|
bitcoinpaul
|
 |
April 06, 2014, 10:31:16 AM |
|
I like the general idea of using hashes of files. But I think it confuses the hell out of users (especially with images). Passphrase/Wallet situation would be criticized even more.
I didn't say it should be implemented Never said that. Just discussing the idea. |
|
|
|
|
|
|
|
"This isn't the kind of software where we can leave so many unresolved bugs that we need a tracker for them." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
fmiboy
|
|
April 06, 2014, 10:53:43 AM |
|
Can you save it as encrypted? The user picks a password (his choice, could be weak, doesn't matter)?
Yes (wouldn't save it any other way). So the client creates 12 words secret phrase. Then it it asks the user to retype it (same everything as it's right now) Then it also saves the 12 word secret phase in an encrypted file, so that the user doesn't have to retype that long secret phrase again. He has to only type a smaller password that was used for local encryption. I think this will work fine. well this can be tested right now in latest version of Clienxt. to see how this works out, not sure if it is suitable for web client though |
|
|
|
|
lucky88888
Sr. Member
 Offline
Activity: 404
Merit: 250
https://nxtforum.org/
|
|
April 06, 2014, 10:58:54 AM |
|
By the way, since nxt is brain wallet, one password scheme could be that hash of any file that the user chooses can be his secret phrase. This could mean any photo from personal photo gallery could be a "secret phrase"
Even more than one file could be a "secret phrase". Something like Hash (Hash (file1) + hash (file2) + .... )
Not sure if it's a good idea, but this is possible due to brain wallet,
The real plus to this is that if there is malware on user computer, the malware wouldn't be able to guess what file is the secret phrase. Plus, keylogger will not able to steal the secret either. sounds like a really good idea for future clients. |
Fuck Mt.Gox! Fuck Mintpal! Fuck Bter! FUCK kyc! Protect yourself use MGW! SUPERNET! Recommended ASSET ->InstantDex : Lead Dev Jl777 (decentralized multi currency instant exchange) Recommended ASSET -> Jinn : Lead Dev Come-from-Beyond (ternary processors!) https://nxtforum.org/news-and-announcements/(ann)-jinn/ |
|
|
jl777
Legendary
Offline
Activity: 1176
Merit: 1132
|
|
April 06, 2014, 11:02:42 AM |
|
I like the general idea of using hashes of files. But I think it confuses the hell out of users (especially with images). Passphrase/Wallet situation would be criticized even more.
I didn't say it should be implemented, but I am throwing an idea which is pretty safe (much safer than wallet.dat with private keys in it). It's hard to write malware to steal wallet.dat when the wallet could be any random file (or combination of random files) on the computer. This is good idea! I also thought the same thing a while back. People can remember pics much better than most things. The one weakness is that if somebody knows you a bit and you dont have that many pics to choose from, they would be able to find the right one if they ever got access to your computer |
|
|
|
|
Eadeqa
|
|
April 06, 2014, 11:08:12 AM |
|
I like the general idea of using hashes of files. But I think it confuses the hell out of users (especially with images). Passphrase/Wallet situation would be criticized even more.
I didn't say it should be implemented, but I am throwing an idea which is pretty safe (much safer than wallet.dat with private keys in it). It's hard to write malware to steal wallet.dat when the wallet could be any random file (or combination of random files) on the computer. This is good idea! I also thought the same thing a while back. People can remember pics much better than most things. The one weakness is that if somebody knows you a bit and you dont have that many pics to choose from, they would be able to find the right one if they ever got access to your computer If someone has access to your computer and wants to harm you, then they can do anything. Nothing can save you, They can install for example hardware/software keylogger. There is no safety against the scenario where someone has both access to your computer and want to steal/do harm. A random file as a secret phrase saves you trouble of typing your passwords and it makes it harder to for malware writer to steal the right file. |
|
|
|
|
Eadeqa
|
|
April 06, 2014, 11:11:06 AM |
|
I like the general idea of using hashes of files. But I think it confuses the hell out of users (especially with images). Passphrase/Wallet situation would be criticized even more.
I didn't say it should be implemented, but I am throwing an idea which is pretty safe (much safer than wallet.dat with private keys in it). It's hard to write malware to steal wallet.dat when the wallet could be any random file (or combination of random files) on the computer. This is good idea! I also thought the same thing a while back. People can remember pics much better than most things. The one weakness is that if somebody knows you a bit and you dont have that many pics to choose from, they would be able to find the right one if they ever got access to your computer If someone has access to your computer and wants to harm you, then they can do anything. Nothing can save you, They can install for example hardware/software keylogger. There is no safety against the scenario where someone has both access to your computer and want to steal/do harm. A random file as a secret phrase saves you trouble of typing your passwords and it makes it harder to for malware writer to steal the right file. Also, for extra paranoids they can keep the key files in USB thumb drive among 1000s of other images. That will make it even more safer, as the right files will not be even on the computer |
|
|
|
|
salsacz
|
|
April 06, 2014, 11:18:50 AM |
|
1) creating account
- I can generate 12 words or choose a picture from computer
- my pass will be saved into wallet.dat if I want
- it will tell me how to backup my password
2) using account
- it will never ask for my password, if I chose to use wallet.dat
- NXT payments will be able to be approved by a creadit card, by a smartphone, by smart watch via android and other devices. If I go to the shop, I want to buy one apple for 5 Nxt by using my NXT credit card or smart device
Don't forget about ACCOUNT CONTROL! You will have limits on spending Nxt from your accounts, so it is like our credit card limits
|
|
|
|
|
jl777
Legendary
Offline
Activity: 1176
Merit: 1132
|
|
April 06, 2014, 11:19:44 AM |
|
I like the general idea of using hashes of files. But I think it confuses the hell out of users (especially with images). Passphrase/Wallet situation would be criticized even more.
I didn't say it should be implemented, but I am throwing an idea which is pretty safe (much safer than wallet.dat with private keys in it). It's hard to write malware to steal wallet.dat when the wallet could be any random file (or combination of random files) on the computer. This is good idea! I also thought the same thing a while back. People can remember pics much better than most things. The one weakness is that if somebody knows you a bit and you dont have that many pics to choose from, they would be able to find the right one if they ever got access to your computer If someone has access to your computer and wants to harm you, then they can do anything. Nothing can save you, They can install for example hardware/software keylogger. There is no safety against the scenario where someone has both access to your computer and want to steal/do harm. A random file as a secret phrase saves you trouble of typing your passwords and it makes it harder to for malware writer to steal the right file. Also, for extra paranoids they can keep the key files in USB thumb drive among 1000s of other images. That will make it even more safer, as the right files will not be even on the computer I like the idea of making a USB drive into a hardware passkey. Just make sure to have more than one, put one in a really safe place and have another for everyday use. When logging in, just put in USB and eject as soon as passkey is loaded into browser RAM James P.S. keyloggers are for technically sopisticated, eg. teenagers. So parents computers arent safe from their teenagers. However, with the pic approach, the teenagers computers wont be safe from parents! |
|
|
|
|
hypersire
|
|
April 06, 2014, 11:22:21 AM |
|
It's really not that hard to secure your NXT account, even with the current setup.
1) Open your text editor, close your eyes, and randomly strike keys. Make sure you use a combination of upper and lower case, numbers and special characters. You must have a minimum of 30 characters. Personally I just kept going until the end of a single line on my text editor's window.
2) Save this file buried somewhere on your filesystem. Obviously do not name it "mynnxtpassword.txt" and save it in My Documents. You can call it something like "en-us" or "random_program_serial". Remove the txt extension so it appears as an unknown file.
3) Your NXT password should be this string PLUS a simple password (such as one you commonly use) that you type in either before or after pasting in the string.
By following these simple steps, the only possible way someone would get into your account would be if you had malware on your computer that was able to read the clipboard AND your keystrokes. Extremely unlikely. If you are truly paranoid, you can use a virtual keyboard instead of typing in one part of your password.
For extra security, NXT should be installed on a Linux Virtual Machine as opposed to your main system.
|
|
|
|
|
trisher
Member
Offline
Activity: 64
Merit: 10
|
|
April 06, 2014, 11:27:01 AM |
|
when will the asset exchange finally come?
|
|
|
|
|
redsn0w
Legendary
Offline
Activity: 1778
Merit: 1042
#Free market
|
|
April 06, 2014, 11:28:59 AM |
|
It's really not that hard to secure your NXT account, even with the current setup.
1) Open your text editor, close your eyes, and randomly strike keys. Make sure you use a combination of upper and lower case, numbers and special characters. You must have a minimum of 30 characters. Personally I just kept going until the end of a single line on my text editor's window.
2) Save this file buried somewhere on your filesystem. Obviously do not name it "mynnxtpassword.txt" and save it in My Documents. You can call it something like "en-us" or "random_program_serial". Remove the txt extension so it appears as an unknown file.
3) Your NXT password should be this string PLUS a simple password (such as one you commonly use) that you type in either before or after pasting in the string.
By following these simple steps, the only possible way someone would get into your account would be if you had malware on your computer that was able to read the clipboard AND your keystrokes. Extremely unlikely. If you are truly paranoid, you can use a virtual keyboard instead of typing in one part of your password.
For extra security, NXT should be installed on a Linux Virtual Machine as opposed to your main system.
For security , the nxt client should be installed in a vergin computer . And I don't want the file wallet.dat .... this is NXT not BTC  |
|
|
|
|
|
hypersire
|
|
April 06, 2014, 11:42:53 AM |
|
It's really not that hard to secure your NXT account, even with the current setup.
1) Open your text editor, close your eyes, and randomly strike keys. Make sure you use a combination of upper and lower case, numbers and special characters. You must have a minimum of 30 characters. Personally I just kept going until the end of a single line on my text editor's window.
2) Save this file buried somewhere on your filesystem. Obviously do not name it "mynnxtpassword.txt" and save it in My Documents. You can call it something like "en-us" or "random_program_serial". Remove the txt extension so it appears as an unknown file.
3) Your NXT password should be this string PLUS a simple password (such as one you commonly use) that you type in either before or after pasting in the string.
By following these simple steps, the only possible way someone would get into your account would be if you had malware on your computer that was able to read the clipboard AND your keystrokes. Extremely unlikely. If you are truly paranoid, you can use a virtual keyboard instead of typing in one part of your password.
For extra security, NXT should be installed on a Linux Virtual Machine as opposed to your main system.
For security , the nxt client should be installed in a vergin computer . And I don't want the file wallet.dat .... this is NXT not BTC The saving of a complex string is essential as an extra layer of protection. Say you just memorize 12 random words. 1) There is a possibility that they aren't random enough and your account will be brute forced. 2) All it would take is a keylogger to be installed on your system to obtain your password. By using the combination of a complex string that you paste in AND a password that you type in, you eliminate the possibility of a brute force attack, and the malware would have to be able to read both your clipboard AND your keystrokes. Basically, you are safe. And yes, you can use either a virgin computer or a VM, so long as it's not Windoze  |
|
|
|
|
|
Eadeqa
|
|
April 06, 2014, 11:43:23 AM |
|
It's really not that hard to secure your NXT account, even with the current setup.
1) Open your text editor, close your eyes, and randomly strike keys. Make sure you use a combination of upper and lower case, numbers and special characters. You must have a minimum of 30 characters. Personally I just kept going until the end of a single line on my text editor's window.
2) Save this file buried somewhere on your filesystem. Obviously do not name it "mynnxtpassword.txt" and save it in My Documents. You can call it something like "en-us" or "random_program_serial". Remove the txt extension so it appears as an unknown file.
3) Your NXT password should be this string PLUS a simple password (such as one you commonly use) that you type in either before or after pasting in the string.
By following these simple steps, the only possible way someone would get into your account would be if you had malware on your computer that was able to read the clipboard AND your keystrokes. Extremely unlikely. If you are truly paranoid, you can use a virtual keyboard instead of typing in one part of your password.
For extra security, NXT should be installed on a Linux Virtual Machine as opposed to your main system.
Most here understand this. Go back a few pages and see someone complaining about nxt because he used "null" (no string) as secret phrase and got hacked. We are trying to implement solutions here how not to let users make such mistakes, and make it easy so they don't have to type 12 words long passwords. |
|
|
|
|
mr smith
|
|
April 06, 2014, 11:45:51 AM |
|
It's really not that hard to secure your NXT account, even with the current setup.
1) Open your text editor, close your eyes, and randomly strike keys. Make sure you use a combination of upper and lower case, numbers and special characters. You must have a minimum of 30 characters. Personally I just kept going until the end of a single line on my text editor's window.
2) Save this file buried somewhere on your filesystem. Obviously do not name it "mynnxtpassword.txt" and save it in My Documents. You can call it something like "en-us" or "random_program_serial". Remove the txt extension so it appears as an unknown file.
3) Your NXT password should be this string PLUS a simple password (such as one you commonly use) that you type in either before or after pasting in the string.
By following these simple steps, the only possible way someone would get into your account would be if you had malware on your computer that was able to read the clipboard AND your keystrokes. Extremely unlikely. If you are truly paranoid, you can use a virtual keyboard instead of typing in one part of your password.
For extra security, NXT should be installed on a Linux Virtual Machine as opposed to your main system.
How about finger print and facial recognition !
|
New Economy Movement
Philosophy of Solidarity and Egalitarianism
|
|
|
|
Tobo
|
|
April 06, 2014, 11:50:41 AM |
|
Anyone know how the token in NRS works? For instance, when I click the token icon, I got a page to ask me to input a website and my pass phrase. If I try to create a token for Dgex, should I input Dgex website? If so, when I send it to Dgex, what can they do with the token?
|
|
|
|
|
|
chanc3r
|
|
April 06, 2014, 11:51:00 AM
Last edit: April 06, 2014, 12:25:47 PM by chanc3r |
|
So 10 confirm is the minimum needed for Nxt block chain irreversibly ,right?
No. Right now 10 Nxt confirms ~ 1 Bitcoin confirm. Does this mean NXT confirmations are 10 times faster than Bitcoin but 10 times less trusted! Doesn't that mean the amount of time for a transaction to be fully trusted on NXT and Bitcoin is about the same? Or maybe I understood this wrong, kinda hoping so |
|
|
|
|
fmiboy
|
|
April 06, 2014, 11:58:58 AM
Last edit: April 06, 2014, 12:41:27 PM by fmiboy |
|
Anyone know how the token in NRS works? For instance, when I click the token icon, I got a page to ask me to input a website and my pass phrase. If I try to create a token for Dgex, should I input Dgex website? If so, when I send it to Dgex, what can they do with the token?
they can confirm you own that account with given token! |
|
|
|
|
stereotype
Legendary
Offline
Activity: 1554
Merit: 1000
|
|
April 06, 2014, 12:04:34 PM |
|
It's really not that hard to secure your NXT account, even with the current setup.
1) Open your text editor, close your eyes, and randomly strike keys. Make sure you use a combination of upper and lower case, numbers and special characters. You must have a minimum of 30 characters. Personally I just kept going until the end of a single line on my text editor's window.
2) Save this file buried somewhere on your filesystem. Obviously do not name it "mynnxtpassword.txt" and save it in My Documents. You can call it something like "en-us" or "random_program_serial". Remove the txt extension so it appears as an unknown file.
3) Your NXT password should be this string PLUS a simple password (such as one you commonly use) that you type in either before or after pasting in the string.
By following these simple steps, the only possible way someone would get into your account would be if you had malware on your computer that was able to read the clipboard AND your keystrokes. Extremely unlikely. If you are truly paranoid, you can use a virtual keyboard instead of typing in one part of your password.
For extra security, NXT should be installed on a Linux Virtual Machine as opposed to your main system.
How about finger print and facial recognition !
Could a keylogger know what characters are deleted and where they were in a password? If not, generate random characters by whatever means, and then add say, 6 or more characters somewhere within the generated text, that you remember. Save it as above. So if the raw file is compromised, its not correct anyway. And by deleting the remembered characters when using the string, even if a keylogger is operating, it wont know where the characters were deleted from. Ive missed something haven't i?? |
|
|
|
|
|
Eadeqa
|
|
April 06, 2014, 12:27:09 PM |
|
It's really not that hard to secure your NXT account, even with the current setup.
1) Open your text editor, close your eyes, and randomly strike keys. Make sure you use a combination of upper and lower case, numbers and special characters. You must have a minimum of 30 characters. Personally I just kept going until the end of a single line on my text editor's window.
2) Save this file buried somewhere on your filesystem. Obviously do not name it "mynnxtpassword.txt" and save it in My Documents. You can call it something like "en-us" or "random_program_serial". Remove the txt extension so it appears as an unknown file.
3) Your NXT password should be this string PLUS a simple password (such as one you commonly use) that you type in either before or after pasting in the string.
By following these simple steps, the only possible way someone would get into your account would be if you had malware on your computer that was able to read the clipboard AND your keystrokes. Extremely unlikely. If you are truly paranoid, you can use a virtual keyboard instead of typing in one part of your password.
For extra security, NXT should be installed on a Linux Virtual Machine as opposed to your main system.
How about finger print and facial recognition !
Could a keylogger know what characters are deleted and where they were in a password? Almost all keyloggers capture clipboard. This will never save you against keyloggers. |
|
|
|
|
Eadeqa
|
|
April 06, 2014, 12:32:52 PM |
|
It's really not that hard to secure your NXT account, even with the current setup.
1) Open your text editor, close your eyes, and randomly strike keys. Make sure you use a combination of upper and lower case, numbers and special characters. You must have a minimum of 30 characters. Personally I just kept going until the end of a single line on my text editor's window.
2) Save this file buried somewhere on your filesystem. Obviously do not name it "mynnxtpassword.txt" and save it in My Documents. You can call it something like "en-us" or "random_program_serial". Remove the txt extension so it appears as an unknown file.
3) Your NXT password should be this string PLUS a simple password (such as one you commonly use) that you type in either before or after pasting in the string.
By following these simple steps, the only possible way someone would get into your account would be if you had malware on your computer that was able to read the clipboard AND your keystrokes. Extremely unlikely. If you are truly paranoid, you can use a virtual keyboard instead of typing in one part of your password.
For extra security, NXT should be installed on a Linux Virtual Machine as opposed to your main system.
How about finger print and facial recognition !
Could a keylogger know what characters are deleted and where they were in a password? Almost all keyloggers capture clipboard. This will never save you against keyloggers. Here is a typical keylogger http://download.cnet.com/Free-Keystroke-Logger/3000-2162_4-75447782.htmlIt captures all keystrokes from all applications in covert, invisible mode. Then saves collected information to special reports, so you can view results of monitoring later. In addition, it is possible to scan clipboard for changes (record copied text), and monitor Internet navigation (record visited websites) |
|
|
|
|
