Bitcoin Forum
November 18, 2024, 04:47:13 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 ... 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 [118] 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 ... 2557 »
  Print  
Author Topic: NXT :: descendant of Bitcoin - Updated Information  (Read 2761608 times)
BitThink
Legendary
*
Offline Offline

Activity: 882
Merit: 1000



View Profile
December 06, 2013, 02:38:50 AM
 #2341

Added warning for secret phrases < 30 symbols.
Unlike Bitcoin, Nxt presently relies solely on brainwallets as the means of user authentication.  There is no "cold storage" alternative offered.  I see this security model as a vulnerability, and as future PR problem hurting mainstream adoption if Nxt coin heists do start happening.   Brainwallets are surprisingly tough to get right for the unsophisticated user.



I just disconnected from Internet, started the client & generated offline cold storage address (wallet).
Then you have no way to put any Nxt into this address.
Kodoka
Member
**
Offline Offline

Activity: 63
Merit: 10


View Profile
December 06, 2013, 02:44:56 AM
 #2342

I remember seeing that the network needed more well-know addresses. Do we still need more of those, and if so, how do I volunteer?

Yes, we need more. Post ur IP/domain.
My IP is: 69.146.88.14.

2Kool4Skewl (OP)
Sr. Member
****
Offline Offline

Activity: 644
Merit: 250



View Profile WWW
December 06, 2013, 02:51:54 AM
 #2343

Added warning for secret phrases < 30 symbols.
Unlike Bitcoin, Nxt presently relies solely on brainwallets as the means of user authentication.  There is no "cold storage" alternative offered.  I see this security model as a vulnerability, and as future PR problem hurting mainstream adoption if Nxt coin heists do start happening.   Brainwallets are surprisingly tough to get right for the unsophisticated user.



I just disconnected from Internet, started the client & generated offline cold storage address (wallet).
Then you have no way to put any Nxt into this address.

You can generate an address offline and then deposit funds to it.


                      ▄████████▄
                  ▄████████████████▄
             ▄██████████████████████████▄
      ▄███████████████████████████████████████▄
 ███████████████████████████████████████████████████
█████████████████████████████████████████████████████
█████████████████████████████████████████████████████
█████████████████████████████████████████████████████
█████████████████████████████████████████████████████
█████████████████████████████████████████████████████
█████████████████████████████████████████████████████
█████████████████████████████████████████████████████
 ███████████████████████████████████████████████████
 ███████████████████████████████████████████████████
 ███████████████████████████████████████████████████
  █████████████████████████████████████████████████
   ███████████████████████████████████████████████
   ███████████████████████████████████████████████
    █████████████████████████████████████████████
     ███████████████████████████████████████████
      █████████████████████████████████████████
       ███████████████████████████████████████
        █████████████████████████████████████
         ███████████████████████████████████
          █████████████████████████████████
           ▀█████████████████████████████▀
             ▀█████████████████████████▀
               ▀█████████████████████▀
                 ▀█████████████████▀
                   ▀█████████████▀
                      ▀███████▀
TRUSTEE 
BitThink
Legendary
*
Offline Offline

Activity: 882
Merit: 1000



View Profile
December 06, 2013, 03:03:47 AM
 #2344

Added warning for secret phrases < 30 symbols.
Unlike Bitcoin, Nxt presently relies solely on brainwallets as the means of user authentication.  There is no "cold storage" alternative offered.  I see this security model as a vulnerability, and as future PR problem hurting mainstream adoption if Nxt coin heists do start happening.   Brainwallets are surprisingly tough to get right for the unsophisticated user.



I just disconnected from Internet, started the client & generated offline cold storage address (wallet).
Then you have no way to put any Nxt into this address.

You can generate an address offline and then deposit funds to it.
Yes, but it does not solve the problem. Once people knows the brain-wallet password, he can withdraw the money on any computer. It does not matter whether you create the address online or offline.  Creating an address offline only avoid sniffering, but cannot avoid dictionary attacks at all.
ImmortAlex
Hero Member
*****
Offline Offline

Activity: 784
Merit: 501


View Profile
December 06, 2013, 03:50:38 AM
 #2345

Why can't an address be created that you associate a password with like Bitcoin?
It's just a different approach.

Either you have wallet.dat file with private keys which you must hold in dark cold place, affraid of viruses, bad blocks and your mom cleaning room early morning. Or you have just long passphrase associated - in your brain olny! - with some good old times when grass was greener and light was brighter... oh, nevermind Smiley

Both ways have some weak points, both required to understand things, both give you good ability to lost everything you have.

And I not even speak about thermorectal cryptoanalysis! Cheesy
msin
Legendary
*
Offline Offline

Activity: 1470
Merit: 1004


View Profile
December 06, 2013, 04:05:55 AM
 #2346

Why can't an address be created that you associate a password with like Bitcoin?
It's just a different approach.

Either you have wallet.dat file with private keys which you must hold in dark cold place, affraid of viruses, bad blocks and your mom cleaning room early morning. Or you have just long passphrase associated - in your brain olny! - with some good old times when grass was greener and light was brighter... oh, nevermind Smiley

Both ways have some weak points, both required to understand things, both give you good ability to lost everything you have.

And I not even speak about thermorectal cryptoanalysis! Cheesy

Ha, very nice!  I agree with you, both have weak points.  People can stress about a wallet file on their desktop that could be stolen, destroyed with the computer, etc..  I think there are ways to improve security with Nxt model, such as limiting unlock attempts per minute for a specific IP, or perhaps locking a specific Nxt address to an IP as an option for the user, so you could only login from a specific IP address, etc..  There is room for improvement and the good thing about Nxt is you won't get the online hosted wallet thefts like BTC is seeing.
ImmortAlex
Hero Member
*****
Offline Offline

Activity: 784
Merit: 501


View Profile
December 06, 2013, 04:17:14 AM
 #2347

Variant of user-friendly approach is to integrate some kind of password weakness test.
Or, at least, add a link to some online checking service (I saw something like that), which will guide user to select good passphrase.
BitThink
Legendary
*
Offline Offline

Activity: 882
Merit: 1000



View Profile
December 06, 2013, 04:19:52 AM
 #2348

Variant of user-friendly approach is to integrate some kind of password weakness test.
Or, at least, add a link to some online checking service (I saw something like that), which will guide user to select good passphrase.

It's dangerous to test your phrase online. People could record them and add to their dictionary. Currently the only valid way is to restrict the minimum length. Even the entropy is low, unless you are using a sentence from books, a pass phrase of 30 characters should be pretty safe for normal accounts.
puck2
Full Member
***
Offline Offline

Activity: 234
Merit: 105



View Profile
December 06, 2013, 04:21:46 AM
 #2349

Variant of user-friendly approach is to integrate some kind of password weakness test.
Or, at least, add a link to some online checking service (I saw something like that), which will guide user to select good passphrase.

The NXT system told me my password was too short, so perhaps this is already implemented?
bizz
Hero Member
*****
Offline Offline

Activity: 492
Merit: 500


View Profile
December 06, 2013, 04:33:10 AM
 #2350

Added warning for secret phrases < 30 symbols.
Unlike Bitcoin, Nxt presently relies solely on brainwallets as the means of user authentication.  There is no "cold storage" alternative offered.  I see this security model as a vulnerability, and as future PR problem hurting mainstream adoption if Nxt coin heists do start happening.   Brainwallets are surprisingly tough to get right for the unsophisticated user.



I just disconnected from Internet, started the client & generated offline cold storage address (wallet).
Then you have no way to put any Nxt into this address.

You can generate an address offline and then deposit funds to it.
Yes, but it does not solve the problem. Once people knows the brain-wallet password, he can withdraw the money on any computer. It does not matter whether you create the address online or offline.  Creating an address offline only avoid sniffering, but cannot avoid dictionary attacks at all.

Why the hell would I go through hurdles of creating offline account for cold storage and then use password "12345" Huh

Of course high entropy pass phrase should always be used regardless of cold/hot storage. Use 8+ (make that 10+) diceware words or random generated 30+ symbols.
ImmortAlex
Hero Member
*****
Offline Offline

Activity: 784
Merit: 501


View Profile
December 06, 2013, 04:42:36 AM
 #2351

Even the entropy is low, unless you are using a sentence from books, a pass phrase of 30 characters should be pretty safe for normal accounts.
You know it, I know it... But we talk about people who didn't realize that password "qwerty" is the key for their money... If we can guide them to right direction, it will be better for system.
puck2
Full Member
***
Offline Offline

Activity: 234
Merit: 105



View Profile
December 06, 2013, 04:44:03 AM
 #2352

Does my client need to be running to "mint" new NXT coins?
bizz
Hero Member
*****
Offline Offline

Activity: 492
Merit: 500


View Profile
December 06, 2013, 04:50:02 AM
 #2353

Does my client need to be running to "mint" new NXT coins?

Your server in cmd/terminal needs to be running and account needs to be unlocked in client (browser). Once you do that you can even close the browser but keep server running. I think?
Chang Hum
Hero Member
*****
Offline Offline

Activity: 714
Merit: 502


View Profile
December 06, 2013, 04:57:57 AM
 #2354

Why can't an address be created that you associate a password with like Bitcoin?
It's just a different approach.

Either you have wallet.dat file with private keys which you must hold in dark cold place, affraid of viruses, bad blocks and your mom cleaning room early morning. Or you have just long passphrase associated - in your brain olny! - with some good old times when grass was greener and light was brighter... oh, nevermind Smiley

Both ways have some weak points, both required to understand things, both give you good ability to lost everything you have.

And I not even speak about thermorectal cryptoanalysis! Cheesy

I see what you mean but even a random single or double digit being issued would be easy to remember and work round the security floor. Or username/pw like on blockchain.info.

If you look at blockchain info even with that security measure in place they've changed things (obviously out of a need as they've got bigger) so email & pw is no longer acceptable.
xyz
Hero Member
*****
Offline Offline

Activity: 1860
Merit: 774


View Profile
December 06, 2013, 05:12:42 AM
 #2355

Do I need to have some coins to get started? If yes, please, to my account 4183405989168842857

Thanks a lot!

...
Es sind die glücklichen Sklaven der Freiheit größter Feind...
(Heinrich Hoffmann von Fallersleben, 1798-1874)
ImmortAlex
Hero Member
*****
Offline Offline

Activity: 784
Merit: 501


View Profile
December 06, 2013, 05:13:04 AM
 #2356

Does my client need to be running to "mint" new NXT coins?
It depends on what you call "client".

That original funny web interface makes things a bit complex in terms if "client", "server", "peer", "account".

I prefer to name original software (Jetty + Nxt servlet, that you see as terrible black window) as "server". So we have p2p network of servers.
Browser, connected to one of servers, acts like lightweight "client". Client is dumb, it only show data from server, accept clicks on buttons and so on, but it doesn't perform any actual work for Nxt net.
Actually, there can be different client software even for original server, because server provides some API. And it can be not only browser. But for now there's only one original client.
"Account" is just a piece of data inside server's memory. When you unlock account, server software just create some bytes in memory and start to process it.

So, answer is: you need to unlock your account on some server (better you own server), than you can close your browser - server doesn't need it to perform work for net, and for mining too. If you restart server, you need to unlock account again.
ImmortAlex
Hero Member
*****
Offline Offline

Activity: 784
Merit: 501


View Profile
December 06, 2013, 05:30:35 AM
 #2357

I see what you mean but even a random single or double digit being issued would be easy to remember and work round the security floor. Or username/pw like on blockchain.info.

If you look at blockchain info even with that security measure in place they've changed things (obviously out of a need as they've got bigger) so email & pw is no longer acceptable.
Actually, I worry about my wallet.dat files not because it can be stolen. It's not a problem, they are password encrypted. I afraid of software and hardware failure, so I try to regulary make backups, keep them in different hidden secret places and have all that usual mess everyone have with backups, you know Smiley

Brain wallet keep me out of this classic problems. So I can sleep good, deep and peacful, and disarm my Mosin–Nagant Cheesy

But, yes, my Nxt account passphrase is insanely long and complex, thanx to my l33t IT skillz Smiley
aeddan1
Member
**
Offline Offline

Activity: 91
Merit: 10


View Profile
December 06, 2013, 06:07:52 AM
 #2358

So I followed all the instructions but nothing happened... what do I do at this point?

ImmortAlex
Hero Member
*****
Offline Offline

Activity: 784
Merit: 501


View Profile
December 06, 2013, 06:29:06 AM
 #2359

So I followed all the instructions but nothing happened... what do I do at this point?
It's not a full log. Please make screenshot from start.

Oh, wait.
It tells that port is already in use. Some other software use port 7875 or 7874.
Are you sure you're have only one copy of Nxt running?
aeddan1
Member
**
Offline Offline

Activity: 91
Merit: 10


View Profile
December 06, 2013, 06:38:43 AM
 #2360

So I followed all the instructions but nothing happened... what do I do at this point?
It's not a full log. Please make screenshot from start.

Oh, wait.
It tells that port is already in use. Some other software use port 7875 or 7874.
Are you sure you're have only one copy of Nxt running?
[/quote

I have BFGminer open with my asics mining peercoin. Is this conflicting in anyway? And according to task manager NXT isn't running at all... However I did try to start it multiple times with nothing happening...
Pages: « 1 ... 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 [118] 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 ... 2557 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!