|
|
bitcoinpaul
|
|
March 10, 2014, 04:16:44 PM |
|
On the other hand if we go .dat file storage and they screw up, there is a long history of de facto standard that has precedence that protects NXT from blame. Do you have this protection with method of using brainwallet as default? nope you dont.
Good point. |
|
|
|
|
|
wesleyh
|
|
March 10, 2014, 04:18:09 PM |
|
Come on. Do you really think a wallet file, which can get corrupted, or lost ("oh i deleted the program folder, didn't know that...."), or not found ("where is the fucking folder") is easier than a "please write this down"?
Yes it is easier. I described earlier the steps between the different method : A newcomer need to pass through 5 steps before having access to an account number.
- Launch the client
- Click on "Not registered? Click here!"
- Move his mouse arround
- Land on a complicated message. Then, copy a set of of 12 word (That's the worst step. Not user-friendly at all )
- Then recopy those word to finally have an account number
This solution is an improvment of course but I think a wallet.dat is really needed if we want to touch a wider audience.
With a wallet.dat. There is only ONE step :
-Launch the clientIt's always possible to encrypt and backup the wallet.dat later. I don't think those security measure should happen at the first launch, because it's not very user friendly. There is always the possibility to add a warning for that at the 5 or 10th launch of the client. And in case you didn't notice the first time : Wesley i'm ready to donate another 40k NXT to you if you implement the wallet.dat feature, with a high priority 4 steps as the mouse moving is not necessary in the newer browsers. And thanks for the possible donation, brainwallet will be implemented hopefully within 1-2 weeks max. |
|
|
|
|
msin
Legendary
 Offline
Activity: 1484
Merit: 1006
|
|
March 10, 2014, 04:19:49 PM |
|
Wow, almost had a brain aneurism catching up on the thread, definitely some weekend diarrhea posts by certain members (you know who you are). Anyway, glad to see TF being implemented. Also, Really like Parallel Chains, we need to get this implemented before CFB launches into outer space. I don't think we need to lock this thread, but there needs to be more participation in other threads: http://www.nxtcoins.nl/bitcointalk-threads/ |
|
|
|
|
|
wesleyh
|
|
March 10, 2014, 04:20:11 PM |
|
I think something like this could solve the passphrase problem,adapted to Nxt,keeping its essence of brain wallet,and no wallet.dat file.People could generate their passphrases with no need of knowing them in a super easy way,and would follow BCNext's first idea. http://braincontrol.me/http://betanomics.asia/blog/store-and-send-bitcoin-directly-from-your-brain-using-braincontrolBrainControl ultimately uses the following function to determenistically generate the necessary keys at the precise time required to perform any sensitive functionality such as send or backing-up: <script>
var keys = btc.keys(Crypto.SHA256(salt+url+Crypto.SHA256(username+password+pin)));
</script> Someone will need to explain this in a little more detail. Won't URL always be the same? (in case of a desktop client there's even no URL). |
|
|
|
|
|
BrianNowhere
|
|
March 10, 2014, 04:20:45 PM |
|
Would it be
162610
Why 10? 10 words |
NXT: 4957831430947123625
|
|
|
coretechs
Donator
Sr. Member
Offline
Activity: 362
Merit: 250
|
|
March 10, 2014, 04:21:39 PM
Last edit: March 21, 2014, 08:27:16 PM by coretechs |
|
Is DoS expected to be more of a problem with TF than regular forging? If we can guess who will forge the next block with a high degree of probability, won't an attacker do the same? If this was already discussed, can someone point me to it? I'd like to find more detailed information on how TF is planned to be implemented. edit - Just noticed this is mentioned in the faq, but not really answered fully. http://www.thenxtwiki.org/wiki/FAQ - "This is possible. If it is a concern for you, you should run your Nxt software through a personal VPN service or Tor. " |
|
|
|
jl777
Legendary
Offline
Activity: 1176
Merit: 1134
|
|
March 10, 2014, 04:23:05 PM |
|
Hi Wesleyh While you are alive and online, please answer me, I'm repeating. Testing AE. Using NxtWallet. Have question as simple Joe:
Did I miss somewhere, but how to know at which price I bought asset or when and for what price I sold an asset? I don't see anything in transactions and my assets.
Could somebody point me if it is?
Yep, it's not under transactions. I'll be adding something that notifies you though, based on it checking your account state and will notify you of x units of whatever item bought / sold (but not in terms of nxt gained / lost) Ok, thank you. I meant, I see changes in dashboard->account balance total sum, but in recent transactions there are only actions, like bid or ask, and just paid fees for this. Yep, it doesn't create transactions. I was flustered at first too.. Its a pain but http://wiki.nxtcrypto.org/wiki/Nxt_API#Get_tradesgives you enough info to figure out transaction history. I had to do that to reconcile current asset balances based on transactions (trades and transfers) as compared to what NXT core returns as current asset balance. James |
|
|
|
|
rdanneskjoldr
|
|
March 10, 2014, 04:25:21 PM |
|
I think something like this could solve the passphrase problem,adapted to Nxt,keeping its essence of brain wallet,and no wallet.dat file.People could generate their passphrases with no need of knowing them in a super easy way,and would follow BCNext's first idea. http://braincontrol.me/http://betanomics.asia/blog/store-and-send-bitcoin-directly-from-your-brain-using-braincontrolBrainControl ultimately uses the following function to determenistically generate the necessary keys at the precise time required to perform any sensitive functionality such as send or backing-up: <script>
var keys = btc.keys(Crypto.SHA256(salt+url+Crypto.SHA256(username+password+pin)));
</script> Someone will need to explain this in a little more detail. Won't URL always be the same? (in case of a desktop client there's even no URL). Im not a programmer,but i guess URL could be excluded.This is just how this site works.I found it in a tweet from Antonopoulos, supporting this.What i think is useful is the idea. Just try it and take the idea.It will even show you the bitcoin private key the wallet generated if you want to save it somewhere. It could let people use 2 or 3 easy passwords,and a PIN,easy to remember,and create the NXT passphrase from there For example,putting account name : nxttrial passphrase: nxtsecondgeneration extra salt: nxt pin : 123456 This gives access to the publid bitcoin ID 1Ax7FXk9Q8oneRpkPv9GzMyi6gjf4y6Sg5 If you click backup, it gives you the QR code and the private key : 5KACFTu5aESZQ7THmSpgkFkew9J8EJRhSeuNWuBmEkcGhE28yGk So you are not saving it anywhere,it keeps the essence of Nxt brain wallet. |
|
|
|
|
|
BrianNowhere
|
|
March 10, 2014, 04:30:18 PM |
|
Someone's previous suggestion of "users being too stupid" or whatever it was... yeah right, sure thats really the way to go.
Might have been me, but I did say it needs to be made stupid proof. But make no mistake it is stupidity for anyone to lose their NXT because of a bad password even on the NRS client as it is. I can understand someone being a little lax when making an email password or something but when you're investing thousands of dollars into a new technology I would think any reasonably smart person would take a degree of extra caution. I studied bitcoin for a full week straight before I bought my first hundred dollars worth. I think part of it is on-line banking, which lets you get away with weak passwords. People think "if it's ok for my bank should be ok here" I'm not saying these people are "non-functioning" stupid, but they are stupid nonetheless. I think it's kind of similar to the people who don't like bothering with reading the manual when they are putting together something complicated from IKEA. They are confident they'll figure it out and just start putting it together. Usually they swear a lot while doing it and mess up a couple of times. With crypto the consequences are more dire. You cannot screw up even once. It's hard for me to garner a lot of sympathy for these people. |
NXT: 4957831430947123625
|
|
|
|
wesleyh
|
|
March 10, 2014, 04:31:30 PM |
|
I think something like this could solve the passphrase problem,adapted to Nxt,keeping its essence of brain wallet,and no wallet.dat file.People could generate their passphrases with no need of knowing them in a super easy way,and would follow BCNext's first idea. http://braincontrol.me/http://betanomics.asia/blog/store-and-send-bitcoin-directly-from-your-brain-using-braincontrolBrainControl ultimately uses the following function to determenistically generate the necessary keys at the precise time required to perform any sensitive functionality such as send or backing-up: <script>
var keys = btc.keys(Crypto.SHA256(salt+url+Crypto.SHA256(username+password+pin)));
</script> Someone will need to explain this in a little more detail. Won't URL always be the same? (in case of a desktop client there's even no URL). Im not a programmer,but i guess URL could be excluded.This is just how this site works.I found it in a tweet from Antonopoulos, supporting this.What i think is useful is the idea. Just try it and take the idea.It will even show you the bitcoin private key the wallet generated if you want to save it somewhere. It could let people use 2 or 3 easy passwords,and a PIN,easy to remember,and create the NXT passphrase from there For example,putting account name : nxttrial passphrase: nxtsecondgeneration extra salt: nxt pin : 123456 This gives access to the publid bitcoin ID 1Ax7FXk9Q8oneRpkPv9GzMyi6gjf4y6Sg5 If you click backup, it gives you the QR code and the private key : 5KACFTu5aESZQ7THmSpgkFkew9J8EJRhSeuNWuBmEkcGhE28yGk So you are not saving it anywhere.It is only that in 5 years,you come back and put the same login details,it will give you access to she same account.I think this system could work for Nxt and be user friendly.I cant say how safe it is,but i guess it is. What's the difference between this and simply having the brain password: nxttrialnxtsecondgenerationnxt123456? |
|
|
|
|
|
rdanneskjoldr
|
|
March 10, 2014, 04:35:03 PM |
|
I think something like this could solve the passphrase problem,adapted to Nxt,keeping its essence of brain wallet,and no wallet.dat file.People could generate their passphrases with no need of knowing them in a super easy way,and would follow BCNext's first idea. http://braincontrol.me/http://betanomics.asia/blog/store-and-send-bitcoin-directly-from-your-brain-using-braincontrolBrainControl ultimately uses the following function to determenistically generate the necessary keys at the precise time required to perform any sensitive functionality such as send or backing-up: <script>
var keys = btc.keys(Crypto.SHA256(salt+url+Crypto.SHA256(username+password+pin)));
</script> Someone will need to explain this in a little more detail. Won't URL always be the same? (in case of a desktop client there's even no URL). Im not a programmer,but i guess URL could be excluded.This is just how this site works.I found it in a tweet from Antonopoulos, supporting this.What i think is useful is the idea. Just try it and take the idea.It will even show you the bitcoin private key the wallet generated if you want to save it somewhere. It could let people use 2 or 3 easy passwords,and a PIN,easy to remember,and create the NXT passphrase from there For example,putting account name : nxttrial passphrase: nxtsecondgeneration extra salt: nxt pin : 123456 This gives access to the publid bitcoin ID 1Ax7FXk9Q8oneRpkPv9GzMyi6gjf4y6Sg5 If you click backup, it gives you the QR code and the private key : 5KACFTu5aESZQ7THmSpgkFkew9J8EJRhSeuNWuBmEkcGhE28yGk So you are not saving it anywhere.It is only that in 5 years,you come back and put the same login details,it will give you access to she same account.I think this system could work for Nxt and be user friendly.I cant say how safe it is,but i guess it is. What's the difference between this and simply having the brain password: nxttrialnxtsecondgenerationnxt123456? Thats why im not a programmer,and maybe its just stupid,hahah. But at least it made you create a more than 30 characters long easy to remember passphrase with numbers and letters,and symbols could be added and mandatory. The idea is that nxttrialnxtsecondgenerationnxt123456 --> 5KACFTu5aESZQ7THmSpgkFkew9J8EJRhSeuNWuBmEkcGhE28yGk (longer for nxt), which would be the Nxt passphrase,but maybe it is useless for security |
|
|
|
|
|
wesleyh
|
|
March 10, 2014, 04:35:58 PM |
|
I think something like this could solve the passphrase problem,adapted to Nxt,keeping its essence of brain wallet,and no wallet.dat file.People could generate their passphrases with no need of knowing them in a super easy way,and would follow BCNext's first idea. http://braincontrol.me/http://betanomics.asia/blog/store-and-send-bitcoin-directly-from-your-brain-using-braincontrolBrainControl ultimately uses the following function to determenistically generate the necessary keys at the precise time required to perform any sensitive functionality such as send or backing-up: <script>
var keys = btc.keys(Crypto.SHA256(salt+url+Crypto.SHA256(username+password+pin)));
</script> Someone will need to explain this in a little more detail. Won't URL always be the same? (in case of a desktop client there's even no URL). Im not a programmer,but i guess URL could be excluded.This is just how this site works.I found it in a tweet from Antonopoulos, supporting this.What i think is useful is the idea. Just try it and take the idea.It will even show you the bitcoin private key the wallet generated if you want to save it somewhere. It could let people use 2 or 3 easy passwords,and a PIN,easy to remember,and create the NXT passphrase from there For example,putting account name : nxttrial passphrase: nxtsecondgeneration extra salt: nxt pin : 123456 This gives access to the publid bitcoin ID 1Ax7FXk9Q8oneRpkPv9GzMyi6gjf4y6Sg5 If you click backup, it gives you the QR code and the private key : 5KACFTu5aESZQ7THmSpgkFkew9J8EJRhSeuNWuBmEkcGhE28yGk So you are not saving it anywhere.It is only that in 5 years,you come back and put the same login details,it will give you access to she same account.I think this system could work for Nxt and be user friendly.I cant say how safe it is,but i guess it is. What's the difference between this and simply having the brain password: nxttrialnxtsecondgenerationnxt123456? Thats why im not a programmer,and maybe its just stupid,hahah. But at least it made you create a more than 30 characters long easy to remember passphrase with numbers and letters,and symbols could be mandatory. The idea is that nxttrialnxtsecondgenerationnxt123456 --> 5KACFTu5aESZQ7THmSpgkFkew9J8EJRhSeuNWuBmEkcGhE28yGk , which would be the Nxt passphrase,but maybe it is useless for security reasons Well, if this is the default method, a "hacker" would simply use the same encryption method on the brain password to get the "real" passphrase. Or am I wrong, anyone? |
|
|
|
|
msin
Legendary
Offline
Activity: 1484
Merit: 1006
|
|
March 10, 2014, 04:38:48 PM |
|
The reason we keep discussing things and never come to a final decision is because we don't have any deadlines.
The development committee needs to set deadlines on when certain decisions need to be finalized. Then we can all discuss the proposed suggestions and come to a final decision.
Finishing TF to ensure a high tx rate on the primary NXT blockchain needs to be done. Thank you Come-from-Beyond for doing this and proceeding with BCNext's plan.
+1, would love to see the development committee start a thread with projects listed with deadlines. Rickyjames seems to be the perfect person to head this up! |
|
|
|
|
|
opticalcarrier
|
|
March 10, 2014, 04:38:59 PM |
|
Is DoS expected to be more of a problem with TF than regular forging? If we can guess who will forge the next block with a high degree of probability, won't an attacker do the same?
If this was already discussed, can someone point me to it? I'd like to find more detailed information on how TF is planned to be implemented.
I brought this up, in the original TF thread I think it was, the answer was that the forging pools that publish IP address so as to participate in TF will also require some DDoS protection, be it actual hardware in the case of owned/operated forging equipment or as a cloud service in the case of using a VPS. This is why in the long run, using odroid/RPi forging devices as a network in a TF enabled system will be a no go. |
|
|
|
|
|
rdanneskjoldr
|
|
March 10, 2014, 04:39:47 PM |
|
Ty for looking at it.
Its true what you say.The URL thing can make it safer in bitcoin,because hackers dont know if the wallet used this system.But would be useless in Nxt,if all the wallets used this.
|
|
|
|
|
|
|
|
opticalcarrier
|
|
March 10, 2014, 04:48:44 PM |
|
Someone's previous suggestion of "users being too stupid" or whatever it was... yeah right, sure thats really the way to go.
Might have been me, but I did say it needs to be made stupid proof. But make no mistake it is stupidity for anyone to lose their NXT because of a bad password even on the NRS client as it is. I can understand someone being a little lax when making an email password or something but when you're investing thousands of dollars into a new technology I would think any reasonably smart person would take a degree of extra caution. I studied bitcoin for a full week straight before I bought my first hundred dollars worth. I think part of it is on-line banking, which lets you get away with weak passwords. People think "if it's ok for my bank should be ok here" I'm not saying these people are "non-functioning" stupid, but they are stupid nonetheless. I think it's kind of similar to the people who don't like bothering with reading the manual when they are putting together something complicated from IKEA. They are confident they'll figure it out and just start putting it together. Usually they swear a lot while doing it and mess up a couple of times. With crypto the consequences are more dire. You cannot screw up even once. It's hard for me to garner a lot of sympathy for these people. me either, but logically it just makes more sense in that if we have an option where we get fewer fingers pointing our way, then that method will be the way that NXT will spread larger/faster. A nxtwallet.dat file by default gives us that. |
|
|
|
|
|
