mczarnek
|
|
March 23, 2014, 05:51:04 AM |
|
The only thing you have to predict correctly is who will be the author every single one of the next 1440 blocks. (a difficult task no doubt considering you need to pay 0.1 nxt for each guess) You dont have to predict correctly what transactions will be in those blocks. This is important because it protects against gaming from transactions to be specifically tailored to allow you to author future blocks.
Why does predicting who will be the author of the block help you? Because you can change around your nxt in order to make sure that the hash of the account balances leads to you being the author? Also not sure why it's 0.1 nxt per guess? Why actually move around the funds? Why not just do it all offchain, use your own hashing function and when you find one that works, then you do the actual transaction? And you do have to predict what the account balances 1440 steps into the future will be because it's a hash of those account balances that determines who will forge and small changes to those account balances should lead to big changes in the hash output, right? Something obviously hasn't clicked yet.. heading to bed hopefully it will tonight, thanks Anon 136.
|
|
|
|
IveBeenBit
|
|
March 23, 2014, 06:06:36 AM |
|
Adam, NXT passphrases need to be at least 50 sufficiently random characters. On my website nxtcoinmagazine.org I outline in red letters at the top the importance of a strong NXT passphrase.
I use a Yubikey to create the second part of an NXT passprase. The following link is a short video detailing the process.
For the love of god if you are going to try to represent Nxt and bring newbies onto our ship, do not say things like this. It's not only wrong, but it scares people away. I will tell a personal story from last year. I was at a big libertarian gathering and Bitcoin was just getting off the ground. I met a dude...your average guy, and he was asking about Bitcoin since he had heard so many other people talking about it. He had decided that he wanted to give it a try to see what all the fuss was about and asked for my help & to sell him $20 worth. I had maybe 10 minutes to work with the guy and give him a crash course on Bitcoin. So I had him install Bitcoin Spinner (now replaced with Mycelium) on his Android Phone because it was the simplest Android Wallet out there, and only gave you one address to use over and over. It was as idiot proof as a bitcoin wallet can be. I had him download and install Bitcoin Spinner, then showed him how I scanned his QR code to transfer him money. Then showed him that if he presses "Send Transaction" and scanned a QR code it would fill in the address for him. He was up and running in 5 minutes. He was suitably impressed. "Such wow! This is easy!" I then said to him, "Listen, you only have $20 in bitcoin on this phone, and it's probably fine, but if you ever acquire a significant amount, you need to put some time into learning how to back up your bitcoins and protect them from theft. Since this is only $20 worth, it's no big deal if something happens." At that point, a "helpful" bystander jumped in and starts talking to the guy about public/private key cryptography, air gapped brain wallets, so on and so forth. I politely told the helpful guy to STFU because this is a brand new user with $20 of bitcoin who is not a computer guy to begin with and was getting visibly uncomfortable hearing about all the ways his bitcoins would be stolen. The helpful guy was so enthusiastic about bitcoin that he couldn't contain himself and scared off the newbie who, I am certain, left the conversation thinking that Bitcoin would never be for a guy like him. This is, unfortunately a weird habit that is prevalent among technical people...they want to treat everything as if they need to protect their private keys from passing NSA satellites. They will talk to newbies and get into painstaking detail about some obscure exploit or attack that COULD happen, maybe...to one in 200 people. K.I.S.S. Some newb that just hears about Nxt does not need to take the same measures as the head of security for the Crypto Bank of America.
|
|
|
|
IveBeenBit
|
|
March 23, 2014, 06:17:42 AM |
|
That being said, I think it would be way cooler to just scan my thumb print on my iphone, or had some program that I could just type in a simple password that unlocked my bigger password to unlock my account. I think that kind of thing will happen more in the future though. The passphrase being so long in a way is something I like too. People proved to me with statistics that if I make it long and random, it can't be brute forced.
Jabo -- you should look into a program called Keepass. It's exactly what you're talking about. You make up 1 master passphrase, and it will create an encrypted database that can store your Nxt pass phrases, forum passwords, online banking and so forth. It will randomly generate secure passwords for you and save them. When you want to log on somewhere or open your Nxt wallet, you copy & paste the password out of Keepass, or you can even have it type the password for you. This has the extra advantage that if, say, Bitcointalk gets hacked (again) and they get your password, the attackers don't get access to your email, and bank accounts, and Nxt wallet and so on. You can backup your password file into cloud storage since the password file itself is encrypted. Just make sure you have one really strong master password that will protect all your other ones. In fact, using a program like Keepass could be a good substitute for the wallet.dat file that many people think is lacking in Nxt.
|
|
|
|
BrianNowhere
|
|
March 23, 2014, 06:57:22 AM |
|
I am very impressed. I really think Ricky could be Nxt's own Andreas Antounopolis. Ricky was by far the best spokesperson on that panel. I loved how the DOGE girl, following a detailed technical answer by Ricky, said, "I have no idea what these guys just said". I really hope the community takes up Ricky's on his offer in a big way. I'd contribute to a bounty to get him a salary.
|
NXT: 4957831430947123625
|
|
|
Eadeqa
|
|
March 23, 2014, 07:03:53 AM Last edit: March 23, 2014, 07:18:09 AM by Eadeqa |
|
Wesley, Have you considered implementing a random character generator into the nxt client, and then saving that string in a local file encrypted by a password chosen on the first login? It would act as the equivalent of a wallet file.
I can write the scripts for you in whatever language you need...
Or the user can just save it in a browser based password manager (I use lastpass but there are several other choices) They won't have type to the password again as the plugins have one click auto-fill option, and the users will have an encrypted backup online with 2 factor authentication.
|
|
|
|
|
abctc
Legendary
Offline
Activity: 1806
Merit: 1038
|
|
March 23, 2014, 07:13:15 AM |
|
NXT passphrases need to be at least 50 sufficiently random characters.
- you forgot to add "IMHO"
|
██████████████████████████████████████████████████ ████████████████████████████████████████████████████ ██████████████████████████████████████████████████████ ████████████████████████████████████████████████████████ ████████████████████████████████████████████████████████ ████████████████████████████████████████████████████████████████████ ████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████ ████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ ████████████████████████████████████████████████████████████████████ | , the Next platform. Magis quam Moneta (More than a Coin) |
|
|
|
abctc
Legendary
Offline
Activity: 1806
Merit: 1038
|
|
March 23, 2014, 07:19:05 AM Last edit: March 23, 2014, 07:38:19 AM by abctc |
|
... Lastly, these unique suffixes, even if they may be fake, are in *human readable* format. ... which one is easier to tell is a scam: 123123312333 vs 123123123333 or Microsoft123 vs Microsoft? In the first case, someone might not even realize that something is wrong, and think that they have "checked the source" sufficiently and trust it. In the second case, it is 100% clear that there are two Microsofts. The user will then do his DD and figure out Microsoft123 is the real deal, and rename it to Microsoft on his trust list and ignore all others.
+100
|
██████████████████████████████████████████████████ ████████████████████████████████████████████████████ ██████████████████████████████████████████████████████ ████████████████████████████████████████████████████████ ████████████████████████████████████████████████████████ ████████████████████████████████████████████████████████████████████ ████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████ ████████████████████████████████████████████████████████████████ ██████████████████████████████████████████████████████████████████ ████████████████████████████████████████████████████████████████████ | , the Next platform. Magis quam Moneta (More than a Coin) |
|
|
|
waltz
Newbie
Offline
Activity: 22
Merit: 0
|
|
March 23, 2014, 07:20:31 AM |
|
is NXT a scam plan, like Labcoin?
|
|
|
|
BrianNowhere
|
|
March 23, 2014, 07:23:14 AM |
|
NXT passphrases need to be at least 50 sufficiently random characters.
- you forgot to add "IMHO" CIYAM and others have only pointed out like 500 billion times here about 10 word brain wallets. Funny how much politer this community suddenly gets when someone who has some clout rolls through.
|
NXT: 4957831430947123625
|
|
|
chanc3r
|
|
March 23, 2014, 07:34:46 AM |
|
Wesley, Have you considered implementing a random character generator into the nxt client, and then saving that string in a local file encrypted by a password chosen on the first login? It would act as the equivalent of a wallet file.
I can write the scripts for you in whatever language you need...
Or the user can just save it in a browser based password manager (I use lastpass but there are several other choices) They won't have type to the password again as the plugins have one click auto-fill option, and the users will have an encrypted backup online with 2 factor authentication. Firstly - Why not allow the user to print out the brain wallet password encrypted with their friendly password as a hard / cold backup. You can do it as a QR code which can be scanned back in by a webcam. If the data is encrypted with their 'friendly' wallet password someone cant just 'scan it in and use it' Secondly if its all web based why not use the browser to help you - you get it to store the password for you. Why not store the encrypted brainwallet password in the browser password cache, lots of browsers have plans for password syncing like apple does with iCloud keychain, if its seen as a password entry field by the browser then won't apps like last pass will automatically manage it? So the client front page would have 'encrypted brain wallet password field' - visible/invisible?? recognised as a password field for autofill and the browser would fill this in, for first time use you could have a generate brain wallet password button that populates this field. Also this form would have a friendly password field where the user puts their friendly password to decrypt the encrypted brain wallet password. ideally you want to set the field properties to stop the normal password being stored, i.e. so its not stored with the brain wallet password it is used to decrypt which it seems you can do from some of the websites I have visited. for ultra paranoid users you could even have the scan QR code on the front page of the client to retrieve the encrypted brain wallet password - not storing it online at all and then enter the friendly password to unlock it.
|
|
|
|
Anon136
Legendary
Offline
Activity: 1722
Merit: 1217
|
|
March 23, 2014, 07:36:33 AM |
|
Why does predicting who will be the author of the block help you? Because you can change around your nxt in order to make sure that the hash of the account balances leads to you being the author?
precisely Also not sure why it's 0.1 nxt per guess? Why actually move around the funds? Why not just do it all offchain, use your own hashing function and when you find one that works, then you do the actual transaction?
because you have to move your nxt to the account that you believe will be the one to win 1440 blocks in the future. transaction fees are 0.1 NXT And you do have to predict what the account balances 1440 steps into the future will be because it's a hash of those account balances that determines who will forge and small changes to those account balances should lead to big changes in the hash output, right?
no its a hash of the public key used to author the block + the generation signature of the previous block. account balances only multiply the threshold for acceptable block submission. if you were able to accurately guess every single one of the nxt 1440 block authors than you would only need 1 nxt in the account to forge with that account because you could calculate the most efficient private key and so wouldnt need the stake multiplier. Something obviously hasn't clicked yet.. heading to bed hopefully it will tonight, thanks Anon 136.
its not easy to wrap ones head around, keep asking questions, its clear from the sorts of questions you are asking that you are capable of understanding.
|
Rep Thread: https://bitcointalk.org/index.php?topic=381041If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
|
|
|
Mario123
|
|
March 23, 2014, 07:39:18 AM |
|
It would be great to see a "NXTpresscenter.org or something where people who can speak about various parts can make themselves known and some faces and names can be put to the project.
+1 That's what I planned to do. And I think we are in desperate need of a pool where we (and journalists, conference organizers) can choose from for different occasions (interviews, podium discussions, conference attending, speaker positions). I would like to collect names and some infos from the community for this. If anybody has any name suggestions or ideas, please PM me or reply here.
|
|
|
|
Eadeqa
|
|
March 23, 2014, 08:18:13 AM |
|
Wesley, Have you considered implementing a random character generator into the nxt client, and then saving that string in a local file encrypted by a password chosen on the first login? It would act as the equivalent of a wallet file.
I can write the scripts for you in whatever language you need...
Here is Lastpass and wesley client in action. No need to type the password again -- just one click to login. These password managers are pretty secure (probably more secure than custom walet.dat). Passwords are encrypted with AES and you get online encrypted backups that can be protected with 2 factor authentication. Back up is very important security step as losing walet.dat would be disaster
|
|
|
|
bitcoinpaul
|
|
March 23, 2014, 08:21:46 AM |
|
Relying on the user having a password manager is not good. The idea is to have something like a wallet.dat because people know it. I think providing different options for the user (brainwallet (and lastpass/1password), wallet file) is the best solution so far. Of course we should talk about details and other options. http://107.170.117.237/index.php/topic,56.0.html
|
|
|
|
Jerical13
|
|
March 23, 2014, 08:25:18 AM |
|
I really strongly think this is not right.
People are going to have to do research anyway before they buy and once they do it will be totally obvious which one is the legit one, it will be the one that they already own some of. alternatively inorder for them to feel safe buying with out doing research the asset will have to be well established. In this scenario the barrier to entry cost would actually be relatively insignificant compared to the costs associated with artificially generating that credibility through having huge amounts of fees payed to miners through the buying and selling of your asset.
im really quite certain that, considering the recent change to the conditions, the benefits gained from having a vibrant ecosystem of tokens would outweigh the cost of potential scammers, especially since people will need to take basic precautions against scammers anyway no matter what the issue fee.
This makes sense. Let's think how we'll come to a consensus. Dude, this is pretty simple. You were working on "digital good" ("porn store"). If one video (that costs $5 on clips4sale) costs $40, the seller needs to sell 8 of them to just make it even This is not going to work. Trust me. No one is opening a digital "good" store if it costs that much to add a new clip Asset exchange is not for digital goods. It is for parts of a company. In fact, cfb is working on a digital goods store as we speak. I thought it would use the same infrastructure. So it's totally new code that will become part of NRS? Yes. What about non-digital goods? Lets say I want to sell a USB drive that's worth $10? Neither is fit for your needs. (Due to trust issues etc) Trust issues aren't an issue if the parameters of the AE will allow for verification of sellers. There will also be the opportunity too include service providers to secure purchasing. And people should get to decide "trust" issues for themselves; no one should be able to tell someone else what an "asset" is.
|
|
|
|
oldnbold
Member
Offline
Activity: 64
Merit: 10
|
|
March 23, 2014, 08:34:29 AM |
|
Hopefully i'll soon know enough to be able to post my own detailed/reasoned comments in favour of NXT wrt to articles such as this: Ripple vs Open Transactions: Which Platform is the Future of Payments? just published here: http://www.cryptocoinsnews.com/2014/03/22/ripple-vs-open-transactions/In the meantime looking forward to reading such comments from others
|
|
|
|
jabo38
Legendary
Offline
Activity: 1232
Merit: 1001
mining is so 2012-2013
|
|
March 23, 2014, 08:39:21 AM |
|
That being said, I think it would be way cooler to just scan my thumb print on my iphone, or had some program that I could just type in a simple password that unlocked my bigger password to unlock my account. I think that kind of thing will happen more in the future though. The passphrase being so long in a way is something I like too. People proved to me with statistics that if I make it long and random, it can't be brute forced.
Jabo -- you should look into a program called Keepass. It's exactly what you're talking about. You make up 1 master passphrase, and it will create an encrypted database that can store your Nxt pass phrases, forum passwords, online banking and so forth. It will randomly generate secure passwords for you and save them. When you want to log on somewhere or open your Nxt wallet, you copy & paste the password out of Keepass, or you can even have it type the password for you. This has the extra advantage that if, say, Bitcointalk gets hacked (again) and they get your password, the attackers don't get access to your email, and bank accounts, and Nxt wallet and so on. You can backup your password file into cloud storage since the password file itself is encrypted. Just make sure you have one really strong master password that will protect all your other ones. In fact, using a program like Keepass could be a good substitute for the wallet.dat file that many people think is lacking in Nxt. Okay, I will look into it tonight. :-) Thank you.
|
|
|
|
marcus03
|
|
March 23, 2014, 09:04:40 AM |
|
I think more than anything NXT suffers from lack of people who have both a deep knowledge of the project and who have strong presentation skills. You have some people in your group who have good presentation skills (like Kris) but who feel out of depth when it comes to technical stuff.
Anybody I talk to needs to be able to explain to my why it's not an insanely bad tradeoff to not have a wallet.dat and to require a very difficult to remember, unique brainwallet to be entered for every action. That is by far the biggest barrier to actual use, and I've yet to hear a good solution.
Since you wrote you use NXT Solaris: I have implemented a file wallet already in my client for the next version. Users can then choose if they want to use it or use brainwallet secrets.
|
|
|
|
marcus03
|
|
March 23, 2014, 09:33:32 AM |
|
Can we get an SSL cert for it? They are actually very cheap, I believe even free for a single server cert wwith startSSL. If you order it with nxtcrypto.org domain then I will do the email part when it comes in.
But I wish I could get a domain-wide wildcard cert donated from infrastructure committee. But they refused the request. So, JLP/CFB, please tell me your opinion on these light clients with client side signing, when they connect to VPSs, are SSL connections needed? If so I will just disable SSL on all my VPSs and we can just forget about SSL altogether.
Except for forums And also I wish we could get one for wiki, but the infrastructure commitee deems it unnecessary there as well.
@opticalcarrier: Why don't you follow-up on our (InfCom) comments and questions. As EvilDave said, SSL for client <-> NRS communication was turned down by InfCom. Regarding, the wiki hosted on nxtcrypto.org, just one member of InfCom (me) asked a question in our thread ( https://bitcointalk.org/index.php?topic=506757.msg5769376#msg5769376), but we got no answer. Then wesleyh posts on the SSL issue ( https://bitbucket.org/nxtinfrastructure/committee/issue/20/ssl-certificate-for-nxtcryptoorg), I have another question on this and there is no follow-up. It just feels like you don't have a case. We are not gods. We might be off light-years. Just follow-up and convince us.
|
|
|
|
|