nxtuser
Newbie
Offline
Activity: 10
Merit: 0
|
|
January 03, 2014, 09:00:05 AM |
|
isn't a password, that is generated by such a tool, insecure?
Why would you think so? Every time you run the tool OpenSSL RNG is properly seeded and 16-character random prefix is generated, which becomes part of the account password. I personally do not see any issue with this. I'm also planning to add some minor features and release the source code so anyone can audit.
|
|
|
|
lr127
Newbie
Offline
Activity: 35
Merit: 0
|
|
January 03, 2014, 09:03:20 AM |
|
There must be CRC added into addresses ASAP!
I agree. I thought about this recently and not found any reasons why we can't add the "check digit" to verify the account (as example GS-1, IBAN, etc).
|
|
|
|
lophie
|
|
January 03, 2014, 09:03:49 AM |
|
What is this passphrase thing in 0.4.8?
|
Will take me a while to climb up again, But where is a will, there is a way...
|
|
|
kunibopl
|
|
January 03, 2014, 09:10:44 AM |
|
There must be CRC added into addresses ASAP!
I agree. I thought about this recently and not found any reasons why we can't add the "check digit" to verify the account (as example GS-1, IBAN, etc). isn't it the same with BTC?
|
NXT: 5231236538923913892
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
January 03, 2014, 09:17:12 AM |
|
There must be CRC added into addresses ASAP!
I agree. I thought about this recently and not found any reasons why we can't add the "check digit" to verify the account (as example GS-1, IBAN, etc). Use Alias System.
|
|
|
|
Zahlen
Member
Offline
Activity: 98
Merit: 10
|
|
January 03, 2014, 09:20:29 AM |
|
Wouldn't aliases still be vulnerable to single-char typo errors?
EDIT: This kind of error is ok for URLs, you see a wrong site, just retype. But not ok for things that can cause big changes, like transaction addresses. Bitcoin client GUIs partially solve (or maybe go around is a better way of describing it) this by letting the user set up addresses in advance (and assigning readable labels to those addresses), so that checking accuracy of address only needs to be done one for each unique address.
|
|
|
|
timmyd
|
|
January 03, 2014, 09:21:20 AM |
|
T- 2hrs 40mins
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
January 03, 2014, 09:23:08 AM |
|
Wouldn't aliases still be vulnerable to single-char typo errors?
No, if u register alias that contains CRC.
|
|
|
|
lr127
Newbie
Offline
Activity: 35
Merit: 0
|
|
January 03, 2014, 09:26:13 AM |
|
isn't it the same with BTC?
I don't know how BTC works. Use Alias System.
It's crutch (kostyl) If i want to send money to dgex how i can use alias system?
|
|
|
|
mcjavar
|
|
January 03, 2014, 09:27:00 AM |
|
Just a friendly reminder... There will be a Bitcoin Conference in February held in Berlin. http://www.mediabistro.com/insidebitcoins/I am not from Berlin, but would love to represent Nxt on this venue. I decided to take 3 days off and fly over to Germany and use the opportunity to spread the word, let others know about Nxt and it´s features. I am sure that we all will benefit from having someone around at a venue like this. I am asking the community to support these efforts by donating to help fund the journey and the purchase of marketing materials like T-Shirts & pendrives with Nxt logo/slogan on them, printing some cool Nxt bills, and so on. I will document all the expenses and will make the spending of the fund transparent. I will also broadcast from the venue and post some pictures I received donations from 3 persons so far... I am asking community members, escpeially with big stakes to support this and help with funds AND ideas how to make Germany aware of Nxt. Even a couple of hundred Nxts will help. 11433600460445633305Thank you!
|
|
|
|
laowai80
Member
Offline
Activity: 98
Merit: 10
|
|
January 03, 2014, 09:30:09 AM |
|
If i want to send money to dgex how i can use alias system?
Need to ask client devs to implement 'send money to alias' feature asap.
|
|
|
|
Jean-Luc
|
|
January 03, 2014, 09:30:44 AM |
|
isn't a password, that is generated by such a tool, insecure?
Why would you think so? Every time you run the tool OpenSSL RNG is properly seeded and 16-character random prefix is generated, which becomes part of the account password. I personally do not see any issue with this. I'm also planning to add some minor features and release the source code so anyone can audit. Please, do release the source of your vanity generator. I was about to warn people not to use it, because it is a closed source tool posted by a new user with 5 posts only. Can't be too paranoid after the incident we already had. Without the source, how does one know if your random prefix is really random?
|
|
|
|
bitcoinpaul
|
|
January 03, 2014, 09:31:26 AM |
|
... Bitcoin client GUIs partially solve (or maybe go around is a better way of describing it) this by letting the user set up addresses in advance (and assigning readable labels to those addresses), so that checking accuracy of address only needs to be done one for each unique address.
This is a client problem. We have a nice client soon...
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
January 03, 2014, 09:35:17 AM |
|
Use Alias System.
It's crutch (kostyl) If i want to send money to dgex how i can use alias system? It's by design. DGEX must support the same URI scheme for CRCed aliases as u.
|
|
|
|
Jean-Luc
|
|
January 03, 2014, 09:38:55 AM |
|
I have a question related to all security issues we could see today. Should I be worried about my Chrome cache and that with the help of the cache someone will steal my password? Seems to me that I read somewhere in the last pages that we should delete cache as well..
So I have downloaded new client from the first page and checked the SHA, created new account and transfered my next to the new account with new passphrase. I cleared my cache and started using Chrome in incognito mode(I don't know if this is even necessary).. I also instaled a anti key-logger. After doing all this, am I well protected? Thanks everyone..
With 0.4.8 and earlier, URLs containing your secret phrase were being cached by the browser in the disk cache. So yes, you should delete that cache, and if you are ever worried about a situation like your laptop being stolen, confiscated by the authorities, at the US border, and so on, whoever has access to it can examine your hard disk and find that password. With 0.4.9e, those URLs are not cached on disk, but firefox still keeps them in the memory cache. I haven't tested other browsers. And I don't know how easy it is for other websites to exploit and try to fish out what is in your memory cache. So, to be safe, use a separate browser profile, or incognito mode, when accessing your Nxt node at localhost.
|
|
|
|
Zahlen
Member
Offline
Activity: 98
Merit: 10
|
|
January 03, 2014, 09:39:55 AM |
|
Wouldn't aliases still be vulnerable to single-char typo errors?
No, if u register alias that contains CRC. This makes the alias harder to remember though, which subtracts from the main purpose of aliases. There are still 192 reserved bits in addresses right? Maybe can spare some as check bits? ... Bitcoin client GUIs partially solve (or maybe go around is a better way of describing it) this by letting the user set up addresses in advance (and assigning readable labels to those addresses), so that checking accuracy of address only needs to be done one for each unique address.
This is a client problem. We have a nice client soon... Yeah, looking forward to it I hope it improves on Bitcoin clients way of handling this. Even checking once is not that great, considering addresses are 64 chars long! (Sorry if I'm being annoying. I'm just trying to make useability aspects more visible.)
|
|
|
|
landomata
Legendary
Offline
Activity: 2184
Merit: 1000
|
|
January 03, 2014, 09:42:48 AM |
|
I have a question about colored coins. Will it be possible to generate let's say 3 turtlecoins (each with the value of 10 NXT), print a QR-code for each of them, go to the next petshop, give the 3 QR-codes to the petshop and get 3 turtles? petshop redeems QR-codes and can exchange turtlecoins to NXT within his account?
as long as Turtle coin is traded in the Asset exchange....& the merchant accepts it should be fine...i think...
|
|
|
|
mnightwaffle
|
|
January 03, 2014, 09:47:52 AM |
|
whoever has access to it can examine your hard disk and find that password.
With 0.4.9e, those URLs are not cached on disk, but firefox still keeps them in the memory cache. I haven't tested other browsers. And I don't know how easy it is for other websites to exploit and try to fish out what is in your memory cache. So, to be safe, use a separate browser profile, or incognito mode, when accessing your Nxt node at localhost.
That cache can be perm. deleted with ccleaner or something similar to http://eraser.heidi.ie/ right?
|
|
|
|
NxtChg
|
|
January 03, 2014, 09:49:32 AM |
|
If I understand correctly, Bitcoin address has an embedded checksum.
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
January 03, 2014, 09:49:43 AM |
|
This makes the alias harder to remember though, which subtracts from the main purpose of aliases.
What do u prefer: 1. Send to 2587623823894059467 2. Send to John726 ? There are still 192 reserved bits in addresses right? Maybe can spare some as check bits?
We can't.
|
|
|
|
|