ChuckOne
Sr. Member
 Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
 |
March 10, 2014, 09:56:25 PM |
|
So community, what do you think about the user's own password rules.
Your secret phrase must consist of at least 12 random words separated by spaces. Alternatively, you can choose a secret phrase that is at least 35 characters long and contains a mixture of lower/uppercase characters, numbers and special characters.
Is this too complicated? what do you suggest instead. Not that this one is better, but maybe it is easier for the most users to understand: 1) at least 35 characters 2) less than 50 characters requires upper case and numbers OK, so I could simply say: Your secret phrase should be at least 35 characters long. And then I can show the rest, (if the pass is less than 50), as an error message. Otherwise the description would be too long, agreed? Seems good.  Is this a good error description (shown when less than 50 characters are entered): error = "Since your secret phrase is less than 50 characters long, it must contain both numbers and uppercase letters."; btw, no requirement for special characters? That is great. Ufff.. Hmm. Special characters. I do not know. What do others think? It is more secure then, right? |
|
|
|
|
|
bitcoinpaul
|
|
March 10, 2014, 09:57:55 PM |
|
So community, what do you think about the user's own password rules.
Your secret phrase must consist of at least 12 random words separated by spaces. Alternatively, you can choose a secret phrase that is at least 35 characters long and contains a mixture of lower/uppercase characters, numbers and special characters.
Is this too complicated? what do you suggest instead. That is pretty straight forward and easy to understand. Well people thought it was too long. I've changed it now. Try it at http://nxtra.org/nxt-client/ (click on don't have an account, then click on "want to choose your own secret phrase") +1 |
|
|
|
|
|
marek3ball
|
|
March 10, 2014, 09:58:57 PM |
|
Three thoughts:
- Just say Passphrase should be at least 50 characters long
- Show an indicator how good the chosen passphrase is
- Allow people to chose a weaker password
What will be the maximum length of the passphrase? Long passphrase must be copy / paste anyway, then for me it is the same work use 35 or 90 characters. |
|
|
|
|
|
igmaca
|
|
March 10, 2014, 09:59:37 PM |
|
.... I'll be sure to include this entire text on the password creation screen  other thinks What is Two-Channel Auto-Type Obfuscation? The Auto-Type feature of KeePass is very powerful: it sends simulated keypresses to other applications. This works with all Windows applications and for the target applications it's not possible to distinguish between real keypresses and the ones simulated by Auto-Type. This at the same time is the main disadvantage of Auto-Type, because keyloggers can eavesdrop the simulated keys. That's where Two-Channel Auto-Type Obfuscation (TCATO) comes into play. TCATO makes standard keyloggers useless. It uses the Windows clipboard to transfer parts of the auto-typed text into the target application. Keyloggers can see the Ctrl-V presses, but do not log the actual contents pasted from the clipboard. Clipboard spies don't work either, because only parts of the sensitive information is transferred on this way. Anyway, it's not perfectly secure (and unfortunately cannot be made by theory). None of the currently available keyloggers or clipboard spies can eavesdrop an obfuscated auto-type process, but it is theoretically possible to write a dedicated spy application that specializes on logging obfuscated auto-type. |
|
|
|
|
|
wesleyh
|
|
March 10, 2014, 09:59:50 PM |
|
Three thoughts:
- Just say Passphrase should be at least 50 characters long
- Show an indicator how good the chosen passphrase is
- Allow people to chose a weaker password
What will be the maximum length of the passphrase? Long passphrase must be copy / paste anyway, then for me it is the same work use 35 or 90 characters. There is no maximum length. |
|
|
|
|
|
bidji29
|
|
March 10, 2014, 10:00:32 PM |
|
35 char is more than enough. Don't need to add special character
|
|
|
|
|
Mario123
|
|
March 10, 2014, 10:02:26 PM |
|
Three thoughts:
- Just say Passphrase should be at least 50 characters long
- Show an indicator how good the chosen passphrase is
- Allow people to chose a weaker password
What will be the maximum length of the passphrase? Long passphrase must be copy / paste anyway, then for me it is the same work use 35 or 90 characters. There is no maximum length. IMHO 100 chars |
|
|
|
|
rdanneskjoldr
|
|
March 10, 2014, 10:03:07 PM |
|
One question.Alias are supposed to replace account numbers in recipients name,no?Does it difference between sending nxt to account nº 1,to sending to Alias 1 ??Or any number..
Id say its too obvious and of course it does,but havent read about it.
|
|
|
|
|
|
Mario123
|
|
March 10, 2014, 10:03:29 PM |
|
Wesley, your work is wonderful. And the recent changes are great.
|
|
|
|
|
igmaca
|
|
March 10, 2014, 10:06:20 PM |
|
.... I'll be sure to include this entire text on the password creation screen other thinks What is Two-Channel Auto-Type Obfuscation? The Auto-Type feature of KeePass is very powerful: it sends simulated keypresses to other applications. This works with all Windows applications and for the target applications it's not possible to distinguish between real keypresses and the ones simulated by Auto-Type. This at the same time is the main disadvantage of Auto-Type, because keyloggers can eavesdrop the simulated keys. That's where Two-Channel Auto-Type Obfuscation (TCATO) comes into play. TCATO makes standard keyloggers useless. It uses the Windows clipboard to transfer parts of the auto-typed text into the target application. Keyloggers can see the Ctrl-V presses, but do not log the actual contents pasted from the clipboard. Clipboard spies don't work either, because only parts of the sensitive information is transferred on this way. Anyway, it's not perfectly secure (and unfortunately cannot be made by theory). None of the currently available keyloggers or clipboard spies can eavesdrop an obfuscated auto-type process, but it is theoretically possible to write a dedicated spy application that specializes on logging obfuscated auto-type. how to prevent this? : Anyway, it's not perfectly secure (and unfortunately cannot be made by theory). None of the currently available keyloggers or clipboard spies can eavesdrop an obfuscated auto-type process, but it is theoretically possible to write a dedicated spy application that specializes on logging obfuscated auto-type. Two-factor authentication with google authenticator or a similar |
|
|
|
|
ChuckOne
Sr. Member
Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
|
March 10, 2014, 10:08:29 PM |
|
Three thoughts:
- Just say Passphrase should be at least 50 characters long
- Show an indicator how good the chosen passphrase is
- Allow people to chose a weaker password
What will be the maximum length of the passphrase? Long passphrase must be copy / paste anyway, then for me it is the same work use 35 or 90 characters. There is no maximum length. I like that. I always hated max. length because it's simply not necessary. |
|
|
|
|
ChuckOne
Sr. Member
Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
|
March 10, 2014, 10:09:24 PM |
|
There is no maximum length.
IMHO 100 chars Why? |
|
|
|
|
|
igmaca
|
|
March 10, 2014, 10:11:34 PM |
|
|
|
|
|
|
|
Mario123
|
|
March 10, 2014, 10:13:12 PM |
|
There is no maximum length.
IMHO 100 chars Why? I believe NRS cuts after 100 characters. |
|
|
|
ChuckOne
Sr. Member
Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
|
March 10, 2014, 10:15:32 PM |
|
There is no maximum length.
IMHO 100 chars Why? I believe NRS cuts after 100 characters. If so, the web client could cut before the form is sent. But the user does not need to know it. EDIT: it makes understanding more difficult again. |
|
|
|
|
|
wesleyh
|
|
March 10, 2014, 10:16:06 PM |
|
There is no maximum length.
IMHO 100 chars Why? I believe NRS cuts after 100 characters. It doesn't, I've used a 500+ character password before and tried it with less characters and it resulted in different accounts. |
|
|
|
|
|
Mario123
|
|
March 10, 2014, 10:17:53 PM |
|
I see.
|
|
|
|
my8511
Newbie
Offline
Activity: 4
Merit: 0
|
|
March 10, 2014, 10:36:30 PM |
|
watching this new thread......
|
|
|
|
|
|
igmaca
|
|
March 10, 2014, 10:39:13 PM |
|
...
the transaction fees are still too damn high, forging rewards are way to low & come too slow for all but the richest Nxters.
...
..... In my opinion, you're better off dishing out smaller rewards at a faster pace. People are like lab rats who feel rewarded when they get a pellet. It would be better to get .001 NXT every couple of days than 10 NXT after many months. It is simple psychology. Almost every successful software "invention" these days is successful because it's addicting. Twitter, facebook, Angry Birds, Flappy Birds, Candy Crush, Farmville. All very successful and all very addicting. Give the people their pellets and they will be addicted and they will forge. RFC: Parallel Chains conceptOnly TL;DR version, coz noone would read a full one.Master Chain
Contains only checkpoints of all slave chains. Checkpointing is done once a day and only when 1440 blocks r built on top of the corresponding slave chain. Master chain is never pruned. Growth rate is [32 bytes * numberOfSlaveChain] per day. one Raspberry pi node to forge must be active. if a raspberry pi node gets forge shares its fee with other Raspberry Pi nodes pointing to the same TPS node. (one of the 1,000 TPS nodes for example "XX" ) note the criteria to limit the power of forging an account 1,000,000 nxt is due to 1440 blocks are generated in a day and therefore the chance is about one day. if the number of blocks per day for example increase to 14400 per day the criteria to limit the power of forging change to 100,000 nxt account as tantamount to a chance of about one day. why one day?
because all accounts that they want to forge if they are always active every day receive fees
keeps the interest in forging and maintain the node active everytimeSlave Chains
Contains only 1 type of transactions. Different currencies can be implemented as different chains. Forgers can choose what chains to secure. The market balances TPS rate. "XX" TPS node forge a slave parallel bloc because power forge depends by Raspberry Pi nodes can split the fees if a Raspberry pi node gets forge to all Raspberry pi nodes that point to "XX" node in proportion to the amount of funds each node (account) has can exchange fiat currency can handle 1000 TPS what happens if you attack one of the 1,000 nodes? as the power to forge remains in raspberri pi nodes the network security remains unchanged. it may happen that momentarily not reached 1,000 TPS Migration plan
Create slave chains that implement all transactions types existing in Nxt. Add a new type for checkpointing. Reject attempts to include non-checkpointing transactions into the master chain. Side-effects
The Chinese could use a separate currency inside their borders for very high TPS rates. Only checkpointing transactions have to bypass Great Firewall of China. Speculators provide currency exchange service - the business they love to do. NXTs become "tokens", users buy them for fiat to spend for fees, it's similar to prepaid coupons/tickets for provided services. |
|
|
|
|
crazybonkers
Member
Offline
Activity: 75
Merit: 10
|
|
March 10, 2014, 10:41:20 PM |
|
Three thoughts:
- Just say Passphrase should be at least 50 characters long
- Show an indicator how good the chosen passphrase is
- Allow people to chose a weaker password
What will be the maximum length of the passphrase? Long passphrase must be copy / paste anyway, then for me it is the same work use 35 or 90 characters. There is no maximum length. IMHO 100 chars What you laughing at? I have a passphrase of MORE than 150 lol beat that! Oh your not laughing... its an IMHO hehe... My bad, cough cough |
|
|
|
|
