sha0908
Member
Offline
Activity: 64
Merit: 10
|
|
April 02, 2014, 07:31:09 PM |
|
we absolutely need desktopwallets aswell since myself for example don't trust anything that i do not have under my own control. I think others may think the same way. What's not on your own system (desktop wallet) is not really yours. I wouldn't use any onlinesolution for storing coins. I think it's not safe. An onlinepage with login and password is like an invitation for hackers to brute force.
i am actually pretty excited about nem. Can't wait for release.
i use a 512bit passphrase.. your saying that isnt safe? i don't even know what that is i got used to securing desktopwallets though and improved constantly on security and would be nice if i could use that knowledge for nem also. I never lost a coin that was on my own system. But i lost quite some coins on hacked exchanges. I like my coins offline for that reason edit: the logic is: if it is online theoretically the whole world can try to steal it. If it is not online nobody has really a way to access. it means that it would take 100s if not thousands of years to brute force it... well what if you go to someones house and you need your coins? ok if you have a 'seed' you can download a wallet but thats a pain in the ass... with brain wallets you can go from one comp to another very easily and move/use your coins.. also with the AE being inclient you can also trade with out even having to send your coins anywhere.. cant do that with offline clients.. also how many peoples computers have been directly hacked and coins stolen? if you state on here you have x amount of coins a good hacker wants then.. im sure they could take them.. brian wallets are the way to go.. for sure.. but there still needs to be support for offline storage i think... personally i think its pointless but if it makes people feel more secure then ok... Safety is the fundamental problem of coins If the security can not Who will go and help others to do things without return? Said is right I have personal experience I was stolen coins Tough
|
|
|
|
sha0908
Member
Offline
Activity: 64
Merit: 10
|
|
April 02, 2014, 07:35:35 PM |
|
we absolutely need desktopwallets aswell since myself for example don't trust anything that i do not have under my own control. I think others may think the same way. What's not on your own system (desktop wallet) is not really yours. I wouldn't use any onlinesolution for storing coins. I think it's not safe. An onlinepage with login and password is like an invitation for hackers to brute force.
i am actually pretty excited about nem. Can't wait for release.
i use a 512bit passphrase.. your saying that isnt safe? i don't even know what that is i got used to securing desktopwallets though and improved constantly on security and would be nice if i could use that knowledge for nem also. I never lost a coin that was on my own system. But i lost quite some coins on hacked exchanges. I like my coins offline for that reason edit: the logic is: if it is online theoretically the whole world can try to steal it. If it is not online nobody has really a way to access. it means that it would take 100s if not thousands of years to brute force it... well what if you go to someones house and you need your coins? ok if you have a 'seed' you can download a wallet but thats a pain in the ass... with brain wallets you can go from one comp to another very easily and move/use your coins.. also with the AE being inclient you can also trade with out even having to send your coins anywhere.. cant do that with offline clients.. also how many peoples computers have been directly hacked and coins stolen? if you state on here you have x amount of coins a good hacker wants then.. im sure they could take them.. brian wallets are the way to go.. for sure.. but there still needs to be support for offline storage i think... personally i think its pointless but if it makes people feel more secure then ok... Safety is the fundamental problem of coins If the security can not Who will go and help others to do things without return? Said is right I have personal experience I was stolen coins Tough
|
|
|
|
patmast3r
|
|
April 02, 2014, 07:36:59 PM |
|
we absolutely need desktopwallets aswell since myself for example don't trust anything that i do not have under my own control. I think others may think the same way. What's not on your own system (desktop wallet) is not really yours. I wouldn't use any onlinesolution for storing coins. I think it's not safe. An onlinepage with login and password is like an invitation for hackers to brute force.
i am actually pretty excited about nem. Can't wait for release.
i use a 512bit passphrase.. your saying that isnt safe? i don't even know what that is i got used to securing desktopwallets though and improved constantly on security and would be nice if i could use that knowledge for nem also. I never lost a coin that was on my own system. But i lost quite some coins on hacked exchanges. I like my coins offline for that reason edit: the logic is: if it is online theoretically the whole world can try to steal it. If it is not online nobody has really a way to access. it means that it would take 100s if not thousands of years to brute force it... well what if you go to someones house and you need your coins? ok if you have a 'seed' you can download a wallet but thats a pain in the ass... with brain wallets you can go from one comp to another very easily and move/use your coins.. also with the AE being inclient you can also trade with out even having to send your coins anywhere.. cant do that with offline clients.. also how many peoples computers have been directly hacked and coins stolen? if you state on here you have x amount of coins a good hacker wants then.. im sure they could take them.. brian wallets are the way to go.. for sure.. but there still needs to be support for offline storage i think... personally i think its pointless but if it makes people feel more secure then ok... You don't have to send them anywhere because they are already "anywhere". I don't see why an AE would be more inconvenient with a local wallet. You said you have a 512bit password. Since it's impossible for you to remember that (at least if you're an average joe) I suppose you store it somewhere right ? In a file maybe ? So you have to carry that file around to use your wallet anywhere. Now tell me in what way is it better to carry that file around than carrying the wallet file around ? i dont have to download any programs.. i dont have to do anything other then open client insert passphrase done.. and i know that even if someone hacks my computer they still wont get my coins.. with a wallet file.. if using a desktop client you would need to download the blockchain... and i dont know but do you have to use the same client.. or will a wallet file work on any client? If someone hacks your computer there is a good chance they will also install keylogger which is all they need to access your wallet. A wallet file should work on any client since it afaik only contains your private key that you need to access your coins in the blockchain. Downloading the blockchain might also not be necessary since a kind of snapshot system was discussed for NEM. I'm not sure about that anymore though so don't count on that. Even if you have to download the blockchain though - I had to download the NXT blockchain recently - took like 10 minutes. I think we can agree that that is very much endurable especialy considering that this is also roughly the time it takes for a bitcoin tx to be confirmed
|
|
|
|
sha0908
Member
Offline
Activity: 64
Merit: 10
|
|
April 02, 2014, 07:39:13 PM |
|
we absolutely need desktopwallets aswell since myself for example don't trust anything that i do not have under my own control. I think others may think the same way. What's not on your own system (desktop wallet) is not really yours. I wouldn't use any onlinesolution for storing coins. I think it's not safe. An onlinepage with login and password is like an invitation for hackers to brute force.
i am actually pretty excited about nem. Can't wait for release.
Thanks for the advice I also try to follow your way to do Good people good luck
|
|
|
|
j23a
|
|
April 02, 2014, 07:41:27 PM |
|
My NXT password is very long and I have to keep it in a file. I copy and paste it to the client, but I also have to input a password in my head, inserted somewhere in the pasted password.
Since I have to paste it protects against a key logger, and since I have to type something in it, it protects it from if someone stole it.
I do like the idea of a wallet that I can carry around on a usb that I can open by File > Open. I just don't like the current style of all the clone coins, where the main wallet that it uses is in a hidden AppData folder.
|
TBTSX4-NKRX55-HF2ECG-SHPBG3-XIDD2Y-QDRI3N-P2O6
|
|
|
TauMuon
Full Member
Offline
Activity: 224
Merit: 100
NEM Enthusiast
|
|
April 02, 2014, 07:42:35 PM |
|
I wrote a NEM F.A.Q post on the subreddit if anyone is interested; is there anything I should add/change? stickied Awesome, thanks! By the way, I've sent you a PM.
|
|
|
|
TauMuon
Full Member
Offline
Activity: 224
Merit: 100
NEM Enthusiast
|
|
April 02, 2014, 07:47:10 PM |
|
Guys, I don't want to point fingers, but please don't be spammy like this fellow. The effort at promoting NEM is appreciated, but the fact is that it's extremely obnoxious and doesn't paint NEM in a good light.
|
|
|
|
j23a
|
|
April 02, 2014, 07:53:17 PM |
|
Guys, I don't want to point fingers, but please don't be spammy like this fellow. The effort at promoting NEM is appreciated, but the fact is that it's extremely obnoxious and doesn't paint NEM in a good light. Exactly. Like I always say, simply mentioning Nem so that it can register in people's head and let them want to learn more about it next time they hear it is much better than preaching to someone why they must get Nem. They'll just see you as a scumbag who's trying to sell them something. People looking up information about Nem and letting them come to their own uninfluenced conclusion is the best thing in my opinion. No need to be spammy.
|
TBTSX4-NKRX55-HF2ECG-SHPBG3-XIDD2Y-QDRI3N-P2O6
|
|
|
j23a
|
|
April 02, 2014, 08:00:38 PM |
|
My NXT password is very long and I have to keep it in a file. I copy and paste it to the client, but I also have to input a password in my head, inserted somewhere in the pasted password.
Since I have to paste it protects against a key logger, and since I have to type something in it, it protects it from if someone stole it.
I do like the idea of a wallet that I can carry around on a usb that I can open by File > Open. I just don't like the current style of all the clone coins, where the main wallet that it uses is in a hidden AppData folder.
bad idea.. should download keypass save your password in that.. save the keepass database file on a usb along with the master password for keepass... open client.. open keepass.. open keepass password file.. insert keepass masterpass.. copy client pass into client.. do transactions and remove usb... its awkward but its the safest thing to do at the moment i think.. actually thats clever about the injected simple password from your head somewhere in the passphrase.. il start doing that lol keeloggers have clip board monitors so its not safe unless you use keepass or similar software What I really want to do is just create a virtual machine for Nem, NXT. Only used for to send and receive coins, that way there's almost a zero percent chance of getting a key logger sneaked in because I downloaded the wrong thing. Or better yet, a really cheap, computer, since a keylogger will still be able to log the keys I punch in in a virtual machine. There's also software that encrypts the keys a person presses, not sure how that works though.
|
TBTSX4-NKRX55-HF2ECG-SHPBG3-XIDD2Y-QDRI3N-P2O6
|
|
|
|
TauMuon
Full Member
Offline
Activity: 224
Merit: 100
NEM Enthusiast
|
|
April 02, 2014, 08:09:44 PM |
|
There are many merits and failings of both brain wallets and desktop wallets. To be honest, I think it's just a matter of personal preference...
It's an interesting discussion, but I think it's pretty much a finality that NEM will be using a desktop wallet system. A poll on the forum a while back, plus a general browse on forums, shows that desktop wallets are preferred by the vast majority of people.
Perhaps the fact that this discussion is happening indicates that a new wallet system is needed, a hybrid of brain and desktop wallets. Perhaps something for the NEM developers to think about in the future?
|
|
|
|
jkoil
|
|
April 02, 2014, 08:16:53 PM |
|
we absolutely need desktopwallets aswell since myself for example don't trust anything that i do not have under my own control. I think others may think the same way. What's not on your own system (desktop wallet) is not really yours. I wouldn't use any onlinesolution for storing coins. I think it's not safe. An onlinepage with login and password is like an invitation for hackers to brute force.
i am actually pretty excited about nem. Can't wait for release.
i use a 512bit passphrase.. your saying that isnt safe? i don't even know what that is i got used to securing desktopwallets though and improved constantly on security and would be nice if i could use that knowledge for nem also. I never lost a coin that was on my own system. But i lost quite some coins on hacked exchanges. I like my coins offline for that reason edit: the logic is: if it is online theoretically the whole world can try to steal it. If it is not online nobody has really a way to access. it means that it would take 100s if not thousands of years to brute force it... well what if you go to someones house and you need your coins? ok if you have a 'seed' you can download a wallet but thats a pain in the ass... with brain wallets you can go from one comp to another very easily and move/use your coins.. also with the AE being inclient you can also trade with out even having to send your coins anywhere.. cant do that with offline clients.. also how many peoples computers have been directly hacked and coins stolen? if you state on here you have x amount of coins a good hacker wants then.. im sure they could take them.. brian wallets are the way to go.. for sure.. but there still needs to be support for offline storage i think... personally i think its pointless but if it makes people feel more secure then ok... Actually, with current technology a password that would take 100s or thousands of years to brute force would be a password that's under 10 characters long. Every time you add one character, the number of years goes up by a very large amount. A long time ago I created a program that would tell me how long it would take to brute force a password, based on certain conditions. I just tried it and a password with ten characters, would take 379.72 years to brute force, if a 95 key keyboard was used, and the computer was testing out 5 billion password per second. Which is a lot more than the average computer can do. If I add one more charter, the it goes from 379.72 years to 36,037.07 years. 12 characters 3.4 million years 13 characters 325.5 million years 14 characters 30 billion years 15 characters, my computer can't calculated, because the total number of unique passwords is too large. But with just 14 character we already went longer than the age of the universe. Those are quite big numbers, maybe scares brute forcers away Unless they think that "nope, the users won't use 95 keys, only a-z and 0-9, and there is 5 million accounts ... it is enough to get one of those" How big are the numbers then? When NXT accounts were hacked, was there any brute force case or was they all hacked by stolen passwords or the password was some "movie phrase" or such?
|
|
|
|
instacalm
|
|
April 02, 2014, 08:20:14 PM |
|
When NXT accounts were hacked, was there any brute force case or was they all hacked by stolen passwords or the password was some "movie phrase" or such?
1.5% of NXT accounts are trivially crackable with a 15 line script and a widely-available passphrase list (the rockyou leak dataset).
I've let my script keep running on more lists since then and at current measure have recovered the passphrases of a little more than 3% of all accounts that have ever been used. Since genesis ~8M NXT has been sent to these "weak" accounts.
As I pointed out in my original post, my motivation for doing this was to investigate the root cause of the rash of thefts that had been reported (since I suspected weak passphrases) as well as prod the devs to drop the brainwallet-based key management scheme as the default option. I actually cracked the genesis account a few days ago but originally thought my code was just buggy when I saw it's balance was negative ... LOL.
As a side note, I should point out that widespread knowledge of the genesis account key isn't a security issue per se. Although I'd advise devs to be defensive moving forward about the possibility of integer overflow/underflow whenever dealing with amounts/fees now that the whole world has access to an account with a negative balance.
|
|
|
|
xtester
|
|
April 02, 2014, 08:56:24 PM |
|
What's with this link? Is this the client? This looks pretty amazing.
|
|
|
|
ApexEvo
Sr. Member
Offline
Activity: 280
Merit: 250
🌟 æternity🌟 blockchain🌟
|
|
April 02, 2014, 09:12:00 PM |
|
OMG. I know, It is very tempting, but dont leave your jobs yet, just keep on licking display
|
▄▄▄▄▄ ▄▄▄▄▄ ▄▄█▀▀▀▀▀▀██▄ ▄▄█▀▀▀▀▀▀▀█▄ ▄██▀ ▀██▄ ▄██▀ ▀█▄ ██▀ ▀██▄ ▀▀ ██ ██ ▀██ ▄▄▄▄▄▄▄▄██ ██ ▀██▄ ▀▀▀▀▀▀▀▀▀▀ ██▄ ▄██ ▀██▄ ▄▄▄ ▀██▄ ▄██▀ ▀██▄▄ ▄██▀ ▀▀██████▀▀ ▀▀██████▀▀
| | █ ║ █ | ✔ Unchained Smart Contracts ✔ Decentralized Oracle ✔ Infinitly Scalable
| ✔ Blockchain Technology ✔ Turing-Complete ✔ State-Channels
| █ ║ █ | ▄████▄▄ ▄ ██ ████████████▀ ████▄ █████████████▀ ▀████████▄▄ █████████████ ▄▄█████████████████████████ ██████████████████████████ ▀██████████████████████ █████████████████████ ▀█████████████████▀ ▄█████████████▀ ▄▄███████████████▀ ▀▀▀▀▀▀▀▀▀▀▀
| | ▄██▄ ▄ ▐████ ▄▄ █████ ██████████ █████████████████▀ ▄████████████▀████▌ ██████████ ▀████ ▀▀ █████ ██████████ ▀████▌▄████████████▀ ▄▄▄███████████████▌ ██████████▀ ▐████ ▀▀▀ ████▌ ▀▀▀ ▀███▀
| | f | .FACEBOOK. ██████████████████████████████████████████████████████████████████████████ LINKEDIN | █ ║ █ | |
|
|
|
Thingamajig
|
|
April 02, 2014, 10:42:30 PM |
|
There are many merits and failings of both brain wallets and desktop wallets. To be honest, I think it's just a matter of personal preference...
It's an interesting discussion, but I think it's pretty much a finality that NEM will be using a desktop wallet system. A poll on the forum a while back, plus a general browse on forums, shows that desktop wallets are preferred by the vast majority of people.
Perhaps the fact that this discussion is happening indicates that a new wallet system is needed, a hybrid of brain and desktop wallets. Perhaps something for the NEM developers to think about in the future?
I'm not one for online wallets to be honest. In fact i'm not one for anything "online" based as i feel i have far less control over the security of whatever it is in question (Whether that be software or, in this case, currency) A hybrid would be ideal. This to me was the biggest downfall of NXT as online storage has more cons than pro's.
|
|
|
|
swartzfeger
|
|
April 02, 2014, 11:32:54 PM |
|
There are many merits and failings of both brain wallets and desktop wallets. To be honest, I think it's just a matter of personal preference...
It's an interesting discussion, but I think it's pretty much a finality that NEM will be using a desktop wallet system. A poll on the forum a while back, plus a general browse on forums, shows that desktop wallets are preferred by the vast majority of people.
Perhaps the fact that this discussion is happening indicates that a new wallet system is needed, a hybrid of brain and desktop wallets. Perhaps something for the NEM developers to think about in the future?
I'm not one for online wallets to be honest. In fact i'm not one for anything "online" based as i feel i have far less control over the security of whatever it is in question (Whether that be software or, in this case, currency) A hybrid would be ideal. This to me was the biggest downfall of NXT as online storage has more cons than pro's. Offspring for Nxt (Win/Mac/Linux) supports local wallets, I believe: https://github.com/incentivetoken/offspring
|
|
|
|
ShawnLeary
|
|
April 03, 2014, 03:17:25 AM |
|
we absolutely need desktopwallets aswell since myself for example don't trust anything that i do not have under my own control. I think others may think the same way. What's not on your own system (desktop wallet) is not really yours. I wouldn't use any onlinesolution for storing coins. I think it's not safe. An onlinepage with login and password is like an invitation for hackers to brute force.
i am actually pretty excited about nem. Can't wait for release.
i use a 512bit passphrase.. your saying that isnt safe? i don't even know what that is i got used to securing desktopwallets though and improved constantly on security and would be nice if i could use that knowledge for nem also. I never lost a coin that was on my own system. But i lost quite some coins on hacked exchanges. I like my coins offline for that reason edit: the logic is: if it is online theoretically the whole world can try to steal it. If it is not online nobody has really a way to access. it means that it would take 100s if not thousands of years to brute force it... well what if you go to someones house and you need your coins? ok if you have a 'seed' you can download a wallet but thats a pain in the ass... with brain wallets you can go from one comp to another very easily and move/use your coins.. also with the AE being inclient you can also trade with out even having to send your coins anywhere.. cant do that with offline clients.. also how many peoples computers have been directly hacked and coins stolen? if you state on here you have x amount of coins a good hacker wants then.. im sure they could take them.. brian wallets are the way to go.. for sure.. but there still needs to be support for offline storage i think... personally i think its pointless but if it makes people feel more secure then ok... Actually, with current technology a password that would take 100s or thousands of years to brute force would be a password that's under 10 characters long. Every time you add one character, the number of years goes up by a very large amount. A long time ago I created a program that would tell me how long it would take to brute force a password, based on certain conditions. I just tried it and a password with ten characters, would take 379.72 years to brute force, if a 95 key keyboard was used, and the computer was testing out 5 billion password per second. Which is a lot more than the average computer can do. If I add one more charter, the it goes from 379.72 years to 36,037.07 years. 12 characters 3.4 million years 13 characters 325.5 million years 14 characters 30 billion years 15 characters, my computer can't calculated, because the total number of unique passwords is too large. But with just 14 character we already went longer than the age of the universe. Those are quite big numbers, maybe scares brute forcers away Unless they think that "nope, the users won't use 95 keys, only a-z and 0-9, and there is 5 million accounts ... it is enough to get one of those" How big are the numbers then? When NXT accounts were hacked, was there any brute force case or was they all hacked by stolen passwords or the password was some "movie phrase" or such? movie phrases i think.. dictionary words ect... im quite happy with my passphrase then lol I only use Bruce Willis movie lines backwards and translated into Swahili first.
|
"We have the power to begin the world over again" - Thomas Paine
|
|
|
j23a
|
|
April 03, 2014, 05:06:41 AM |
|
Here are a bunch of NEM acronyms. http://www.acronymfinder.com/NEM.htmlI got exited when I saw "New Economy" but then saw "Model."
|
TBTSX4-NKRX55-HF2ECG-SHPBG3-XIDD2Y-QDRI3N-P2O6
|
|
|
Fatih87SK
|
|
April 03, 2014, 05:08:30 AM |
|
There are many merits and failings of both brain wallets and desktop wallets. To be honest, I think it's just a matter of personal preference...
It's an interesting discussion, but I think it's pretty much a finality that NEM will be using a desktop wallet system. A poll on the forum a while back, plus a general browse on forums, shows that desktop wallets are preferred by the vast majority of people.
Perhaps the fact that this discussion is happening indicates that a new wallet system is needed, a hybrid of brain and desktop wallets. Perhaps something for the NEM developers to think about in the future?
I'm not one for online wallets to be honest. In fact i'm not one for anything "online" based as i feel i have far less control over the security of whatever it is in question (Whether that be software or, in this case, currency) A hybrid would be ideal. This to me was the biggest downfall of NXT as online storage has more cons than pro's. Offspring for Nxt (Win/Mac/Linux) supports local wallets, I believe: https://github.com/incentivetoken/offspringTrue. You can save your coins on your PC with offspring.
|
|
|
|
|