NXT :: descendant of Bitcoin - Updated Information

[NxtChg]

Please read what PBKDF2 is.  
It's even in principle possible to make a system where single word passwords like 'apple12' are safe, but key generation would be way too long.

I know what PBKDF2 is, I was replying to EvilDave, not to you.

[McDoxy]

This really makes me sad  

Hope the guys don't feel too bad and had a good day at the conference.

What happened? Do they still get to speak?

I hope they still got to spread the word about Nxt, and that was definitely not the last opportunity to attend a conference

[pandaisftw]

some day it should be user-friendly - no person can handle a real 30+ random character password. for creating, well that is needed, but please make sure that the user gets a way (probably 2-Factor Securitized) Password for day to day usage

Luckily, this can be done client-side.

For example, SuperNXTWallet has the feature to either:

A) Generate a 30+ char password for the client based off of the username+password they input + random salt (perhaps stored in a wallet.dat file). However, this means that the user will have to use the same client and have the wallet.dat file ready in order to access his account. Or he can request the client to print out his true password (with a lot of warnings) and try to memorize that too.
B) (Advanced) Let the user define his own brainwallet password of 30+ chars. This should come with a lot of warnings, but this will allow the user, like right now, to use his wallet anywhere in the world and on any device that is a node.

And RS code will be implemented on top of this, providing protection of sending NXT to wrong accounts.

[loopgate88]

Password needs are something that even bitcoin doesn't have truly figured out. But it is further ahead than we are.

Bitcoin just gives you your private account number and tells you to never share it. Even if someone doesn't password protect their wallet, their account is safe.

NXT is placing the responsibility of security at a sophisticated level on the hands of users. This will always be an issue and the source of very bad press.

What is the solution for this?

A client that has a "create account" button that generates a random password of either a fixed or random number of chars between 30 and 50 and tells the user this random password is the user's private NXT ID and advises the user to keep it somewhere safe?
This could also be referred to as their NXT private ID and the only thing they need to take away from a machine to another in order to access their account on the NXT network.

Any thoughts?

[msin]

But he has aliases

Yes I have 13 of them

how long was your pass phrase?

11

Thats definitely not long enough. Should aim for at least 30 chars.

Great, there goes my NXT experience. Hope you all do well.  I have myself to blame.

I have a 10 character password that has 100 Nxt in it, just letters and a # and it still hasn't been hacked.  I think there is something going on here.  Perhaps the same password used for something else?

[EvilDave]

It seems like a good idea to me, maybe just set a default time between log-in attempts of 10-30 seconds. That will at least slow directed BF attacks down considerably. However, there is nothing to stop the attacker attacking multiple accounts simultaneously, switching between targets as it gets locked out.

This won't help. They do not brute-force it like this.

What matters is the amount of entropy in the passphrase.

Please read what PBKDF2 is.  
It's even in principle possible to make a system where single word passwords like 'apple12' are safe, but key generation would be way too long.

That makes sense, I'm still locked into thinking about how an attack on a PC or client software works, rather than how attacks against the blockchains password database are implemented.

So the PBKDF2 function produces a derived key, using multiple (1000+) hashes of the original passphrase (+ optional salt phrase) which has the effect of massively ramping up the computing power needed to reverse engineer the hash and thus the password/phrase.

Am I getting closer here?

[NxtChg]

I have a 10 character password that has 100 Nxt in it, just letters and a # and it still hasn't been hacked.  I think there is something going on here.  Perhaps the same password used for something else?

Maybe because of that?

[allwelder]

I create an new video about the Nxt with my friends.
http://i.youku.com/nextcoin

And I will continue to produce more videos about the other features or instructions of Nxt in order to promote Nxt forward.

Well done.

TKS

[newsilike]

Hardware wallets like the trezor are a big factor.
Ultimately your home-pc can always be compromised.

Would be awesome if we could get such a thing going for Nxt in the future

[Sebastien256]

You have a little bit than 24h to upgrade to 0.5.10 or you will be left on a fork (http://info.nxtcrypto.org/client-update-0-5-10/).
I don't see many 0.5.10 online peers.
Just a reminder...

[opticalcarrier]

But he has aliases

Yes I have 13 of them

how long was your pass phrase?

11

Thats definitely not long enough. Should aim for at least 30 chars.

Great, there goes my NXT experience. Hope you all do well.  I have myself to blame.

I have a 10 character password that has 100 Nxt in it, just letters and a # and it still hasn't been hacked.  I think there is something going on here.  Perhaps the same password used for something else?

My guess, they are wating for you to put a bit more nxt in there before they reveal that the acount is comprimised by draining

[PeercoinEnthusiast]

The strippers better kick azz in Miami Beach.... still in Chi airport for 90 more min. The material Nikel has is super solid... he's more prepared than I've been at previous conferences.

[allwelder]

there will be a demand for the fund for all these events:

Berlin (February 12/13), Texas (March 6), Amsterdam (March, May), New York (April 7/8), Canada (April 11/13), Washington (June 20/22), Hong Kong (June 24/25), Melbourne (July 10/11), London (September 10), Shanghai (September), Las Vegas (October 6/7)

After this week we will probably know what expenses we need

It hurts my heart a little bit that all of these events are listed by CITY, except for the one in Toronto, which is listed as CANADA.

I'm Canadian.  Canada is the third-largest country on Earth, darnit, and the Bitcoin Expo is in TORONTO.  Also, I'm sorry. And I think I'd like to go to the April event.  Sorry for that, too.

I also want to make a proposal:

I want to do a podcast "Let's Talk Nxt", if you will.  I'm eager.  PM me if you'd like to collaborate.

good idea,count me in plz.

[PeercoinEnthusiast]

I introduced the guys at Zipzap to Nikel... I just received an email they want to meet during the conference. Any idea how big that would be?

[Damelon]

The strippers better kick azz in Miami Beach.... still in Chi airport for 90 more min. The material Nikel has is super solid... he's more prepared than I've been at previous conferences.

How are you guys doing?

[PeercoinEnthusiast]

The strippers better kick azz in Miami Beach.... still in Chi airport for 90 more min. The material Nikel has is super solid... he's more prepared than I've been at previous conferences.

How are you guys doing?

Nikel is one flight ahead of me... delays all day. No worries... i already did 2 phone inteviews and setup some Miami meetings. We are going in guns blazing.

[makoto1337]

NXT is the only altcoin that is really moving the entire field forward. I hope things go well in Miami!

[allwelder]

Another Chinese altcoin navigation website agree to add Nxt on their mainpage after I apply for  and submit the Nxt information.
https://www.dropbox.com/s/pi4db3lygir2gq3/SZB.jpg

http://www.szb123.cn/nxt/

[McDoxy]

The strippers better kick azz in Miami Beach.... still in Chi airport for 90 more min. The material Nikel has is super solid... he's more prepared than I've been at previous conferences.

How are you guys doing?

Nikel is one flight ahead of me... delays all day. No worries... i already did 2 phone inteviews and setup some Miami meetings. We are going in guns blazing.

You guys are awesome! 

[PeercoinEnthusiast]

NXT is the only altcoin that is really moving the entire field forward. I hope things go well in Miami!

We already contacted every speaker / merchant prior to the conference.Nikel will make great headway..