NXT :: descendant of Bitcoin - Updated Information

[timmyd]

Even if it is a client issue. Wouldnt the hacker just continue to use nrs? Instead of targeting accounts thru a new client with extra security?
Will nrs always be able to connect u to ur account even if a new client comes out

New clients r supposed to generate keys with higher entropy (all 256 bits). All successful attacks were on low-entropy keys only.

Ok so when a new client arises is it reccomended that all users create new accounts? All current nrs accounts are currently at risk?
Some of these horror storys have me spooked a bit. I have a 50+ random password but still dont feel secure if im honest

[Come-from-Beyond]

Ok so when a new client arises is it reccomended that all users create new accounts? All current nrs accounts are currently at risk?
Some of these horror storys have me spooked a bit. I have a 50+ random password but still dont feel secure if im honest

If u use truly random password then u r ok. Recent horror stories r just black PR tricks.

[rickyjames]

As long as I'm wishing for a shiny new security add-on that allows frozen accounts that would take NXT out of circulation, I would also note that tabulating from the blockchain just how much NXT was indeed frozen and OUT of circulation helps the market know just how much is IN circulation - and would be an upward pressure on NXT prices.

[rickyjames]

Ok so when a new client arises is it reccomended that all users create new accounts? All current nrs accounts are currently at risk?
Some of these horror storys have me spooked a bit. I have a 50+ random password but still dont feel secure if im honest

If u use truly random password then u r ok. Recent horror stories r just black PR tricks.

You are probably right - but you can't be sure.   And this difference between "probably right / probably safe" and "sure / certain" is the shadow of doubt that the public mind will seize upon that will hinder widespread adaptation of NXT.  Bitcoin will always be able to claim an air gap option that we will not.  Getting ahead of this with some form of account freeze blockchain option / two step authentication scheme is the right thing to do.

[laowai80]

New clients r supposed to generate keys with higher entropy (all 256 bits). All successful attacks were on low-entropy keys only.

oh wait, since which version is it all 256 bits? )

[xyzzyx]

Why can't the client deal with email verification, google authenticator or even cellphone SMS
Aren't all verifications just software that runs somewhere? Why can't that somewhere be the client?

The problem with using an authenticator, in their current forms, is that they rely on a centralized point -- google, a SMS gateway, whatever.  

That, and it'd need multisig implemented.

Except the multisig, this is something that a NXT service provider could solve, I think.  I imagine it would work like this:

A group of nodes would run a parallel blockchain for the NXT2SMS functions.  These nodes would use transparent forging between themselves to maintain their N2S blockchain.  When you need to send a SMS, you would pay a fee and have a payload as an arbitrary message on the main blockchain.  The N2S nodes would notice the payload and decide who on their blockchain gets to collect the fee and transmit whatever is represented in the payload over SMS.  The one who generates the SMS is also the one who does the other side of the multisig to release the funds.

There's lots of hand-waving in the above paragraph because I don't know exactly how the core NXT functions that this is build upon will operate as they're yet to be released, but it's the general idea.

The hardware for the SMS transmission is the simple part as that already exists as an off-the-shelf solution: a smartphone or, for the more hardware hacker oriented, a GSM/GPRS module and an Arduio/RPi/etc to interface to it.

I might have overlooked something, however.

[Anon136]

I think this is the wrong way. what we need are clients that fore seamlessly, so even though the chance of winning will be minuscule, there will no no cost to forging, no barrier to entry so people will do it anyway. People pay to play the lottery now don't they? This lottery would be free to play, i think there is definitely some appeal there for users.

BCNext was forced to offer such the way coz small stakeholders won't bother with forging due to very high variation. Less coins forge - cheaper attacks.

if you just reduce the cost of forging down to ~0 than the low incentive wont matter. thats the point im trying to make. of course this can only come with time as third party developers make better client applications but this is what we should be focusing on. not pooled mining.

[Damelon]

Ok so when a new client arises is it reccomended that all users create new accounts? All current nrs accounts are currently at risk?
Some of these horror storys have me spooked a bit. I have a 50+ random password but still dont feel secure if im honest

If u use truly random password then u r ok. Recent horror stories r just black PR tricks.

You are probably right - but you can't be sure.   And this difference between "probably right / probably safe" and "sure / certain" is the shadow of doubt that the public mind will seize upon that will hinder widespread adaptation of NXT.  Bitcoin will always be able to claim an air gap option that we will not.  Getting ahead of this with some form of account freeze blockchain option / two step authentication scheme is the right thing to do.

Not only that. Íf there is some bad mediacoverage, we can point out that these issues have been debated amongst the stakeholders before launch and prove that we take security seriously and are also thinking beyond the scope of advanced users. I'm trying to think long term about these things as much as possible.

[jl777]

CfB

all the nodes would have to cryptographically store all the seeds for all accounts in a way that each node can reconstruct the desired output, without knowing the actual seed. Probably close to impossible, but not actually provably impossible. Maybe even a nice challenge for BCNext?

We don't need to use google authenticator, we just need some system that is distributed that achieves the desired result. That's a pretty open requirement and I doubt you can prove it is impossible. If it is not impossible, then it can be done.

I would like better minds than mine to figure out how to do this. I know mathematically it is probably the same odds of being hacked, but requiring an orthogonal step even after finding an account whose password you stumbled into would make everybody feel much safer.

As it is now a monkey typing random keys on the keyboard can stumble into an acct.

James

P.S. I understand why the current localhost will disappear, it has to so clients can add the new layer of security. Enforcing passwords that are strong enough is a good first step, but longer term please open your mind to the possibility of the "impossible", it will make a huge difference in NXT valuation

[Come-from-Beyond]

New clients r supposed to generate keys with higher entropy (all 256 bits). All successful attacks were on low-entropy keys only.

oh wait, since which version is it all 256 bits? )

It has been always been 256 bits.

[laowai80]

New clients r supposed to generate keys with higher entropy (all 256 bits). All successful attacks were on low-entropy keys only.

oh wait, since which version is it all 256 bits? )

It has been always been 256 bits.

ok, then I guess I misunderstood.

[EvilDave]

Quick question on the theft issue:

If someone is just running a brute force attack on the whole NXT network attempting to hit the jackpot, wont this activity be very visible in the blockchain?
Way I see it, every password generated by the brute force attack will create an account.
Can anyone (with more skillz than me) have a look at the account creation (possibly vs IP address) stats and see if something wierd is showing up?

[Come-from-Beyond]

if you just reduce the cost of forging down to ~0 than the low incentive wont matter. thats the point im trying to make. of course this can only come with time as third party developers make better client applications but this is what we should be focusing on. not pooled mining.

Good idea. As I wrote on Twitter, Pooled Forging may be added, not is being added.

[EpicThomas]

Quick question on the theft issue:

If someone is just running a brute force attack on the whole NXT network attempting to hit the jackpot, wont this activity be very visible in the blockchain?
Way I see it, every password generated by the brute force attack will create an account.
Can anyone (with more skillz than me) have a look at the account creation (possibly vs IP address) stats and see if something wierd is showing up?

The account will not show up in the blockchain before a transaction is made.

[jl777]

Can someone test potential passwords locally without going out to the network if he has the latest blockchain?

James

[Come-from-Beyond]

Quick question on the theft issue:

If someone is just running a brute force attack on the whole NXT network attempting to hit the jackpot, wont this activity be very visible in the blockchain?
Way I see it, every password generated by the brute force attack will create an account.
Can anyone (with more skillz than me) have a look at the account creation (possibly vs IP address) stats and see if something wierd is showing up?

Brute force attack is completely offline.

[rickyjames]

CfB

requiring an orthogonal step even after finding an account whose password you stumbled into would make everybody feel much safer.

As it is now a monkey typing random keys on the keyboard can stumble into an acct.

James

P.S. I understand why the current localhost will disappear, it has to so clients can add the new layer of security. Enforcing passwords that are strong enough is a good first step, but longer term please open your mind to the possibility of the "impossible", it will make a huge difference in NXT valuation

Jl777 and I absolutely see eye to eye on all of this.

[BitAddict]

I think this is the wrong way. what we need are clients that fore seamlessly, so even though the chance of winning will be minuscule, there will no no cost to forging, no barrier to entry so people will do it anyway. People pay to play the lottery now don't they? This lottery would be free to play, i think there is definitely some appeal there for users.

BCNext was forced to offer such the way coz small stakeholders won't bother with forging due to very high variation. Less coins forge - cheaper attacks.

I don't really like pools for forging. This is like one step back to centralized system.

I know we need to do something to allow small stakeholders to forge and get fee's everyday, but not this way.

[Damelon]

CfB

requiring an orthogonal step even after finding an account whose password you stumbled into would make everybody feel much safer.

As it is now a monkey typing random keys on the keyboard can stumble into an acct.

James

P.S. I understand why the current localhost will disappear, it has to so clients can add the new layer of security. Enforcing passwords that are strong enough is a good first step, but longer term please open your mind to the possibility of the "impossible", it will make a huge difference in NXT valuation

Jl777 and I absolutely see eye to eye on all of this.

Thirded

Edit: joe also added a security page to the wiki: http://wiki.nxtcrypto.org/wiki/Account_Security

Let's hope that filters out a lot of weaker passes.

[jl777]

offline mining of all NXT accounts in parallel
problem gets worse the more NXT accounts there are
this attracts more hackers the more NXT is worth
This will create an equilibrium effect like a boat anchor to a hot air balloon. The more NXT succeeds, the more it will be hacked.

CfB, tell me there is a solution that is more effective than the user needs to not be unlucky

James