ChuckOne
Sr. Member
 Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
 |
March 10, 2014, 04:50:57 PM |
|
Any suggestions about Parallel Chains? If not then I'll stick to BCNext's draft.
Suggestion: - SCIP mechanism to count blocks in order to have snapshot every 1440 blocks Question: Will snapshots integrated for free? For fee. I see. Do you think the masterchain will need to achieve 1000 TPS? |
|
|
|
|
|
|
|
|
|
|
|
There are several different types of Bitcoin clients. The most secure are full nodes like Bitcoin Core, which will follow the rules of the network no matter what miners do. Even if every miner decided to create 1000 bitcoins per block, full nodes would stick to the rules and reject those blocks.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
Eadeqa
|
|
March 10, 2014, 04:56:59 PM |
|
optical, bidji29. i think you are (we all are) biased because we know this shit for a long time. what the fuck is a wallet file. but a password, hell, everybody knows that.
But newbie don't even need to know there is a wallet.dat when they first launch the client. They directly have an account and can send NXT on it. It's an easier solution. This is dangerous. They need to know where it is so they can back it up for future use (different computer, hard drive crashes, etc). Otherwise, just leave it as it is. They just need to save the generated passphrase. They won't be able to login without the passphrase, so it's safe to assume they saved it. |
|
|
|
|
bidji29
|
|
March 10, 2014, 05:23:14 PM |
|
optical, bidji29. i think you are (we all are) biased because we know this shit for a long time. what the fuck is a wallet file. but a password, hell, everybody knows that.
But newbie don't even need to know there is a wallet.dat when they first launch the client. They directly have an account and can send NXT on it. It's an easier solution. This is dangerous. They need to know where it is so they can back it up for future use (different computer, hard drive crashes, etc). Otherwise, just leave it as it is. They just need to save the generated passphrase. They won't be able to login without the passphrase, so it's safe to assume they saved it. That's why i propose a reminder at the 5th or 10th of the client to backup/encrypt the wallet.dat |
|
|
|
NxtMinnow
Member
Offline
Activity: 84
Merit: 10
|
|
March 10, 2014, 05:30:19 PM |
|
To quote Eadeqa, "Huh? I never mentioned yubikey. I think that's for 2-factor authentication. It won't even work with Nxt as Nxt is local login to NRS. "
Yubikey has a second slot for a user programmed static password. The second slot is not involved with 2-factor authentication by server.
I understand that we are attempting to provide a mechanism for users to create (or REQUIRE) strong passwords; however I am looking at ease of use while preserving security.
In my proposed use case I program my 32 character password to the Yubikey. As I login to Nxt, I type a phrase known to me (longer than 18 characters) and then press the Yubikey button for 2-3 seconds to trigger the Yubikey to enter the stored static password and the Enter key at the end.
Presto chango - Pseudo 2-factor authentication with no third party validation servers required.
If Wesley implements his interface requiring random password generation it locks out users that would like to implement what I described above out of the ability to login securely with the described Yubikey use case.
Can Passphrase generation on Wesleyh client show password entropy and Strength as the Passphrase is input (before Account creation)?
Can I use my own strong password if I choose to so that I can use a Yubikey in pseudo 2-factor authentication.
I hope I am being clear enough.
|
|
|
|
|
|
barbierir
|
|
March 10, 2014, 05:30:39 PM |
|
electrum database. (1626 words)
Larger diceware database could also be used.. if that's what the people want.
The advantage of a larger dictionary like diceware is that a 10 words passphrase would be as strong as a 12 words passphrase with the electrum dictionary. Am I right? Just a little more convenient for the end user. |
|
|
|
ChuckOne
Sr. Member
Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
|
March 10, 2014, 05:36:53 PM |
|
|
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1009
Newbie
|
|
March 10, 2014, 05:40:09 PM |
|
Do you think the masterchain will need to achieve 1000 TPS?
No |
|
|
|
|
|
Eadeqa
|
|
March 10, 2014, 05:42:24 PM |
|
To quote Eadeqa, "Huh? I never mentioned yubikey. I think that's for 2-factor authentication. It won't even work with Nxt as Nxt is local login to NRS. "
Yubikey has a second slot for a user programmed static password. The second slot is not involved with 2-factor authentication by server.
What happens to static password if you lose Yubikey? Yubikey costs money. Given small Nxt community you probably will be the only one who will use it. There is much easier (and free) solution to make it easier. Use Lastpass browser plugin https://lastpass.com/Then you don't have to type anything as Lastpass will autofill the password. Plus you can use Yubikey (as it was intended for 2 factor authentication) with Lastpass. |
|
|
|
NxtMinnow
Member
Offline
Activity: 84
Merit: 10
|
|
March 10, 2014, 05:47:39 PM |
|
Yubikey offers a Key Registration service that allows multiple keys to be remotely wiped at https://admin.yubico.com/yubirevoke/login.phpA Yubikey costs $30 and is worth far more than that to protect valuable digital assets. Lastpass uses a third party server verification and for the most security paranoid this is not acceptable. Wesleyh, can you code your login so that users can enter their OWN STRONG password so that the described Yubikey pseudo 2 factor authentication method can be used? |
|
|
|
|
|
opticalcarrier
|
|
March 10, 2014, 05:49:06 PM |
|
CfB: how does payout during leased forging work? will the account owner (that all effectiveBalance values are leased out to) have to do manual reconciliation or does NXT just figure it out?
|
|
|
|
|
Come-from-Beyond
Legendary
Offline
Activity: 2142
Merit: 1009
Newbie
|
|
March 10, 2014, 05:50:17 PM |
|
CfB: how does payout during leased forging work? will the account owner (that all effectiveBalance values are leased out to) have to do manual reconciliation or does NXT just figure it out?
Fees go to the leasee (pool) and added to the balance of the account the power was leased to. |
|
|
|
|
|
Eadeqa
|
|
March 10, 2014, 05:54:58 PM |
|
Yubikey offers a Key Registration service that allows multiple keys to be remotely wiped at https://admin.yubico.com/yubirevoke/login.phpA Yubikey costs $30 and is worth far more than that to protect valuable digital assets. Lastpass uses a third party server verification and for the most security paranoid this is not acceptable. Wesleyh, can you code your login so that users can enter their OWN STRONG password so that the described Yubikey pseudo 2 factor authentication method can be used? No, I meant what happens to the static password if you lose your Yubikey? How are you going to get your money out of Nxt account? That static key must be saved somewhere (as a back up). Wiping key doesn't help you to login to Nxt. So there must be a backup somewhere. Where is that backup? On Yubikey server? As for Lastpass, encryption is done locally on the computer. Only encrypted blob is sent to Lastpass server. |
|
|
|
xyzzyx
Sr. Member
Offline
Activity: 490
Merit: 250
I don't really come from outer space.
|
|
March 10, 2014, 06:03:43 PM |
|
Yubikey offers a Key Registration service that allows multiple keys to be remotely wiped at https://admin.yubico.com/yubirevoke/login.phpA Yubikey costs $30 and is worth far more than that to protect valuable digital assets. Lastpass uses a third party server verification and for the most security paranoid this is not acceptable. Wesleyh, can you code your login so that users can enter their OWN STRONG password so that the described Yubikey pseudo 2 factor authentication method can be used? I agree the Yubikey standard looks like an interesting option. However, on the topic of Lastpass, from https://lastpass.com/how-it-works/All sensitive data is encrypted and decrypted locally before syncing with LastPass. Your key never leaves your device, and is never shared with LastPass. Your data stays accessible only to you.
(emphasis mine) |
"An awful lot of code is being written ... in languages that aren't very good by people who don't know what they're doing." -- Barbara Liskov
|
|
|
|
Eadeqa
|
|
March 10, 2014, 06:11:39 PM |
|
Yubikey offers a Key Registration service that allows multiple keys to be remotely wiped at https://admin.yubico.com/yubirevoke/login.phpA Yubikey costs $30 and is worth far more than that to protect valuable digital assets. Lastpass uses a third party server verification and for the most security paranoid this is not acceptable. Wesleyh, can you code your login so that users can enter their OWN STRONG password so that the described Yubikey pseudo 2 factor authentication method can be used? I agree the Yubikey standard looks like an interesting option. (emphasis mine) I am still not sure Yubikey does anything. It's main purpose (as I understand it) is for 2 factor authentication (dynamic part of password that changes). By the way, does anyone know how you restore your Yubikey if you lose it? |
|
|
|
|
wesleyh
|
|
March 10, 2014, 06:12:34 PM |
|
Yubikey offers a Key Registration service that allows multiple keys to be remotely wiped at https://admin.yubico.com/yubirevoke/login.phpA Yubikey costs $30 and is worth far more than that to protect valuable digital assets. Lastpass uses a third party server verification and for the most security paranoid this is not acceptable. Wesleyh, can you code your login so that users can enter their OWN STRONG password so that the described Yubikey pseudo 2 factor authentication method can be used? There is an option to not use the auto-generated pass phrase, is this not what you want?  |
|
|
|
|
|
marek3ball
|
|
March 10, 2014, 06:14:09 PM
Last edit: March 24, 2014, 12:25:34 AM by marek3ball |
|
Let me introduce our new weapon for promotions and conferences. Shiny piece of 3D printed metal. Nxt CPU Cryptocurrency Processing Unit I have tried to connect an old days of the computers with bright future of the Nxt cryptocurrency. I hope you will like it! For now I'm starting with the limited silver edition of the Nxt CPU. Total 7 pieces will be made. I will sell six silver Nxt CPU in an auction only for NXT. I hope Nxt will succeed and this will be part of beginning and the great future. You will be able to buy real pieces in more than ten different materials (steel, plastic). 3D printed brass prototype; 3.506cm long:   |
|
|
|
|
ChuckOne
Sr. Member
Offline
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
|
|
March 10, 2014, 06:15:46 PM |
|
2222.
|
|
|
|
|
redsn0w
Legendary
Offline
Activity: 1778
Merit: 1042
#Free market
|
|
March 10, 2014, 06:19:52 PM |
|
Let me introduce our new weapon for promotions and conferences. Shiny piece of 3D printed metal. Nxt CPU Cryptocurrency Processing Unit I have tried to connect an old days of the computers with bright future of the Nxt cryptocurrency. I hope you will like it! For now I'm starting with the limited silver edition of the Nxt CPU. Total 7 pieces will be made. I will sell six silver Nxt CPU in an auction only for NXT. I hope Nxt will succeed and this limited silver edition will be part of beginning and the great future. You will be able to buy real pieces in more than ten different materials (silver, steel, plastic). 3D printed brass prototype; 3.872cm long: +1 |
|
|
|
|
NxtMinnow
Member
Offline
Activity: 84
Merit: 10
|
|
March 10, 2014, 06:24:47 PM |
|
On "What happens to the static key if you lose your Yubikey?" You are only storing one part of your NXT Passphrase in the pseudo 2 factor authentication use case described. If lost, it cannot be used to gain access to your Nxt account without ALSO knowing the first part of the Nxt Passphrase (which user would memorize) On "How are you going to get your money out of Nxt account in event of lost Yubikey? Option 1) Make a backup Yubikey and store it in a safe deposit box or other secure location for the contingency of losing your main Yubikey. Option 2) Create a local Keepass database with your Yubikey static key backed up inside the encrypted LOCAL Keepass database. No, Nxt Passphrase backup is not on Yubikey server. The only involvement of the Yubikey server in the use case I described is to register the Yubikeys and potentially Revoke them if they are lost. I realize that Lastpass signs and encrypts locally before transmitting encrypted data. STILL, some security paranoid users may not feel comfortable with any option but LOCAL backup of private keys. Yubikey offers a Key Registration service that allows multiple keys to be remotely wiped at https://admin.yubico.com/yubirevoke/login.phpA Yubikey costs $30 and is worth far more than that to protect valuable digital assets. Lastpass uses a third party server verification and for the most security paranoid this is not acceptable. Wesleyh, can you code your login so that users can enter their OWN STRONG password so that the described Yubikey pseudo 2 factor authentication method can be used? No, I meant what happens to the static password if you lose your Yubikey? How are you going to get your money out of Nxt account? That static key must be saved somewhere (as a back up). Wiping key doesn't help you to login to Nxt. So there must be a backup somewhere. Where is that backup? On Yubikey server? As for Lastpass, encryption is done locally on the computer. Only encrypted blob is sent to Lastpass server. |
|
|
|
|
Anon136
Legendary
Offline
Activity: 1722
Merit: 1217
|
|
March 10, 2014, 06:28:35 PM |
|
|
Rep Thread: https://bitcointalk.org/index.php?topic=381041If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited? |
|
|
|
