|
|
|
wesleyh
|
 |
April 06, 2014, 09:29:32 AM |
|
Can you save it as encrypted? The user picks a password (his choice, could be weak, doesn't matter)?
Yes (wouldn't save it any other way). |
|
|
|
|
|
bitcoinpaul
|
|
April 06, 2014, 09:36:57 AM |
|
No, it's under construction. I think this was an old template... |
|
|
|
|
|
salsacz
|
|
April 06, 2014, 09:38:27 AM |
|
nice, about that recommendation, I should also use this word in the nxtclients video, I forgot to change it from "best" which is not very political  https://www.youtube.com/watch?v=anTmdnSaMmAI hope someone will do this and if not, I think I could at least gather the data and make some concept: ( https://nxtforum.org/nxt-promotion/articles/msg5936/#msg5936) Articles and theses - each quality text will be rewarded In progress - Damelon's questionairre - What do we think about what is Nxt?
Looking for: - Whitepaper writers - A letter for Businessmen - why should they use or invest in Nxt. How they can use asset exchange - Using Nxt in a real life - possibilities (NXT, Asset exchange, ecosystem, apps) - Nxt eshops - who accepts Nxt? - Nxt charities and donations (now little too soon) - Nxt sports and gaming tournaments - How can Nxt save the gaming industry by green PoS "mining" - Nxt starfish community - Why did I invest in Nxt - Why is Nxt better than Bitcoin? / Why Bitcoin is like Internet Explorere and Nxt like Firefox? / Why did I realize Nxt is better than Bitcoin? (..showing a faster dvelopment progress than in oldschol Bitcoin foundations) - What is a place of Nxt in the world of cryptocurrencies? - more about visions, ideas, showing a faster dvelopment progress than in oldschol Bitcoin foundations - Nxt scientific papers - review of our theses about Nxt (!) - NxtVillage - Nxt presents a kickstarter - a first global charity for anyone around the world - possibilities (donate to Nakamoto, african child, broken chinese exchange users, broken crypto exchanges, installation of the internet in the space…) - Why big NXT stakeholder can never harm Nxt? (probably Salsacz) 1) NXT big stakeholders vs. Bitcoin, Dollar, etc (NxtMyths) 2) Good for transparent forging and other features (I have no idea) 3) How much NXT was given and is promised by bounties? (I could find) 4) Big sales on exchanges - their influence (I could find biggest transfers, but still would be good to have expert about trading systems - analyses) - How can you earn Nxt by investing your time - Proof of Help - Nxt bounties - Nxt rewards for new developers - Nxt Kickstarter for Nxt projects - Nxt ecosystem of getting regular donations from anonymous donators for helping Nxt (marketing materials, programming, scientific research about Nxt) - Deep review of Nxt exchanges - Interviews: ○ Girls in the Nxt community ○ L8orrie about asset exchange ○ Come-from-Beyond about his pair programming with BCNext and JeanLuc ○ More global interview about some topic, could be a weekly and sent to 20 Nxters… - good for some Nxt Magazine ○ CIYAM about Turing complete, AT Support Nxters - writers, translators and correctors - by donating to the small marketing fund: 20374019908537537952) about changing a recommended default client before implementing into NRS - I think we should vote about it, make a poll at nxtforum.org (and nextcoin.org to be fair), because this should be a group decision |
|
|
|
|
|
Eadeqa
|
|
April 06, 2014, 09:40:12 AM |
|
Can you save it as encrypted? The user picks a password (his choice, could be weak, doesn't matter)?
Yes (wouldn't save it any other way). So the client creates 12 words secret phrase. Then it it asks the user to retype it (same everything as it's right now) Then it also saves the 12 word secret phase in an encrypted file, so that the user doesn't have to retype that long secret phrase again. He has to only type a smaller password that was used for local encryption. I think this will work fine. |
|
|
|
redsn0w
Legendary
 Offline
Activity: 1778
Merit: 1042
#Free market
|
|
April 06, 2014, 09:42:57 AM |
|
Goodmorning people  . |
|
|
|
|
|
Eadeqa
|
|
April 06, 2014, 09:46:22 AM |
|
Can you save it as encrypted? The user picks a password (his choice, could be weak, doesn't matter)?
Yes (wouldn't save it any other way). So the client creates 12 words secret phrase. Then it it asks the user to retype it (same everything as it's right now) Then it also saves the 12 word secret phase in an encrypted file, so that the user doesn't have to retype that long secret phrase again. He has to only type a smaller password that was used for local encryption. I think this will work fine. I will also add that next time the user opens the client, don't ask for encryption password or secret phase. Just open the account. The encryption password would only be needed for outgoing transaction (or forging) anyway, so there is no need to require the user to type it everytime. |
|
|
|
redsn0w
Legendary
Offline
Activity: 1778
Merit: 1042
#Free market
|
|
April 06, 2014, 09:50:25 AM |
|
Can you save it as encrypted? The user picks a password (his choice, could be weak, doesn't matter)?
Yes (wouldn't save it any other way). So the client creates 12 words secret phrase. Then it it asks the user to retype it (same everything as it's right now) Then it also saves the 12 word secret phase in an encrypted file, so that the user doesn't have to retype that long secret phrase again. He has to only type a smaller password that was used for local encryption. I think this will work fine. I will also add that next time the user opens the client, don't ask for encryption password or secret phase. Just open the account. The encryption password would only be needed for outgoing transaction (or forging) anyway, so there is no need to require the user to type it everytime. But this is not secure ! |
|
|
|
|
|
wesleyh
|
|
April 06, 2014, 09:52:32 AM |
|
Can you save it as encrypted? The user picks a password (his choice, could be weak, doesn't matter)?
Yes (wouldn't save it any other way). So the client creates 12 words secret phrase. Then it it asks the user to retype it (same everything as it's right now) Then it also saves the 12 word secret phase in an encrypted file, so that the user doesn't have to retype that long secret phrase again. He has to only type a smaller password that was used for local encryption. I think this will work fine. I will also add that next time the user opens the client, don't ask for encryption password or secret phase. Just open the account. The encryption password would only be needed for outgoing transaction (or forging) anyway, so there is no need to require the user to type it everytime. Password is also needed for decrypting encrypted messages. How do you think that should be handled? Need password in memory to decrypt them. (I can do that now if users checks box to remember password during session at login). |
|
|
|
|
|
wesleyh
|
|
April 06, 2014, 09:53:05 AM |
|
I will also add that next time the user opens the client, don't ask for encryption password or secret phase. Just open the account. The encryption password would only be needed for outgoing transaction (or forging) anyway, so there is no need to require the user to type it everytime.
But this is not secure ! Why wouldn't it be? Anyone can view any account they wish, you just cannot manipulate it. Read only until you enter your pw. |
|
|
|
|
|
salsacz
|
|
April 06, 2014, 09:54:17 AM |
|
Can you save it as encrypted? The user picks a password (his choice, could be weak, doesn't matter)?
Yes (wouldn't save it any other way). So the client creates 12 words secret phrase. Then it it asks the user to retype it (same everything as it's right now) Then it also saves the 12 word secret phase in an encrypted file, so that the user doesn't have to retype that long secret phrase again. He has to only type a smaller password that was used for local encryption. I think this will work fine. I will also add that next time the user opens the client, don't ask for encryption password or secret phase. Just open the account. The encryption password would only be needed for outgoing transaction (or forging) anyway, so there is no need to require the user to type it everytime. Password is also needed for decrypting encrypted messages. How do you think that should be handled? Need password in memory to decrypt them. (I can do that now if users checks box to remember password during session at login). So I will use Nxt client - send messages and send Nxt without typing my password again and again? This is like Scifi  fantastic  |
|
|
|
|
|
wesleyh
|
|
April 06, 2014, 09:55:04 AM |
|
So I will use Nxt client - send messages and send Nxt without typing my password again and again? This is like Scifi fantastic Hmm this is already possible; go to http://nxtra.org/nxt-client and check the box "remember password during session" before logging in. (But client doesn't work well on testnet at the mo due to not yet transitioned to NQT / satoshis) |
|
|
|
|
|
Eadeqa
|
|
April 06, 2014, 09:56:12 AM |
|
Can you save it as encrypted? The user picks a password (his choice, could be weak, doesn't matter)?
Yes (wouldn't save it any other way). So the client creates 12 words secret phrase. Then it it asks the user to retype it (same everything as it's right now) Then it also saves the 12 word secret phase in an encrypted file, so that the user doesn't have to retype that long secret phrase again. He has to only type a smaller password that was used for local encryption. I think this will work fine. I will also add that next time the user opens the client, don't ask for encryption password or secret phase. Just open the account. The encryption password would only be needed for outgoing transaction (or forging) anyway, so there is no need to require the user to type it everytime. Password is also needed for decrypting encrypted messages. How do you think that should be handled? Need password in memory to decrypt them. (I can do that now if users checks box to remember password during session at login). Yes, good point. I guess that means requiring the encryption password each time the client is opened (but not the longer 12 word pass phrase). |
|
|
|
|
salsacz
|
|
April 06, 2014, 09:58:44 AM |
|
So I will use Nxt client - send messages and send Nxt without typing my password again and again? This is like Scifi fantastic Hmm this is already possible; go to http://nxtra.org/nxt-client and check the box "remember password during session" before logging in. (But client doesn't work well on testnet at the mo due to not yet transitioned to NQT / satoshis) Thanks. This check box is maybe missing on the page: "Your secret phrase is very important! In order to be sure that you have saved it, please write your secret phrase below:" - after creating a new account, because after I write it there, I am in the client |
|
|
|
|
|
Eadeqa
|
|
April 06, 2014, 10:05:54 AM |
|
By the way, since nxt is brain wallet, one password scheme could be that hash of any file that the user chooses can be his secret phrase. This could mean any photo from personal photo gallery could be a "secret phrase"
Even more than one file could be a "secret phrase". Something like Hash (Hash (file1) + hash (file2) + .... )
Not sure if it's a good idea, but this is possible due to brain wallet,
|
|
|
|
|
Eadeqa
|
|
April 06, 2014, 10:08:49 AM |
|
By the way, since nxt is brain wallet, one password scheme could be that hash of any file that the user chooses can be his secret phrase. This could mean any photo from personal photo gallery could be a "secret phrase"
Even more than one file could be a "secret phrase". Something like Hash (Hash (file1) + hash (file2) + .... )
Not sure if it's a good idea, but this is possible due to brain wallet,
The real plus to this is that if there is malware on user computer, the malware wouldn't be able to guess what file is the secret phrase. Plus, keylogger will not able to steal the secret either. |
|
|
|
|
salsacz
|
|
April 06, 2014, 10:12:43 AM |
|
|
|
|
|
|
|
Eadeqa
|
|
April 06, 2014, 10:15:56 AM |
|
The hash of a file never changes (even if you rename the file). Jpeg degradation refers to compression related degradation. That is, if you edit a jpeg file (like change white balance) it will do recompression that will degrade the quality. jpegs as a file doesn't degrade even a million years from now It's a digital image (made of 1s and 0s) it's not a print |
|
|
|
|
bitcoinpaul
|
|
April 06, 2014, 10:18:42 AM |
|
I like the general idea of using hashes of files. But I think it confuses the hell out of users (especially with images). Passphrase/Wallet situation would be criticized even more.
|
|
|
|
|
|
Eadeqa
|
|
April 06, 2014, 10:26:20 AM |
|
I like the general idea of using hashes of files. But I think it confuses the hell out of users (especially with images). Passphrase/Wallet situation would be criticized even more.
I didn't say it should be implemented, but I am throwing an idea which is pretty safe (much safer than wallet.dat with private keys in it). It's hard to write malware to steal wallet.dat when the wallet could be any random file (or combination of random files) on the computer. |
|
|
|
|
