xyzzyx
Sr. Member
Offline
Activity: 490
Merit: 250
I don't really come from outer space.
|
|
February 10, 2014, 08:39:35 PM |
|
Unfortunately, I've come to the conclusion that the brainwallet feature is not meant for average users. I think we should keep it as an advanced option, but by default a client should implement a bitcoin-like wallet, for the safety of our users.
well that's one reason, why clienxt's design made it look/feel like like bitcoin wallet... You've implemented a bitcoin-like wallet for Nxt? Cool! Do you still allow the user to use a brainwallet if he so chooses? BCNext wanted the brainwallet feature to keep governments from forcing the disclosure of private keys -- with a brainwallet the private key is generated on-the-fly so there is no key to give up. (In practice, however, I think this is easily defeated by rubber-hose cryptanalysis.)
|
"An awful lot of code is being written ... in languages that aren't very good by people who don't know what they're doing." -- Barbara Liskov
|
|
|
fmiboy
|
|
February 10, 2014, 08:43:41 PM |
|
Unfortunately, I've come to the conclusion that the brainwallet feature is not meant for average users. I think we should keep it as an advanced option, but by default a client should implement a bitcoin-like wallet, for the safety of our users.
well that's one reason, why clienxt's design made it look/feel like like bitcoin wallet... You've implemented a bitcoin-like wallet for Nxt? Cool! Do you still allow the user to use a brainwallet if he so chooses? BCNext wanted the brainwallet feature to keep governments from forcing the disclosure of private keys -- with a brainwallet the private key is generated on-the-fly so there is no key to give up. (In practice, however, I think this is easily defeated by rubber-hose cryptanalysis.) no, you got me wrong... i meant design looks like bitcoin wallet application, but everything is still kept in nxt blockchain, No offline data is saved!
|
|
|
|
^[GS]^
Member
Offline
Activity: 112
Merit: 10
|
|
February 10, 2014, 08:43:58 PM |
|
as I can edit and change the value of an alias already registered? that option still exists or not?
|
|
|
|
xyzzyx
Sr. Member
Offline
Activity: 490
Merit: 250
I don't really come from outer space.
|
|
February 10, 2014, 08:49:15 PM |
|
no, you got me wrong... i meant design looks like bitcoin wallet application, but everything is still kept in nxt blockchain, No offline data is saved!
Ah, I see. I would like you to consider implementing a bitcoin-like wallet for passwords. jefdiesel's idea above is a good one: https://bitcointalk.org/index.php?topic=345619.msg5063223#msg5063223Thanks.
|
"An awful lot of code is being written ... in languages that aren't very good by people who don't know what they're doing." -- Barbara Liskov
|
|
|
tylerbrad85
Newbie
Offline
Activity: 42
Merit: 0
|
|
February 10, 2014, 08:51:30 PM Last edit: February 10, 2014, 09:40:53 PM by tylerbrad85 |
|
there is place for an app there, NXT password option
it lets you choose a password, and a login name, even use 2FA, and then it spits out a LONG RANDOM number, and enters it for you, seamlessly, like a BTC privatekey
So if you use this feature, you can log in and out with the app, and never have to know the brainwallet password, and all us Beta geeks can keep on remembering our Sup33r#{a55w0r'dz}+UZEca#'tKr2@ckd33z+!Cmon/#8*)
+1 I like this idea! 1.) User is given a "Login" account screen, where they enter a username and password. 2.) User then is required(unless they choose the "original" passphase route) to enter a username and password to login 3.) The username and password is then entered into the client where the client spits out something random like "FSFD#@$#@D32ewd326546$FDR$$#@EsaDAasafgryhtddDS<l;lkL" to the NXT system to access the NXT account, which will be unknown to the user(unless requested) as they just need to remember the username and password to enter the client/account and not their real account passphrase to enter the NXT system. In order for somewhat to break into the account, the hacker must know the user's password and username they use for the account.
|
|
|
|
l8orre
Legendary
Offline
Activity: 1181
Merit: 1018
|
|
February 10, 2014, 09:03:52 PM |
|
Hey CfB - I get an error when I try to transferAsset on the AE. This has worked before , so maybe i'm just tired,
NRS seems to not like the 'deadline', and I have tried both string and int from my gui client.
This comes for 'int' and 'str' as deadline ?!?! wtf?
{'errorDescription': 'Incorrect "deadline"java.lang.NumberFormatException: Zero length BigInteger', 'errorCode': 4}
{'deadline': '10', 'asset': '14269709746849295412', 'fee': '1', 'secretPhrase': 'xxxxxxxxxxxxxxx', 'referencedTransaction': '', 'requestType': 'transferAsset', 'quantity': 1000000, 'recipient': '1738404304940813414'} {'secretPhrase': 'xxxxxxxxxxxxxxxxx', 'requestType': 'transferAsset', 'quantity': 1000000, 'asset': '14269709746849295412', 'referencedTransaction': '', 'deadline': 10, 'recipient': '1738404304940813414', 'fee': '1'}
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1010
Newbie
|
|
February 10, 2014, 09:09:52 PM |
|
Hey CfB - I get an error when I try to transferAsset on the AE. This has worked before , so maybe i'm just tired,
NRS seems to not like the 'deadline', and I have tried both string and int from my gui client.
This comes for 'int' and 'str' as deadline ?!?! wtf?
{'errorDescription': 'Incorrect "deadline"java.lang.NumberFormatException: Zero length BigInteger', 'errorCode': 4}
{'deadline': '10', 'asset': '14269709746849295412', 'fee': '1', 'secretPhrase': 'xxxxxxxxxxxxxxx', 'referencedTransaction': '', 'requestType': 'transferAsset', 'quantity': 1000000, 'recipient': '1738404304940813414'} {'secretPhrase': 'xxxxxxxxxxxxxxxxx', 'requestType': 'transferAsset', 'quantity': 1000000, 'asset': '14269709746849295412', 'referencedTransaction': '', 'deadline': 10, 'recipient': '1738404304940813414', 'fee': '1'}
What is the request?
|
|
|
|
drsnuggles
Newbie
Offline
Activity: 56
Merit: 0
|
|
February 10, 2014, 09:16:55 PM |
|
Unfortunately, I've come to the conclusion that the brainwallet feature is not meant for average users. I think we should keep it as an advanced option, but by default a client should implement a bitcoin-like wallet, for the safety of our users.
Hmm, what if we keep the brainwallet, but help the user choose a long password? So make the minimum length 30 characters and have some numbers and letters, plus short explanation why. Now we have the opposite system: choose less than 10 characters and lose your coins in a minute. A bit of a harsh way of learning if you ask me.
|
|
|
|
wesleyh
|
|
February 10, 2014, 09:17:49 PM |
|
Unfortunately, I've come to the conclusion that the brainwallet feature is not meant for average users. I think we should keep it as an advanced option, but by default a client should implement a bitcoin-like wallet, for the safety of our users.
Hmm, what if we keep the brainwallet, but help the user choose a long password? So make the minimum length 30 characters and have some numbers and letters, plus short explanation why. Now we have the opposite system: choose less than 10 characters and loose your coins in a minute. A bit of a harsh way of learning if you ask me. that's what i do in my client ;-) (coming soon)
|
|
|
|
ChuckOne
Sr. Member
Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
|
February 10, 2014, 09:20:07 PM |
|
Unfortunately, I've come to the conclusion that the brainwallet feature is not meant for average users. I think we should keep it as an advanced option, but by default a client should implement a bitcoin-like wallet, for the safety of our users.
well that's one reason, why clienxt's design made it look/feel like like bitcoin wallet... You've implemented a bitcoin-like wallet for Nxt? Cool! Do you still allow the user to use a brainwallet if he so chooses? BCNext wanted the brainwallet feature to keep governments from forcing the disclosure of private keys -- with a brainwallet the private key is generated on-the-fly so there is no key to give up. (In practice, however, I think this is easily defeated by rubber-hose cryptanalysis.) Could somebody explain the concept of the brainwallet to me? How can the average joe remember 50 letters or even more when having more than one account?
|
|
|
|
drsnuggles
Newbie
Offline
Activity: 56
Merit: 0
|
|
February 10, 2014, 09:21:55 PM |
|
that's what i do in my client ;-) (coming soon)
Ooh, I like it already
|
|
|
|
pandaisftw
|
|
February 10, 2014, 09:24:11 PM |
|
Unfortunately, I've come to the conclusion that the brainwallet feature is not meant for average users. I think we should keep it as an advanced option, but by default a client should implement a bitcoin-like wallet, for the safety of our users.
well that's one reason, why clienxt's design made it look/feel like like bitcoin wallet... You've implemented a bitcoin-like wallet for Nxt? Cool! Do you still allow the user to use a brainwallet if he so chooses? BCNext wanted the brainwallet feature to keep governments from forcing the disclosure of private keys -- with a brainwallet the private key is generated on-the-fly so there is no key to give up. (In practice, however, I think this is easily defeated by rubber-hose cryptanalysis.) Could somebody explain the concept of the brainwallet to me? How can the average joe remember 50 letters or even more when having more than one account? Usually you string a bunch of random words together (with salting that makes sense to you). The problem is that most people are not too good at placing random words together in a way that is memorable yet resistant to dictionary attacks.
|
NXT: 13095091276527367030
|
|
|
Eadeqa
|
|
February 10, 2014, 09:27:54 PM |
|
Unfortunately, I've come to the conclusion that the brainwallet feature is not meant for average users. I think we should keep it as an advanced option, but by default a client should implement a bitcoin-like wallet, for the safety of our users.
well that's one reason, why clienxt's design made it look/feel like like bitcoin wallet... You've implemented a bitcoin-like wallet for Nxt? Cool! Do you still allow the user to use a brainwallet if he so chooses? BCNext wanted the brainwallet feature to keep governments from forcing the disclosure of private keys -- with a brainwallet the private key is generated on-the-fly so there is no key to give up. (In practice, however, I think this is easily defeated by rubber-hose cryptanalysis.) Could somebody explain the concept of the brainwallet to me? How can the average joe remember 50 letters or even more when having more than one account? User Password managers. I use https://lastpass.com/It's been around for years (maybe 10?). it's pretty safe as all encryptions are done on local computer. You just need one very strong master password
|
|
|
|
ChuckOne
Sr. Member
Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
|
February 10, 2014, 09:28:56 PM |
|
Unfortunately, I've come to the conclusion that the brainwallet feature is not meant for average users. I think we should keep it as an advanced option, but by default a client should implement a bitcoin-like wallet, for the safety of our users.
well that's one reason, why clienxt's design made it look/feel like like bitcoin wallet... You've implemented a bitcoin-like wallet for Nxt? Cool! Do you still allow the user to use a brainwallet if he so chooses? BCNext wanted the brainwallet feature to keep governments from forcing the disclosure of private keys -- with a brainwallet the private key is generated on-the-fly so there is no key to give up. (In practice, however, I think this is easily defeated by rubber-hose cryptanalysis.) Could somebody explain the concept of the brainwallet to me? How can the average joe remember 50 letters or even more when having more than one account? Usually you string a bunch of random words together (with salting that makes sense to you). The problem is that most people are not too good at placing random words together in a way that is memorable yet resistant to dictionary attacks. Ah wait. Couldn't we use the following algo? http://en.wikipedia.org/wiki/Key_stretchingThe user gives a seed + the number of iterations * 10.000 So e.g.: input from user = "I love my mum." + 234 input for key stretching = "I love my mum." + 2.340.000 output of algo = real password The * 10.000 is necessary to prevent brutefore.
|
|
|
|
pandaisftw
|
|
February 10, 2014, 09:39:38 PM |
|
Unfortunately, I've come to the conclusion that the brainwallet feature is not meant for average users. I think we should keep it as an advanced option, but by default a client should implement a bitcoin-like wallet, for the safety of our users.
well that's one reason, why clienxt's design made it look/feel like like bitcoin wallet... You've implemented a bitcoin-like wallet for Nxt? Cool! Do you still allow the user to use a brainwallet if he so chooses? BCNext wanted the brainwallet feature to keep governments from forcing the disclosure of private keys -- with a brainwallet the private key is generated on-the-fly so there is no key to give up. (In practice, however, I think this is easily defeated by rubber-hose cryptanalysis.) Could somebody explain the concept of the brainwallet to me? How can the average joe remember 50 letters or even more when having more than one account? Usually you string a bunch of random words together (with salting that makes sense to you). The problem is that most people are not too good at placing random words together in a way that is memorable yet resistant to dictionary attacks. Ah wait. Couldn't we use the following algo? http://en.wikipedia.org/wiki/Key_stretchingThe user gives a seed + the number of iterations * 10.000 So e.g.: input from user = "I love my mum." + 234 input for key stretching = "I love my mum." + 2.340.000 output of algo = real password The * 10.000 is necessary to prevent brutefore. I believe some of the clients that are coming out in the near future will have 1) RS addresses and 2) password generators. I'm not sure if they are using key stretching or a different method.
|
NXT: 13095091276527367030
|
|
|
brooklynbtc
Sr. Member
Offline
Activity: 336
Merit: 250
AKA jefdiesel
|
|
February 10, 2014, 09:45:00 PM |
|
why is the forum getting DDos'd now? Maxcoin?
also, blocks are popping off all over the place this week, dunno if its 7.02 is more efficient or something, but I'm hitting a block every 8 hours or so with 330k coins. Payments are up too, over half are empty still but 110 paid in fees this week!
even though blockchain doesn't show all the blocks forged, it is showing the proper amount.. is it still on 5.11?
|
|
|
|
klee
Legendary
Offline
Activity: 1498
Merit: 1000
|
|
February 10, 2014, 09:47:19 PM |
|
why is the forum getting DDos'd now? Maxcoin?
also, blocks are popping off all over the place this week, dunno if its 7.02 is more efficient or something, but I'm hitting a block every 8 hours or so with 330k coins. Payments are up too, over half are empty still but 110 paid in fees this week!
even though blockchain doesn't show all the blocks forged, it is showing the proper amount.. is it still on 5.11?
Dopecoin
|
|
|
|
tylerbrad85
Newbie
Offline
Activity: 42
Merit: 0
|
|
February 10, 2014, 09:51:00 PM |
|
why is the forum getting DDos'd now? Maxcoin?
also, blocks are popping off all over the place this week, dunno if its 7.02 is more efficient or something, but I'm hitting a block every 8 hours or so with 330k coins. Payments are up too, over half are empty still but 110 paid in fees this week!
even though blockchain doesn't show all the blocks forged, it is showing the proper amount.. is it still on 5.11?
Dopecoin or MacroCoin
|
|
|
|
Eadeqa
|
|
February 10, 2014, 10:11:00 PM |
|
I emailed Dmitry Skiba and actually got a response Hi,
Actually I don't know nothing about cryptography, I just ported that code from C to Java many years ago. So I can't really answer your question.
Regards, Dmitry
|
|
|
|
msin
Legendary
Offline
Activity: 1470
Merit: 1004
|
|
February 10, 2014, 10:14:26 PM |
|
I emailed Dmitry Skiba and actually got a response Hi,
Actually I don't know nothing about cryptography, I just ported that code from C to Java many years ago. So I can't really answer your question.
Regards, Dmitry
So he knows something.......
|
|
|
|
|