Looks cool. I would like to see some comment from CFB to make sure we don't interfere with some unrevealed feature, but then, I'll add it to Solaris.
Other client developers checking in?
I absolutely cast my vote for using a standardized Reed Solomon NXT account number all beginning with N containing the characters 2-9, A-Z while dropping the use of 0 and O and 1 and I. Adding just an N in front to denote "NXT" is a half measure. I think we should go for bold branding and have the first three characters of every address always be "NXT" so non-users recognize it and eventually become converts. This would bring the total length to exactly 20 characters, which can be either four groups of five separated by dashes, or five groups of four. I personally prefer the latter.
it would be good marketing
As long as we are establishing some standardized user-friendly methodology here for the non-geek common man or woman, I'd like to go ahead and document in the forum another idea I've had along this line.
If NXT is going to succeed, it is going to succeed because the average person worldwide starts using NXT via their cellphone.
Let me say that again.
If NXT is going to succeed, it is going to succeed because the average person worldwide starts using NXT via their cellphone.
The last thing a person with a cellphone is going to do is sit there and type in a 50 digit uppercase-lowercase password to buy a candy bar with NXT.
Let me say that again.
The last thing a person with a cellphone is going to do is sit there and type in a 50 digit uppercase-lowercase password to buy a candy bar with NXT.
So at some point between the geeks dreaming this stuff up and the average joe using it, there is going to be the creation of a user-friendly surrogate password method that is easier to use, just like the user-friendly surrogate account number method being brilliantly addressed by this Reed Solomon thread.
My proposed solution is a centralized (gasp - ha ha ha) trusted authority (just like the centralized trusted authority that manufactures and mails credit cards today) that manufactures sets of matching metal medallions sold in a tamperproof blister pack to everyday average people. They can buy them at the convenience store next to the cigarettes and the condoms. Heck, we might even give them away for free. Opening this blister pack lets them instantly create a NXT account on their cellphone.
As an aside, this person has just opened an NXT bank account at the same time he bought those condoms. Opening a bank account is a big deal and getting harder and harder for more and more people to do. Bank accounts in a box for the lower middle class are a booming business - see "Bluebird" from AmEx and Walmart here in America:
https://www.bluebird.com/?SOLID=BBSEMITS . There's still time for NXT to get in this game on the ground level...
Anyway, on these NXT metal medallions are QR codes purchasers scan with their phone.
Scanning the first medallion QR brings up an NXT client install package from Google Play or the Apple App store. The user runs this.
Once the client is installed on the phone, the user runs the NXT client for the first time and scans the second metal medallion QR. This loads the fresh client with a user account code - the same 20 character user code discussed above, which is also stamped on the back of the second medallion in human readable form.
The user puts the third NXT metal medallion on their keychain along with their key to their house / apartment and the key to their car. (Or in Africa, the padlock to their bicycle. Whatever). This medallion has a QR code containing the 50 character passcode for the account they've loaded in their cellphone. When they want to buy that candy bar, they scan the vendor's account medallion QR, then they scan their passcode medallion QR on their keychain. Boom. They've bought a candy bar, NXT has conquered the world.
They lose their cellphone, no problem, the passcode medallion is still on their keychain and their NXT is safe. When they get a new cellphone, they rescan their original two medallions and they are back back up and running as an NXT user.
They lose their keys, or a purse containing both their cellphone and their keys, they've got a problem. Whoever finds the keychain can use the medallion on the keychain to empty their NXT account once they read / decode its QR code and get to a desktop computer with a NXT client - or enter a home they're not supposed to be in, or steal a vehicle, or run up a tab on a stolen credit card. Hey, it's a bitch to lose your keys or purse.
This is why when they bought the original blister pack in the convenience store, there was a second passcode medallion in it. They have stored this second passcode medallion along with the user account number medallion in the safety of a home hiding place. If they lose their keychain or purse, along with changing the locks on their home or canceling their credit card, they have to go to the convenience store and buy another NXT blister pack with a new set of NXT medallions. They run the "emergency total funds transfer" option on their cellphone client by scanning first the original spare passcode medallion, then the replacement user account medallion. As long as they do this before a bandit finds and uses their lost keychain passcode medallion, they're OK. Hey, that's better than losing the cash in their purse - it's gone instantly! Use NXT instead of cash, common folks, it's cheaper than a credit card (psst - "cash back" is a total scam!!!) and unlike cash you've got a shot at transferring NXT to safety if it's lost or stolen!
People will buy into this scenario because it so closely matches what their current situation is on using and protecting their credit cards, which is a widely understood protocol. The big difference is that credit card companies will not hold them liable for losses on a stolen credit card - those losses are passed on to all credit card users in the form of higher fees and interest rates. With NXT, you are all on your own, and nothing can change that. Better hope you scan a new medallion to transfer your funds to safety before somebody else scans your lost or stolen medallion and takes all your NXT.
This whole scenario depends on a centralized (boo! hiss!) trusted source of the metal medallions - jut like there is currently a central trusted authority that manufactures and mails valid credit cards that get activated over the phone. That manufacturer has got to have iron clad security ensuring that only one set of medallions are produced that go into one blister pack, with no duplicates or records of what passcodes were generated. And for this scheme to work, people buying the blister packs on the street (the 50-90% of people in the world who aren't going to sit down in front of a computer and generate their own 50 character passcode in a random and secure manner) have got to trust that.
Which leads to the whole subject of scammers counterfeiting the blister packs and monitoring accounts they've created until somebody loads it with NXT for them to steal. I don't have all the answers, here. I think the correct answer is that the success and utility and usefulness of the mobile phone NXT system is so great overcomes the distraction of the inevitable but hopefully small vultures that prey on its outskirts and perimeter. [EDITED TO ADD: I guess an obvious measure to counterfeiting medallions would be for an offical client downloaded from a trusted source like Apple APP Store or Google Play to verify that a loaded user account number was on a pre-authorized list coordinated with the medallion manufacturer. Then you "only" have to monitor the App Store or Google Play to see that no rouge clients got uploaded as part of a fake medallion scam...]
So - metal NXT medallions sold in blisterpacks to the 50-90% of the world with a cellphone who will never sit down at a computer and create their own 50 character passcode securely and randomly. That's my concept. If you think it's unworkable, then I ask you:
How can people with cellphones buy a candy bar with NXT?
