NXT :: descendant of Bitcoin - Updated Information

[instacalm]

Any news on the block exporer? It states that it would be down for 24 hours but those 24 hours are long over

[1714585346]

1714585346

[1714585346]

1714585346

[1714585346]

1714585346

[1714585346]

1714585346

[sparta_cuss]

Hey, looks like I just got robbed, too.
Someone please check this account: 12152013998194592943
They now have 147k+ from me.
Had a 40 char random password, capital, lower, numbers, symbols.
WTF?

you're 11794318797680953099?
http://22k.io/-account/12152013998194592943

Yes, that was me. Just created a new account, though, and sent the remaining 100k there.

[Damelon]

NXT is like a gun.
Once you squeeze the trigger, you can't stop the bullet.
Safety lock is your pass phrase.
People are asking for additional safety measures so that they or someone else can't squeeze that trigger or that the gun asks them 'are you sure you want to squeeze it?'

its simple for us...but for the general public its gonna be too much.

This may all be so, but there is a need for the safety to be better.
Mainstream users will NEVER enter NXT in any way if safety is an issue.
Most people just want peace of mind and the knowledge that their money is safe and guaranteed.
For now, in this phase, it's maybe not an issue, but it should definitely be on the cards if NXT has plans to be anything other than a service that is used by the few.

That's why there will always be banks. And some people will always trust banks, no matter how many times banks screw them. Because banks take away worries of how to store funds, sometimes take away funds too.


The reality is only death and taxes are guaranteed. Everything else is just chances.

I think you are taking a position here that is anti-productive.
All that is true.
However: Average Joe will not accept a system that is inherently unsafe.
As it stands, it seems that there may be issues with the safety.
It's not enough to just say: "everything is unsafe".
There are ways to counteract it, and if they are there, why not use them?
The idea is (I hope) to maximise the NXTproject in terms of ROI for us and others.
Having a huge hole (or perceived hole) in the system will not help.

The fact that banks screw people, too, does not mean we cannot do better.

[ImmortAlex]

The first password opens the account

There's no such procedure like opening or closing account. Account is just a number. In decentralized network anyone can view any transactions in any accounts, f.e. using blockchain explorer.
But you need corresponding private key to transfer coins from that account.
Current software ask you to enter private key before you do anything with your account, but it is design flaw of software, wihich can be fixed.
And, yes, this long passphrase can be saved to file. If you name this file "wallet.dat" you make life of troyans easier

[rickyjames]

But I really do believe that some kind of hooks for a 2 factor authorization should be built into the code for transfers above a certain amount.  
  

This makes sense

Edit: A thief could always transfer smaller amounts under the threshold....

How about this - you can pay a fee to tell the blockchain that no further withdrawals are to be accepted from this account for all future times, and upon payment of the fee you register a second 50+ character password that can be used in the future to inform the blockchain to reauthorize withdrawals from the subject account.

We gotta do something here.  There are multiple reports of people having their NXT wallets emptied when they didn't want it to be during the low volume alpha / beta operations shakedown of NXT.  We have to do more that just say, "Well, if you used a strong password, it wasn't hacked by brute force".

[ImmortAlex]

Having a huge hole (or perceived hole) in the system will not help.

It's not a hole in the system. It is a hole in Average Joe mind. Which can be fixed using banks.
But banks must not be part of system, part of decentralized network.

[laowai80]

I think you are taking a position here that is anti-productive.
All that is true.
However: Average Joe will not accept a system that is inherently unsafe.
As it stands, it seems that there may be issues with the safety.
It's not enough to just say: "everything is unsafe".
There are ways to counteract it, and if they are there, why not use them?
The idea is (I hope) to maximise the NXTproject in terms of ROI for us and others.
Having a huge hole (or perceived hole) in the system will not help.

The fact that banks screw people, too, does not mean we cannot do better.

I am not taking any position, I am just stating facts.
Crypto currencies will never be for everyone to use, because many people are just lazy to learn to use them properly and safely. Just like guns.

[ImmortAlex]

How about this - you can pay a fee to tell the blockchain that no further withdrawals are to be accepted from this account for all future times, and upon payment of the fee you register a second 50+ character password that can be used in the future to inform the blockchain to reauthorize withdrawals from the subject account.

Register password... register... WHERE?!

[rickyjames]

How about this - you can pay a fee to tell the blockchain that no further withdrawals are to be accepted from this account for all future times, and upon payment of the fee you register a second 50+ character password that can be used in the future to inform the blockchain to reauthorize withdrawals from the subject account.

Register password... register... WHERE?!

As a public key on a colored coin?  The private key could be attached to a second colored coin when used one time to unlock the account for withdrawals, after that it's invalid

[ImmortAlex]

As a public key on a colored coin?

Your account number is public key already. You're constantly trying to create unnecessary entities.
Want to "freeze" some coins with some new private key? Just create new account with this key, trasfer coins to it, and then use this key only when you need to spend this coins.

[Damelon]

I think you are taking a position here that is anti-productive.
All that is true.
However: Average Joe will not accept a system that is inherently unsafe.
As it stands, it seems that there may be issues with the safety.
It's not enough to just say: "everything is unsafe".
There are ways to counteract it, and if they are there, why not use them?
The idea is (I hope) to maximise the NXTproject in terms of ROI for us and others.
Having a huge hole (or perceived hole) in the system will not help.

The fact that banks screw people, too, does not mean we cannot do better.

I am not taking any position, I am just stating facts.
Crypto currencies will never be for everyone to use, because many people are just lazy to learn to use them properly and safely. Just like guns.

I'm not disputing the facts. let me make that clear.
However, seeing as cryptos are very much in the mainstream news at the moment, it is a point of concern image-wise.
Banks use protocols behind the scenes that the Average Joe also shouldn't be trusted with.
I'm just pointing things out from a PR point of view. People are watching and PR is important for the mainstream.
I also disagree that cryptos will never be for everyone. Maybe in the form that they need to be handled now, but if there are ways to make them more accessible to the general public: go for it.

It's not a hole in the system. It is a hole in Average Joe mind. Which can be fixed using banks.
But banks must not be part of system, part of decentralized network.

Agreed, but it's what you have to work with (the average joe's mind)
This ties in generally with my answer above. Any crypto that doesn't appeal to companies that can offer such services will not make it in the end.
Mainstream adoption will eventually need to be had.

[chanc3r]

The first password opens the account

There's no such procedure like opening or closing account. Account is just a number. In decentralized network anyone can view any transactions in any accounts, f.e. using blockchain explorer.
But you need corresponding private key to transfer coins from that account.
Current software ask you to enter private key before you do anything with your account, but it is design flaw of software, wihich can be fixed.
And, yes, this long passphrase can be saved to file. If you name this file "wallet.dat" you make life of troyans easier

sorry if we are going to be picky about semantics...

when I enter the secret phrase into the client page on the web-browser it opens the account ON MY SCREEN.

I did not suggest storing anything in Wallet.DAT - the point is that;

the secret phrase and the account are one - an unbreakable link
if someone choses the same phrase they automatically can transact on the same account
there needs to be something to lock the account to the person who chose the secret phrase - a second password would do this.

at the moment we are being asked to trust a system which has no defences against brute force password attack apart from the ingenuity of the user picking an impossible secret phrase.

[laowai80]

The first post of this thread needs to provide an educational primer in BIG RED LETTERS on brainwallets, importance of strong pass phrases, how to choose them and importance of not having a key-logger on the computer. And have a warning not to proceed further if they haven't grasped that info and memorized it like their own name.

[utopianfuture]

But I really do believe that some kind of hooks for a 2 factor authorization should be built into the code for transfers above a certain amount.  
  

This makes sense

Edit: A thief could always transfer smaller amounts under the threshold....

How about this - you can pay a fee to tell the blockchain that no further withdrawals are to be accepted from this account for all future times, and upon payment of the fee you register a second 50+ character password that can be used in the future to inform the blockchain to reauthorize withdrawals from the subject account.

We gotta do something here.  There are multiple reports of people having their NXT wallets emptied when they didn't want it to be during the low volume alpha / beta operations shakedown of NXT.  We have to do more that just say, "Well, if you used a strong password, it wasn't hacked by brute force".

I doubt any of these report is actually true since when they are all silent when further proofs and information are requested. Remember that any hostile entity would have an incentive to slur NXT's security. Surely we want to improve user's experience so it would be good to brainstorm but the conception that current implementation is of poor security needs to be disapproved.  

[rickyjames]

As a public key on a colored coin?

Your account number is public key already.

I want to tell the world to never accept a withdrawal from my NXT account.  To do this I click a button on my client and go to a special page.  I pay a NXT fee and the page generates two numbers, a public key and a private key.  I attach the public key to a colored coin.  THis is my announcement to the world to lock my account.  I copy down the private key and hide it for a year.  NXT goes to $500 per coin and I want to cash in.  I go back to my client and send my private key out on a second colored coin twinned with the first one.  Now I am making my private key public but I don't care, it's one-use-only.  The blockchain processing software matches the two colored coins, sees that they are a lock and key fit, and my account is now unlocked for the first time in a year for withdrawals.

This could work, right?  You would see any attempts to "pick the lock" as invalid colored coins with fake private unlock keys being injected into the system..

[EmoneyRu]

[ANN] Added to my tool possibility to make hallmarked node

[utopianfuture]

Hey, looks like I just got robbed, too.
Someone please check this account: 12152013998194592943
They now have 147k+ from me.
Had a 40 char random password, capital, lower, numbers, symbols.
WTF?

you're 11794318797680953099?
http://22k.io/-account/12152013998194592943

Yes, that was me. Just created a new account, though, and sent the remaining 100k there.

If you acc got hacked they will take all not leaving you with 100K.

[BitAddict]

Just forget about SMS, email, fingerprint and drone verification is no way to do that, the system would be centralized and easy to break.

We just need cold wallets (able to forge via giving permision to another online computer, but not being able to send) and paper wallets.
I guess this is possible to do, so we need to focus here.

[sparta_cuss]

Hey, looks like I just got robbed, too.
Someone please check this account: 12152013998194592943
They now have 147k+ from me.
Had a 40 char random password, capital, lower, numbers, symbols.
WTF?

you're 11794318797680953099?
http://22k.io/-account/12152013998194592943

Yes, that was me. Just created a new account, though, and sent the remaining 100k there.

If you acc got hacked they will take all not leaving you with 100K.

That 100k came after the theft via a transfer from Dgex. Just lucky timing.

[ImmortAlex]

I want to tell the world to never accept a withdrawal from my NXT account.  To do this I click a button on my client and go to a special page.  I pay a NXT fee and the page generates two numbers, a public key and a private key.  I attach the public key to a colored coin.  THis is my announcement to the world to lock my account...

This can be done with existing functionality.
Just create new account, send coins to it and never use this account until NXT costs $500.
This is absolutely the same scheme as yours. And it's free