NXT :: descendant of Bitcoin - Updated Information

[marek3ball]

Three thoughts:

- Just say Passphrase should be at least 50 characters long
- Show an indicator how good the chosen passphrase is
- Allow people to chose a weaker password

What will be the maximum length of the passphrase?

Long passphrase must be copy / paste anyway, then for me it is the same work use 35 or 90 characters.

[igmaca]

....

I'll be sure to include this entire text on the password creation screen

other thinks

What is Two-Channel Auto-Type Obfuscation?

The Auto-Type feature of KeePass is very powerful: it sends simulated keypresses to other applications. This works with all Windows applications and for the target applications it's not possible to distinguish between real keypresses and the ones simulated by Auto-Type. This at the same time is the main disadvantage of Auto-Type, because keyloggers can eavesdrop the simulated keys. That's where Two-Channel Auto-Type Obfuscation (TCATO) comes into play.

TCATO makes standard keyloggers useless. It uses the Windows clipboard to transfer parts of the auto-typed text into the target application. Keyloggers can see the Ctrl-V presses, but do not log the actual contents pasted from the clipboard.

Clipboard spies don't work either, because only parts of the sensitive information is transferred on this way.

Anyway, it's not perfectly secure (and unfortunately cannot be made by theory). None of the currently available keyloggers or clipboard spies can eavesdrop an obfuscated auto-type process, but it is theoretically possible to write a dedicated spy application that specializes on logging obfuscated auto-type.

[wesleyh]

Three thoughts:

- Just say Passphrase should be at least 50 characters long
- Show an indicator how good the chosen passphrase is
- Allow people to chose a weaker password

What will be the maximum length of the passphrase?

Long passphrase must be copy / paste anyway, then for me it is the same work use 35 or 90 characters.

There is no maximum length.

[bidji29]

35 char is more than enough. Don't need to add special character

[Mario123]

Three thoughts:

- Just say Passphrase should be at least 50 characters long
- Show an indicator how good the chosen passphrase is
- Allow people to chose a weaker password

What will be the maximum length of the passphrase?

Long passphrase must be copy / paste anyway, then for me it is the same work use 35 or 90 characters.

There is no maximum length.

IMHO 100 chars

[rdanneskjoldr]

One question.Alias are supposed to replace account numbers in recipients name,no?Does it difference between sending nxt to account nº 1,to sending to Alias 1 ??Or any number..

Id say its too obvious and of course it does,but havent read about it.

[Mario123]

Wesley, your work is wonderful. And the recent changes are great.

[igmaca]

....

I'll be sure to include this entire text on the password creation screen

other thinks

What is Two-Channel Auto-Type Obfuscation?

The Auto-Type feature of KeePass is very powerful: it sends simulated keypresses to other applications. This works with all Windows applications and for the target applications it's not possible to distinguish between real keypresses and the ones simulated by Auto-Type. This at the same time is the main disadvantage of Auto-Type, because keyloggers can eavesdrop the simulated keys. That's where Two-Channel Auto-Type Obfuscation (TCATO) comes into play.

TCATO makes standard keyloggers useless. It uses the Windows clipboard to transfer parts of the auto-typed text into the target application. Keyloggers can see the Ctrl-V presses, but do not log the actual contents pasted from the clipboard.

Clipboard spies don't work either, because only parts of the sensitive information is transferred on this way.

Anyway, it's not perfectly secure (and unfortunately cannot be made by theory). None of the currently available keyloggers or clipboard spies can eavesdrop an obfuscated auto-type process, but it is theoretically possible to write a dedicated spy application that specializes on logging obfuscated auto-type.

how to prevent this? :

Anyway, it's not perfectly secure (and unfortunately cannot be made by theory). None of the currently available keyloggers or clipboard spies can eavesdrop an obfuscated auto-type process, but it is theoretically possible to write a dedicated spy application that specializes on logging obfuscated auto-type.

Two-factor authentication with google authenticator or a similar

[ChuckOne]

Three thoughts:

- Just say Passphrase should be at least 50 characters long
- Show an indicator how good the chosen passphrase is
- Allow people to chose a weaker password

What will be the maximum length of the passphrase?

Long passphrase must be copy / paste anyway, then for me it is the same work use 35 or 90 characters.

There is no maximum length.

I like that. I always hated max. length because it's simply not necessary.

[ChuckOne]

There is no maximum length.

IMHO 100 chars

Why?

[igmaca]

There is no maximum length.

IMHO 100 chars

Why?

see atthaced file

https://www.dropbox.com/s/syd8vwf31y90ev4/Passphrase_Length_vs_Complexity.xls

[Mario123]

There is no maximum length.

IMHO 100 chars

Why?

I believe NRS cuts after 100 characters.

[ChuckOne]

There is no maximum length.

IMHO 100 chars

Why?

I believe NRS cuts after 100 characters.

If so, the web client could cut before the form is sent. But the user does not need to know it.

EDIT: it makes understanding more difficult again.

[wesleyh]

There is no maximum length.

IMHO 100 chars

Why?

I believe NRS cuts after 100 characters.

It doesn't, I've used a 500+ character password before and tried it with less characters and it resulted in different accounts.

[Mario123]

I see.

[my8511]

watching this new thread......

[igmaca]

...

the transaction fees are still too damn high, forging rewards are way to low & come too slow for all but the richest Nxters.

...

.....

In my opinion, you're better off dishing out smaller rewards at a faster pace. People are like lab rats who feel rewarded when they get a pellet. It would be better to get .001 NXT every couple of days than 10 NXT after many months. It is simple psychology. Almost every successful software "invention" these days is successful because it's addicting. Twitter, facebook, Angry Birds, Flappy Birds, Candy Crush, Farmville. All very successful and all very addicting. Give the people their pellets and they will be addicted and they will forge.

RFC: Parallel Chains concept

Only TL;DR version, coz noone would read a full one.

Master Chain

Contains only checkpoints of all slave chains. Checkpointing is done once a day and only when 1440 blocks r built on top of the corresponding slave chain. Master chain is never pruned. Growth rate is [32 bytes * numberOfSlaveChain] per day.

one Raspberry pi node to forge must be active.
if a raspberry pi node gets forge shares its fee with other Raspberry Pi nodes pointing to the same TPS node. (one of the 1,000 TPS nodes for example "XX" )

note the criteria to limit the power of forging an account 1,000,000 nxt is due to 1440 blocks are generated in a day and therefore the chance is about one day.

if the number of blocks per day for example increase to 14400 per day the criteria to limit the power of forging change to 100,000 nxt account as tantamount to a chance of about one day.

why one day?
because all accounts that they want to forge if they are always active every day receive fees
keeps the interest in forging and maintain the node active everytime

Slave Chains

Contains only 1 type of transactions. Different currencies can be implemented as different chains. Forgers can choose what chains to secure. The market balances TPS rate.

"XX" TPS node forge a slave parallel bloc because power forge depends by Raspberry Pi nodes

can split the fees if a Raspberry pi node gets forge to all Raspberry pi nodes that point to "XX" node in proportion to the amount of funds each node (account) has
can exchange fiat currency
can handle 1000 TPS

what happens if you attack one of the 1,000 nodes?

as the power to forge remains in raspberri pi nodes the network security remains unchanged.
it may happen that momentarily not reached 1,000 TPS

Migration plan

Create slave chains that implement all transactions types existing in Nxt. Add a new type for checkpointing. Reject attempts to include non-checkpointing transactions into the master chain.

Side-effects

The Chinese could use a separate currency inside their borders for very high TPS rates. Only checkpointing transactions have to bypass Great Firewall of China. Speculators provide currency exchange service - the business they love to do. NXTs become "tokens", users buy them for fiat to spend for fees, it's similar to prepaid coupons/tickets for provided services.

[crazybonkers]

Three thoughts:

- Just say Passphrase should be at least 50 characters long
- Show an indicator how good the chosen passphrase is
- Allow people to chose a weaker password

What will be the maximum length of the passphrase?

Long passphrase must be copy / paste anyway, then for me it is the same work use 35 or 90 characters.

There is no maximum length.

IMHO 100 chars

What you laughing at? I have a passphrase of MORE than 150 lol beat that! Oh your not laughing... its an IMHO hehe... My bad, cough cough

[DrearyUrbanite]

ok, can somebody PLEASE recap 1-2 months, what was released and agreed on, what was implemented in the nxt software/core?

please forgive me, it is hard to keep up with this megathread and i cant see an actual overview

thank u so much

anyone? thank u!

Perhaps you should read summaries instead of reading this thread - http://www.nxtcoins.nl/50-2/

[grandpa_seth]

I asked for testnxt in the nxtcrypto.org thread like I'm supposed to but no response yet.

Can somebody send me some?

14363320241484393780