NXT :: descendant of Bitcoin - Updated Information

[ChuckOne]

Any suggestions about Parallel Chains? If not then I'll stick to BCNext's draft.

Suggestion:
- SCIP mechanism to count blocks in order to have snapshot every 1440 blocks


Question:
Will snapshots integrated for free?

For fee.

I see.

Do you think the masterchain will need to achieve 1000 TPS?

[Eadeqa]

optical, bidji29. i think you are (we all are) biased because we know this shit for a long time. what the fuck is a wallet file. but a password, hell, everybody knows that.

But newbie don't even need to know there is a wallet.dat when they first launch the client. They directly have an account and can send NXT on it.
It's an easier solution.

This is dangerous. They need to know where it is so they can back it up for future use (different computer, hard drive crashes, etc).  Otherwise, just leave it as it is. They just need to save the generated passphrase. They won't be able to login without the passphrase, so it's safe to assume they saved it.

[bidji29]

optical, bidji29. i think you are (we all are) biased because we know this shit for a long time. what the fuck is a wallet file. but a password, hell, everybody knows that.

But newbie don't even need to know there is a wallet.dat when they first launch the client. They directly have an account and can send NXT on it.
It's an easier solution.

This is dangerous. They need to know where it is so they can back it up for future use (different computer, hard drive crashes, etc).  Otherwise, just leave it as it is. They just need to save the generated passphrase. They won't be able to login without the passphrase, so it's safe to assume they saved it.

That's why i propose a reminder at the 5th or 10th of the client to backup/encrypt the wallet.dat

[NxtMinnow]

To quote Eadeqa, "Huh? I never mentioned yubikey. I think that's for 2-factor authentication. It won't even work with Nxt as Nxt is local login to NRS. "

Yubikey has a second slot for a user programmed static password.  The second slot is not involved with 2-factor authentication by server.

I understand that we are attempting to provide a mechanism for users to create (or REQUIRE) strong passwords; however I am looking at ease of use while preserving security.

In my proposed use case I program my 32 character password to the Yubikey.  As I login to Nxt, I type a phrase known to me (longer than 18 characters) and then press the Yubikey button for 2-3 seconds to trigger the Yubikey to enter the stored static password and the Enter key at the end.

Presto chango - Pseudo 2-factor authentication with no third party validation servers required.

If Wesley implements his interface requiring random password generation it locks out users that would like to implement what I described above out of the ability to login securely with the described Yubikey use case.

Can Passphrase generation on Wesleyh client show password entropy and Strength as the Passphrase is input (before Account creation)?
Can I use my own strong password if I choose to so that I can use a Yubikey in pseudo 2-factor authentication.

I hope I am being clear enough.

[barbierir]

electrum database. (1626 words)

Larger diceware database could also be used.. if that's what the people want.

The advantage of a larger dictionary like diceware is that a 10 words passphrase would be as strong as a 12 words passphrase with the electrum dictionary. Am I right? Just a little more convenient for the end user.

[ChuckOne]

We need NXT ATMs.

http://arstechnica.com/information-technology/2014/03/ars-buys-bitcoins-at-one-of-the-countrys-only-bitcoin-atms/

[Come-from-Beyond]

Do you think the masterchain will need to achieve 1000 TPS?

No

[Eadeqa]

To quote Eadeqa, "Huh? I never mentioned yubikey. I think that's for 2-factor authentication. It won't even work with Nxt as Nxt is local login to NRS. "

Yubikey has a second slot for a user programmed static password.  The second slot is not involved with 2-factor authentication by server.

What happens to static password if you lose Yubikey? Yubikey costs money. Given small Nxt community you probably will be the only one who will  use it.

There is much easier (and free) solution to make  it easier. Use Lastpass browser plugin

https://lastpass.com/

Then you don't have to type anything as Lastpass will autofill the password. Plus you can use Yubikey (as it was intended for 2 factor authentication) with Lastpass.

[NxtMinnow]

Yubikey offers a Key Registration service that allows multiple keys to be remotely wiped at https://admin.yubico.com/yubirevoke/login.php

A Yubikey costs $30 and is worth far more than that to protect valuable digital assets.

Lastpass uses a third party server verification and for the most security paranoid this is not acceptable.

Wesleyh, can you code your login so that users can enter their OWN STRONG password so that the described Yubikey pseudo 2 factor authentication method can be used?

[opticalcarrier]

CfB:  how does payout during leased forging work?  will the account owner (that all effectiveBalance values are leased out to) have to do manual reconciliation or does NXT just figure it out?

[Come-from-Beyond]

CfB:  how does payout during leased forging work?  will the account owner (that all effectiveBalance values are leased out to) have to do manual reconciliation or does NXT just figure it out?

Fees go to the leasee (pool) and added to the balance of the account the power was leased to.

[Eadeqa]

Yubikey offers a Key Registration service that allows multiple keys to be remotely wiped at https://admin.yubico.com/yubirevoke/login.php

A Yubikey costs $30 and is worth far more than that to protect valuable digital assets.

Lastpass uses a third party server verification and for the most security paranoid this is not acceptable.

Wesleyh, can you code your login so that users can enter their OWN STRONG password so that the described Yubikey pseudo 2 factor authentication method can be used?

No, I meant what happens to the static password if you lose your Yubikey? How are you going to get your money out of Nxt account? That static key must be saved somewhere (as a back up). Wiping key doesn't help you to login to Nxt. So there must be a backup somewhere. Where is that backup? On Yubikey server?

As for Lastpass, encryption is done locally on the computer. Only encrypted blob is sent to Lastpass server.

[xyzzyx]

Yubikey offers a Key Registration service that allows multiple keys to be remotely wiped at https://admin.yubico.com/yubirevoke/login.php

A Yubikey costs $30 and is worth far more than that to protect valuable digital assets.

Lastpass uses a third party server verification and for the most security paranoid this is not acceptable.

Wesleyh, can you code your login so that users can enter their OWN STRONG password so that the described Yubikey pseudo 2 factor authentication method can be used?

I agree the Yubikey standard looks like an interesting option. 

However, on the topic of Lastpass, from https://lastpass.com/how-it-works/

All sensitive data is encrypted and decrypted locally before syncing with LastPass. Your key never leaves your device, and is never shared with LastPass. Your data stays accessible only to you.

(emphasis mine)

[Eadeqa]

Yubikey offers a Key Registration service that allows multiple keys to be remotely wiped at https://admin.yubico.com/yubirevoke/login.php

A Yubikey costs $30 and is worth far more than that to protect valuable digital assets.

Lastpass uses a third party server verification and for the most security paranoid this is not acceptable.

Wesleyh, can you code your login so that users can enter their OWN STRONG password so that the described Yubikey pseudo 2 factor authentication method can be used?

I agree the Yubikey standard looks like an interesting option. 

(emphasis mine)

I am still not sure Yubikey does anything. It's main purpose (as I understand it) is for 2 factor authentication (dynamic part of password that changes).

By the way, does anyone know how you restore your  Yubikey if you lose it?


 

[wesleyh]

Yubikey offers a Key Registration service that allows multiple keys to be remotely wiped at https://admin.yubico.com/yubirevoke/login.php

A Yubikey costs $30 and is worth far more than that to protect valuable digital assets.

Lastpass uses a third party server verification and for the most security paranoid this is not acceptable.

Wesleyh, can you code your login so that users can enter their OWN STRONG password so that the described Yubikey pseudo 2 factor authentication method can be used?

There is an option to not use the auto-generated pass phrase, is this not what you want?

[marek3ball]

Let me introduce our new weapon for promotions and conferences. Shiny piece of 3D printed metal.


                                  Nxt CPU
                   Cryptocurrency Processing Unit


I have tried to connect an old days of the computers with bright future of the Nxt cryptocurrency. I hope you will like it!

For now I'm starting with the limited silver edition of the Nxt CPU. Total 7 pieces will be made.

I will sell six silver Nxt CPU in an auction only for NXT.
I hope Nxt will succeed and this will be part of beginning and the great future.
You will be able to buy real pieces in more than ten different materials (steel, plastic).

3D printed brass prototype; 3.506cm long:

[ChuckOne]

2222.

[redsn0w]

Let me introduce our new weapon for promotions and conferences. Shiny piece of 3D printed metal.


                                  Nxt CPU
                   Cryptocurrency Processing Unit


I have tried to connect an old days of the computers with bright future of the Nxt cryptocurrency. I hope you will like it!

For now I'm starting with the limited silver edition of the Nxt CPU. Total 7 pieces will be made.

I will sell six silver Nxt CPU in an auction only for NXT.
I hope Nxt will succeed and this limited silver edition will be part of beginning and the great future.
You will be able to buy real pieces in more than ten different materials (silver, steel, plastic).

3D printed brass prototype; 3.872cm long:

+1

[NxtMinnow]

On "What happens to the static key if you lose your Yubikey?"  You are only storing one part of your NXT Passphrase in the pseudo 2 factor authentication use case described.  If lost, it cannot be used to gain access to your Nxt account without ALSO knowing the first part of the Nxt Passphrase (which user would memorize)

On "How are you going to get your money out of Nxt account in event of lost Yubikey?  Option 1) Make a backup Yubikey and store it in a safe deposit box or other secure location for the contingency of losing your main Yubikey.  Option 2) Create a local Keepass database with your Yubikey static key backed up inside the encrypted LOCAL Keepass database.

No, Nxt Passphrase backup is not on Yubikey server.  The only involvement of the Yubikey server in the use case I described is to register the Yubikeys and potentially Revoke them if they are lost.

I realize that Lastpass signs and encrypts locally before transmitting encrypted data.  STILL, some security paranoid users may not feel comfortable with any option but LOCAL backup of private keys.

Yubikey offers a Key Registration service that allows multiple keys to be remotely wiped at https://admin.yubico.com/yubirevoke/login.php

A Yubikey costs $30 and is worth far more than that to protect valuable digital assets.

Lastpass uses a third party server verification and for the most security paranoid this is not acceptable.

Wesleyh, can you code your login so that users can enter their OWN STRONG password so that the described Yubikey pseudo 2 factor authentication method can be used?

No, I meant what happens to the static password if you lose your Yubikey? How are you going to get your money out of Nxt account? That static key must be saved somewhere (as a back up). Wiping key doesn't help you to login to Nxt. So there must be a backup somewhere. Where is that backup? On Yubikey server?

As for Lastpass, encryption is done locally on the computer. Only encrypted blob is sent to Lastpass server.

[Anon136]

Final draft. What do you guys think? I'm pretty sure this is what the bars are going to look like.