Bitcoin Forum
September 16, 2019, 05:10:17 AM *
News: If you like a topic and you see an orange "bump" link, click it. More info.
 
   Home   Help Search Login Register More  
Pages: « 1 ... 2093 2094 2095 2096 2097 2098 2099 2100 2101 2102 2103 2104 2105 2106 2107 2108 2109 2110 2111 2112 2113 2114 2115 2116 2117 2118 2119 2120 2121 2122 2123 2124 2125 2126 2127 2128 2129 2130 2131 2132 2133 2134 2135 2136 2137 2138 2139 2140 2141 2142 [2143] 2144 2145 2146 2147 2148 2149 2150 2151 2152 2153 2154 2155 2156 2157 2158 2159 2160 2161 2162 2163 2164 2165 2166 2167 2168 2169 2170 2171 2172 2173 2174 2175 2176 2177 2178 2179 2180 2181 2182 2183 2184 2185 2186 2187 2188 2189 2190 2191 2192 2193 ... 2567 »
  Print  
Author Topic: NXT :: descendant of Bitcoin - Updated Information  (Read 2756160 times)
Eadeqa
Hero Member
*****
Offline Offline

Activity: 644
Merit: 500


View Profile
March 10, 2014, 04:56:59 PM
 #42841

optical, bidji29. i think you are (we all are) biased because we know this shit for a long time. what the fuck is a wallet file. but a password, hell, everybody knows that.

But newbie don't even need to know there is a wallet.dat when they first launch the client. They directly have an account and can send NXT on it.
It's an easier solution.

This is dangerous. They need to know where it is so they can back it up for future use (different computer, hard drive crashes, etc).  Otherwise, just leave it as it is. They just need to save the generated passphrase. They won't be able to login without the passphrase, so it's safe to assume they saved it.

NXT-GZYP-FMRT-FQ9K-3YQGS
https://nxtforum.org
1568610617
Hero Member
*
Offline Offline

Posts: 1568610617

View Profile Personal Message (Offline)

Ignore
1568610617
Reply with quote  #2

1568610617
Report to moderator
1568610617
Hero Member
*
Offline Offline

Posts: 1568610617

View Profile Personal Message (Offline)

Ignore
1568610617
Reply with quote  #2

1568610617
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1568610617
Hero Member
*
Offline Offline

Posts: 1568610617

View Profile Personal Message (Offline)

Ignore
1568610617
Reply with quote  #2

1568610617
Report to moderator
1568610617
Hero Member
*
Offline Offline

Posts: 1568610617

View Profile Personal Message (Offline)

Ignore
1568610617
Reply with quote  #2

1568610617
Report to moderator
1568610617
Hero Member
*
Offline Offline

Posts: 1568610617

View Profile Personal Message (Offline)

Ignore
1568610617
Reply with quote  #2

1568610617
Report to moderator
bidji29
Sr. Member
****
Offline Offline

Activity: 392
Merit: 250


View Profile
March 10, 2014, 05:23:14 PM
 #42842

optical, bidji29. i think you are (we all are) biased because we know this shit for a long time. what the fuck is a wallet file. but a password, hell, everybody knows that.

But newbie don't even need to know there is a wallet.dat when they first launch the client. They directly have an account and can send NXT on it.
It's an easier solution.

This is dangerous. They need to know where it is so they can back it up for future use (different computer, hard drive crashes, etc).  Otherwise, just leave it as it is. They just need to save the generated passphrase. They won't be able to login without the passphrase, so it's safe to assume they saved it.

That's why i propose a reminder at the 5th or 10th of the client to backup/encrypt the wallet.dat

http://www.freebieservers.com/  100% FREE GAME SERVERS
NxtMinnow
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile
March 10, 2014, 05:30:19 PM
 #42843

To quote Eadeqa, "Huh? I never mentioned yubikey. I think that's for 2-factor authentication. It won't even work with Nxt as Nxt is local login to NRS. "

Yubikey has a second slot for a user programmed static password.  The second slot is not involved with 2-factor authentication by server.

I understand that we are attempting to provide a mechanism for users to create (or REQUIRE) strong passwords; however I am looking at ease of use while preserving security.

In my proposed use case I program my 32 character password to the Yubikey.  As I login to Nxt, I type a phrase known to me (longer than 18 characters) and then press the Yubikey button for 2-3 seconds to trigger the Yubikey to enter the stored static password and the Enter key at the end.

Presto chango - Pseudo 2-factor authentication with no third party validation servers required.

If Wesley implements his interface requiring random password generation it locks out users that would like to implement what I described above out of the ability to login securely with the described Yubikey use case.

Can Passphrase generation on Wesleyh client show password entropy and Strength as the Passphrase is input (before Account creation)?
Can I use my own strong password if I choose to so that I can use a Yubikey in pseudo 2-factor authentication.

I hope I am being clear enough.
barbierir
Hero Member
*****
Offline Offline

Activity: 515
Merit: 502



View Profile WWW
March 10, 2014, 05:30:39 PM
 #42844


electrum database. (1626 words)

Larger diceware database could also be used.. if that's what the people want.

The advantage of a larger dictionary like diceware is that a 10 words passphrase would be as strong as a 12 words passphrase with the electrum dictionary. Am I right? Just a little more convenient for the end user.

◈▣ KOMODO ● Set Your Ideas Free ▣◈
.......AN ECOSYSTEM FOR NATIVE BLOCKCHAINS.......
Blockchain Generator | Decentralized Crowdfunding | Decentralized Exchange | Bitcoin Security | Zero-Knowledge Proofs | Blockchain Interoperability | Scalable Infrastructure
ChuckOne
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250

☕ NXT-4BTE-8Y4K-CDS2-6TB82


View Profile
March 10, 2014, 05:36:53 PM
 #42845

We need NXT ATMs.

http://arstechnica.com/information-technology/2014/03/ars-buys-bitcoins-at-one-of-the-countrys-only-bitcoin-atms/
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2128
Merit: 1009

Newbie


View Profile
March 10, 2014, 05:40:09 PM
 #42846

Do you think the masterchain will need to achieve 1000 TPS?

No
Eadeqa
Hero Member
*****
Offline Offline

Activity: 644
Merit: 500


View Profile
March 10, 2014, 05:42:24 PM
 #42847

To quote Eadeqa, "Huh? I never mentioned yubikey. I think that's for 2-factor authentication. It won't even work with Nxt as Nxt is local login to NRS. "

Yubikey has a second slot for a user programmed static password.  The second slot is not involved with 2-factor authentication by server.


What happens to static password if you lose Yubikey? Yubikey costs money. Given small Nxt community you probably will be the only one who will  use it.

There is much easier (and free) solution to make  it easier. Use Lastpass browser plugin

https://lastpass.com/

Then you don't have to type anything as Lastpass will autofill the password. Plus you can use Yubikey (as it was intended for 2 factor authentication) with Lastpass.





NXT-GZYP-FMRT-FQ9K-3YQGS
https://nxtforum.org
NxtMinnow
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile
March 10, 2014, 05:47:39 PM
 #42848

Yubikey offers a Key Registration service that allows multiple keys to be remotely wiped at https://admin.yubico.com/yubirevoke/login.php

A Yubikey costs $30 and is worth far more than that to protect valuable digital assets.

Lastpass uses a third party server verification and for the most security paranoid this is not acceptable.

Wesleyh, can you code your login so that users can enter their OWN STRONG password so that the described Yubikey pseudo 2 factor authentication method can be used?
opticalcarrier
Full Member
***
Offline Offline

Activity: 238
Merit: 100



View Profile
March 10, 2014, 05:49:06 PM
 #42849

CfB:  how does payout during leased forging work?  will the account owner (that all effectiveBalance values are leased out to) have to do manual reconciliation or does NXT just figure it out?
Come-from-Beyond
Legendary
*
Offline Offline

Activity: 2128
Merit: 1009

Newbie


View Profile
March 10, 2014, 05:50:17 PM
 #42850

CfB:  how does payout during leased forging work?  will the account owner (that all effectiveBalance values are leased out to) have to do manual reconciliation or does NXT just figure it out?

Fees go to the leasee (pool) and added to the balance of the account the power was leased to.
Eadeqa
Hero Member
*****
Offline Offline

Activity: 644
Merit: 500


View Profile
March 10, 2014, 05:54:58 PM
 #42851

Yubikey offers a Key Registration service that allows multiple keys to be remotely wiped at https://admin.yubico.com/yubirevoke/login.php

A Yubikey costs $30 and is worth far more than that to protect valuable digital assets.

Lastpass uses a third party server verification and for the most security paranoid this is not acceptable.

Wesleyh, can you code your login so that users can enter their OWN STRONG password so that the described Yubikey pseudo 2 factor authentication method can be used?

No, I meant what happens to the static password if you lose your Yubikey? How are you going to get your money out of Nxt account? That static key must be saved somewhere (as a back up). Wiping key doesn't help you to login to Nxt. So there must be a backup somewhere. Where is that backup? On Yubikey server?

As for Lastpass, encryption is done locally on the computer. Only encrypted blob is sent to Lastpass server.

NXT-GZYP-FMRT-FQ9K-3YQGS
https://nxtforum.org
xyzzyx
Sr. Member
****
Offline Offline

Activity: 490
Merit: 250


I don't really come from outer space.


View Profile
March 10, 2014, 06:03:43 PM
 #42852

Yubikey offers a Key Registration service that allows multiple keys to be remotely wiped at https://admin.yubico.com/yubirevoke/login.php

A Yubikey costs $30 and is worth far more than that to protect valuable digital assets.

Lastpass uses a third party server verification and for the most security paranoid this is not acceptable.

Wesleyh, can you code your login so that users can enter their OWN STRONG password so that the described Yubikey pseudo 2 factor authentication method can be used?

I agree the Yubikey standard looks like an interesting option. 

However, on the topic of Lastpass, from https://lastpass.com/how-it-works/
Quote
All sensitive data is encrypted and decrypted locally before syncing with LastPass. Your key never leaves your device, and is never shared with LastPass. Your data stays accessible only to you.

(emphasis mine)

"An awful lot of code is being written ... in languages that aren't very good by people who don't know what they're doing." -- Barbara Liskov
Eadeqa
Hero Member
*****
Offline Offline

Activity: 644
Merit: 500


View Profile
March 10, 2014, 06:11:39 PM
 #42853

Yubikey offers a Key Registration service that allows multiple keys to be remotely wiped at https://admin.yubico.com/yubirevoke/login.php

A Yubikey costs $30 and is worth far more than that to protect valuable digital assets.

Lastpass uses a third party server verification and for the most security paranoid this is not acceptable.

Wesleyh, can you code your login so that users can enter their OWN STRONG password so that the described Yubikey pseudo 2 factor authentication method can be used?

I agree the Yubikey standard looks like an interesting option. 

(emphasis mine)

I am still not sure Yubikey does anything. It's main purpose (as I understand it) is for 2 factor authentication (dynamic part of password that changes).

By the way, does anyone know how you restore your  Yubikey if you lose it?


 


NXT-GZYP-FMRT-FQ9K-3YQGS
https://nxtforum.org
wesleyh
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250


View Profile
March 10, 2014, 06:12:34 PM
 #42854

Yubikey offers a Key Registration service that allows multiple keys to be remotely wiped at https://admin.yubico.com/yubirevoke/login.php

A Yubikey costs $30 and is worth far more than that to protect valuable digital assets.

Lastpass uses a third party server verification and for the most security paranoid this is not acceptable.

Wesleyh, can you code your login so that users can enter their OWN STRONG password so that the described Yubikey pseudo 2 factor authentication method can be used?

There is an option to not use the auto-generated pass phrase, is this not what you want?

marek3ball
Full Member
***
Offline Offline

Activity: 180
Merit: 100


View Profile
March 10, 2014, 06:14:09 PM
Last edit: March 24, 2014, 12:25:34 AM by marek3ball
 #42855

Let me introduce our new weapon for promotions and conferences. Shiny piece of 3D printed metal.


                                  Nxt CPU
                   Cryptocurrency Processing Unit


I have tried to connect an old days of the computers with bright future of the Nxt cryptocurrency. I hope you will like it!

For now I'm starting with the limited silver edition of the Nxt CPU. Total 7 pieces will be made.

I will sell six silver Nxt CPU in an auction only for NXT.
I hope Nxt will succeed and this will be part of beginning and the great future.
You will be able to buy real pieces in more than ten different materials (steel, plastic).

3D printed brass prototype; 3.506cm long:



ChuckOne
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250

☕ NXT-4BTE-8Y4K-CDS2-6TB82


View Profile
March 10, 2014, 06:15:46 PM
 #42856

2222.
redsn0w
Legendary
*
Offline Offline

Activity: 1736
Merit: 1040


#Free market


View Profile
March 10, 2014, 06:19:52 PM
 #42857

Let me introduce our new weapon for promotions and conferences. Shiny piece of 3D printed metal.


                                  Nxt CPU
                   Cryptocurrency Processing Unit


I have tried to connect an old days of the computers with bright future of the Nxt cryptocurrency. I hope you will like it!

For now I'm starting with the limited silver edition of the Nxt CPU. Total 7 pieces will be made.

I will sell six silver Nxt CPU in an auction only for NXT.
I hope Nxt will succeed and this limited silver edition will be part of beginning and the great future.
You will be able to buy real pieces in more than ten different materials (silver, steel, plastic).

3D printed brass prototype; 3.872cm long:



+1
NxtMinnow
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile
March 10, 2014, 06:24:47 PM
 #42858

On "What happens to the static key if you lose your Yubikey?"  You are only storing one part of your NXT Passphrase in the pseudo 2 factor authentication use case described.  If lost, it cannot be used to gain access to your Nxt account without ALSO knowing the first part of the Nxt Passphrase (which user would memorize)

On "How are you going to get your money out of Nxt account in event of lost Yubikey?  Option 1) Make a backup Yubikey and store it in a safe deposit box or other secure location for the contingency of losing your main Yubikey.  Option 2) Create a local Keepass database with your Yubikey static key backed up inside the encrypted LOCAL Keepass database.

No, Nxt Passphrase backup is not on Yubikey server.  The only involvement of the Yubikey server in the use case I described is to register the Yubikeys and potentially Revoke them if they are lost.

I realize that Lastpass signs and encrypts locally before transmitting encrypted data.  STILL, some security paranoid users may not feel comfortable with any option but LOCAL backup of private keys.


Yubikey offers a Key Registration service that allows multiple keys to be remotely wiped at https://admin.yubico.com/yubirevoke/login.php

A Yubikey costs $30 and is worth far more than that to protect valuable digital assets.

Lastpass uses a third party server verification and for the most security paranoid this is not acceptable.

Wesleyh, can you code your login so that users can enter their OWN STRONG password so that the described Yubikey pseudo 2 factor authentication method can be used?

No, I meant what happens to the static password if you lose your Yubikey? How are you going to get your money out of Nxt account? That static key must be saved somewhere (as a back up). Wiping key doesn't help you to login to Nxt. So there must be a backup somewhere. Where is that backup? On Yubikey server?

As for Lastpass, encryption is done locally on the computer. Only encrypted blob is sent to Lastpass server.
Anon136
Legendary
*
Offline Offline

Activity: 1666
Merit: 1211



View Profile
March 10, 2014, 06:28:35 PM
 #42859

Final draft. What do you guys think? I'm pretty sure this is what the bars are going to look like.




Rep Thread: https://bitcointalk.org/index.php?topic=381041
If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
NxtMinnow
Member
**
Offline Offline

Activity: 84
Merit: 10


View Profile
March 10, 2014, 06:31:46 PM
 #42860

Anon136, that is too cool!


Wesleyh, yes that is the manual Passphrase entry I was looking for .

Any way it can show the user the bits of entropy and a Very Strong, Strong, Weak, Very Weak rating after the Passphrase is typed in but before the user creates the account with that Passphrase?
Pages: « 1 ... 2093 2094 2095 2096 2097 2098 2099 2100 2101 2102 2103 2104 2105 2106 2107 2108 2109 2110 2111 2112 2113 2114 2115 2116 2117 2118 2119 2120 2121 2122 2123 2124 2125 2126 2127 2128 2129 2130 2131 2132 2133 2134 2135 2136 2137 2138 2139 2140 2141 2142 [2143] 2144 2145 2146 2147 2148 2149 2150 2151 2152 2153 2154 2155 2156 2157 2158 2159 2160 2161 2162 2163 2164 2165 2166 2167 2168 2169 2170 2171 2172 2173 2174 2175 2176 2177 2178 2179 2180 2181 2182 2183 2184 2185 2186 2187 2188 2189 2190 2191 2192 2193 ... 2567 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!