NXT :: descendant of Bitcoin - Updated Information

[opticalcarrier]

can someone asnwer why sometimes ann account forges 2 consecutive blocks??  This happens more frequently that I would think it should

[1713491916]

1713491916

[1713491916]

1713491916

[1713491916]

1713491916

[brooklynbtc]

alright dude. sell us your coins and you are free to go

happy new year.

[bitcool]

Is the OPEN source code still scheduled to be opened on January 3rd?

To qualify as a descendant of Bitcoin, these principles need to be adhered to:  
  Open sourced
  Decentralized
  Fair

No amount of greed should overcome these criteria, IMHO.

[laowai80]

then it will not have widespread adoption.

Probably not until banks start bailing-in their depositors around the world (all mechanisms and laws are already in place for that). But that's equally true for bitcoin and other cryptos.

[ImmortAlex]

it will not have widespread adoption.

It is not differ from Bitcoin in sense of public/private keys, transaction authorisation and so on.

[ImmortAlex]

can someone asnwer why sometimes ann account forges 2 consecutive blocks??  This happens more frequently that I would think it should

This is accounts with very big stake, so they have a lot of chances to forge.

[utopianfuture]

As a public key on a colored coin?

Your account number is public key already. You're constantly trying to create unnecessary entities.
Want to "freeze" some coins with some new private key? Just create new account with this key, trasfer coins to it, and then use this key only when you need to spend this coins.

The problem is that the "lucky gold strike" loophole for somebody else to hit this new account when miskeying their own password exists just like it exists for the old one.  Psychologically to the public this is always going to be perceived as a flaw because they don't understand how unlikely it is.  You haven't increased security one iota, you have only created a different winning lottery number.  

Publically announcing to the world not to accept withdrawals from an account closes this loophole.  That will make a huge psychological difference to the public.  And I am telling you, for NXT to succeed with the public, irrational psychological issues are going to have to be addressed.

You still need a pass at some point to make an announcement like "I want to spend this money again" right ? you would still need to enter this pass into the network right ? It is essentially the same thing as current implementation.

No.  If it is a dual colored coin scheme, attempts to unlock the account for withdrawals are publically seen on the blockchain and can be monitored and throw up warnings that an account is under attack.  If somebody hits the powerball jackpot and gets into an account through a miskey of another password, that is a one-time private event that is all over in under a minute and nobody even realizes it has happened until the next time they open their account or check it on the block chain.

I understand the math on how unlikely it is that a miskeyed password could open the fattest wallet by accident.  This isn't about math.  It's about public psychology.  Saying as a programmer it isn't necessary ignores the popularity of Powerball in the public mind and the psychology bias it introduces against brain wallets.

If you use a random generator, the chance of someone mis-types and get your pass is zero. Because the pass will use a lot of special characters and not-well-placed keys. Pass like that cannot be accidentally typed. No humanly possible guess is a random. So no mis-type is not possible even in a billion year.

I only worried about hacking. But just educated myself with some current articles on password picking, I can say that it is already extremely time- consuming and impossible at current state of art to pick a 10 character pass if they are truly random.  

Now key logger is another topic and definitely a risk. As long as you connect to Internet, there is a risk.

[instacalm]

Just transferred everything back to Dgex. Forging is done for me. If I can be hacked because of some security hole that Nxt cannot plug (key-loggers, for instance) than, though it's not Nxt's fault, it will hurt adoption and participation.

Hey, what if they will hack Dgex? Or founder of Dgex will disappear in the dust?

Like I said, cashing out as soon as I can.

It's like you guys are building a really high-performance car, and then criticizing the roads for being too bumpy and drivers for being unskilled. It's a great car, and it can do amazing things, but if it isn't adapted to the world as it is or drivers as they are (and not as you want them to be), then it will not have widespread adoption.

What? Your argument can be applied to anything. How do you expect NEXT to safe you from keyloggers? A password is a password and it is up to you to choose and keep it safe.

[Damelon]

 This isn't about math.  It's about public psychology.

I think this neatly summarises everything that I was trying to point out.

To expand on that: for NXT to be succesful and truly added value, it will need to go mainstream at some point. Arguably not now, and I'm not in any way suggesting that.
But it needs to be on the cards and taken seriously.

How that will be achieved is a different matter. Third parties seems logical. It's not something that is the sole responsibility of the NXT devs.

NXT and any crypto that wants to survive, needs the general public. Those is also a fact.

Also, in a more productive vein, I'd like to add a security page to the wiki. I now have the following items:

- Making a secure password with keepass (does other software need to be added?) (50-60 characters long enough?)
- Treat your wallet pass like it was your PIN.
- Keep your computer malware/virus free!
- never post pass.

Does anything else need adding. If it isn't obvious already, I am not a techie (although I know enough to keep myself protected). Can anyone suggest other easily implemented safety precautions?
Might as well help people out as much as we can

[opticalcarrier]

@2Kool4Skewl
Please replace direct download links with links to cfb's posts with them.
Nothing personal, just security

All, JeanLuc has agreed to start posting releases at info.nxtcrypto.org and they will also be posted at forums.nxtcrypto.org as well as at the www.nxtcrypto.org site.

[starik69]

This happens more frequently that I would think it should

Have you any math for this? Or only fud?

[smartwart]

There is no matter if you use one, two, or ten different passwords in sequence - or just one.

To be constructive, a password manager and generator (maybe like keypass2) could be integrated to NxT Client?
That would simplify it for causal user.

[fmiboy]

This isn't about math.  It's about public psychology.

I think this neatly summarises everything that I was trying to point out.

To expand on that: for NXT to be succesful and truly added value, it will need to go mainstream at some point. Arguably not now, and I'm not in any way suggesting that.
But it needs to be on the cards and taken seriously.

How that will be achieved is a different matter. Third parties seems logical. It's not something that is the sole responsibility of the NXT devs.

NXT and any crypto that wants to survive, needs the general public. Those is also a fact.

Also, in a more productive vein, I'd like to add a security page to the wiki. I now have the following items:

- Making a secure password with keepass (does other software need to be added?) (50-60 characters long enough?)
- Treat your wallet pass like it was your PIN.
- Keep your computer malware/virus free!
- never post pass.

Does anything else need adding. If it isn't obvious already, I am not a techie (although I know enough to keep myself protected). Can anyone suggest other easily implemented safety precautions?
Might as well help people out as much as we can

keepass 2 has expire date for every generated key/pass, I think, one must mention that as well. if it expire than users blame you to not posting about it so generate key/pass and write that to paper or something similar

[BitAddict]

Hey there, i started an NXT forging pool, for poeople that want to forge nxt with some reliability or dont want the NXT client running all day long

Website: http://nxt-pool.uk.to/

Nextcoin.org thread: https://nextcoin.org/index.php/topic,1783.0.html

If you send small amounts consider you will need to pay total 2 NxT fee for sending and return, so this is probably more than the NxT you're going to forge in years.

Every 24h currently you can forge about:

100k= 1NxT
10k= 0,1NxT
1k= 0,01NxT
100= 0,001NxT

So if you send 1k you will need 200 days just to breakeven the 2 NxT fee when you're risking your money in a 3rd party.

Also you can't use your coins when you want (you need to wait manual cashout), and now there is no decimals so is imposible to pay out under 1NxT.

And what about if your next forum account/email gets hacked and tell him to send coins to another new wallet? You also lose everything.

IMO is no point using this, and less with current 1NxT fee.

[opticalcarrier]

Id like these people claiming thefts to post their password.  If the account has been emptied please post the password.

I want to tell the world to never accept a withdrawal from my NXT account.  To do this I click a button on my client and go to a special page.  I pay a NXT fee and the page generates two numbers, a public key and a private key.  I attach the public key to a colored coin.  THis is my announcement to the world to lock my account...

This can be done with existing functionality.
Just create new account, send coins to it and never use this account until NXT costs $500.
This is absolutely the same scheme as yours. And it's free

yes but I'd like to be able to forge and also have functionality of a 2nd password in order to send funds.
This way, for forging, Id just use my regular PC.  But to ever send NXT, Id boot to a pupply linux usb drive and enter the password in that, with security from virus/keylogger/etc

[Kodoka]

Any chance Google Authenticator could be worked into the code, for everyone calling for extra security? Also, I wanted to see just how brute force resistant Nxt is, so I threw together some code and ran it. Unless a hacker is working with a ridiculously powerful rig, brute force is NOT an option. Even a 7 character pass-phrase would take several weeks to check all combinations of a mixed alpha-numeric set. So if your account has been hacked, you probably need to clean up your computer.

[EmoneyRu]

Any actual roadmap? What would happen @ 32k?

[Mistafreeze]

How could we implement email confirmation for sending of NXT?

A service provider watching the blockchain could do this easily.

This should be implemented...it would remove the possibility all together of Nxt being stolen...would also be another advantage for Nxt

Is this something where the eventual message feature of NXT could come into play? The node that forges the block send a message back to the originator of the transaction and requests confirmation? I'm not sure how you hold up the transfer until confirmed, just my $.02

Edit: After about 2 seconds of thought I realized this would send a message back to the person who has already gained unauthorized access to the account.

:\

[opticalcarrier]

This happens more frequently that I would think it should

Have you any math for this? Or only fud?

You are too crafty and have exposed my scheme of toppling NXT due to fud.....

Hey smartguy, the whitepaper isnt published yet.  So we dont really know yet do we; if you know the math then please post it.  You are a idiot if you think accusations of FUD as a response to legitimate questions are in the best interest of the NXT community.

Honestly though, are you fu**ing retarded?  Have you not seen the amount of time and effort Ive been expending on this project??  And you call FUD on me.... wow not very bright there are you sparky

[rickyjames]

"It's like you guys are building a really high-performance car, and then criticizing the roads for being too bumpy and drivers for being unskilled. It's a great car, and it can do amazing things, but if it isn't adapted to the world as it is or drivers as they are (and not as you want them to be), then it will not have widespread adoption."

I agree.

OK, just to bubble this to the top again, I officially request that a function be implemented in the NXT client and server that allows an account to publicly declare in the blockchain that it is closed to withdrawals until further notice.  Until this notice is given and verified, all attempts to withdraw from this account are to be deemed invalid by whoever is processing the block with the withdrawal request.

This function would be implemented by accessing a special lock page in the client software where a fee would be assessed for utilizing this option.  Clicking on the "accept fee" key on this page does two things: (1) sends out a colored coin or equivalent containing the account number, the freeze notification, and the public half of an unfreeze code (2) displays for the user the private half of an unfreeze code that is to be copied down manually.

During the account lockdown freeze period, all pending transactions on the blockchain are compared against a list of locked accounts as part of the verification process.  If the withdrawal is against a frozen account, it is rejected as invalid.

To unfreeze the account, a user goes to a special unfreeze page in the client, enters the previously copied private key half generated during the original account locking, pays a fee, and sends a colored coin or equivalent containing the account number, the unfreeze notification, and the private half of the unfreeze code.  A server processing a block containing a colored account unlock code verifies the public / private keys unfreeze the account correctly and removes the specified account from the frozen list.  There may be a time delay while this information is propogated throughout the system and this delay would be accepted as part of the unfreeze process.  

This effectively would implement two factor authentication for sending NXT from a high-value account because the sender would need both the unfreeze code and the original account passphrase.

This scheme is NOT the same as transferring large sums to a new and seldom used NXT account for safekeeping.  Such an account still has an extremely small but non-zero probability of being opened via a brute force or lucky hit of its password, or of being keylogged or trojaned.  Publically announced frozen accounts have a zero chance of being drained.  This difference between extremely small chance and zero is huge in the public mind and will go a long way in making the general public accept the NXT always-online brainwallet concept.

Question one:  is this technically possible, yes or no.