Topic: [ANN] 📁 novusphere.io 📁 atmos (ATMS) 📁 Censorship Resistant Media Sharing 📁 - page 19. (Read 120206 times)

No, no I do believe you as you stated - "I'm not claiming this is some innovative technique either as it simply employs the same mechanism Electrum uses"

The technique VTR has employed on the other hand is innovative.

Ask a 3rd party developer if what I said is incorrect if for whatever reason you don't believe me, I'm happy to discuss it with someone who is code literate if they believe otherwise. In fact, ask the VTR developer himself . This isn't a game of you say jump and I say how high. There are more important things to be worked on then improving the wallet of the temporary block chain.

Put it in the wallet then

What difference does it make whether it's implemented in the wallet or not?

Would it some how be different technologically because it's wrapped in a QT interface? If it was in the wallet the flow would be trivially different:

In Wallet

• Wallet generates transaction with single signature (from local key)
• Wallet prompts for 2fa code
• Wallet sends 2fa code and raw transaction to trusted server to verify
• If trusted server fails to verify the 2fa code, it doesn't cosign the transaction so funds can't be spent
• If trusted server verifies the 2fa code, it cosigns the transaction and broadcasts the transaction

External from Wallet

• Trusted server asks user for 2fa code
• If trusted server fails to verify 2fa code, no transaction is created
• If trusted server verifies the 2fa code, it creates the transaction, cosigns it, sends it back to the user to verify
• User cosigns from their wallet and broadcasts the transaction

From this you can see implementing it in the wallet makes little to no difference with how it actually works. I'm not claiming this is some innovative technique either as it simply employs the same mechanism Electrum uses but offers an easy to use reference for alt coins.

Read the notes, it hasn't been implemented into the wallet. Why would VTR devs release code to be stolen? Web based 2FA sounds like a real "first"

It's taken vtr 3 years and they still have a closed source 2fa, looks like you are miles ahead of them. Good work dev.

Multisig 2fa Transactions

Today, we are introducing a mechanism for users to secure their funds on the temporary block chain via a true 2fa multisig transactions. We'll be posting another update later on detailing the status of other things we have been working on.

When we release our web wallet, a native implementation will be available and won't require as much hassle on the users end and will simply prompt you for the 2fa code within the wallet when you attempt to spend from a 2fa multisig address.

You can access the feature as well as guide on how to use it at https://novusphere.io/Home/Multisig

https://twitter.com/thenovusphere/status/857386598262034433

Brief Overview

For two factor (via google authenticator) to work in a secured mannerism a server or central must hold a copy of your two factor secret; It must not be derrived client side based on something like a wallet passphrase. This is how two factor traditionally works on many sites we're all familiar with such as exchanges; The server saves some secret and reveals it to us once in the form of a QR code we can scan.

This implementation makes use of 2-of-3 multisigs where the client holds 2 keys but is urged to keep their 2nd key offline and seperate from their main wallet. Instead for the 2nd signature, you trust the server holding the 3rd key to cosign the multisig transaction only if the 2FA check is passed. Electrum uses a similar model where you trust a server to co-sign for you: http://docs.electrum.org/en/latest/2fa.html


Is this decentralized? What happens if Novus is hacked?

Even if Novus or the central server is hacked or bricked and loses all of its private keys no harm is done to user funds. This is because the server only contains 1 of 3 private keys required to spend funds. In the case the server is unable to cosign a transaction then you can resort to using the 2nd key which should be stored offline and separate from your main wallet.

In other words, even if Novus is hacked or compromised this should not affect the safety of your funds!

What happens if I (the user) am hacked?

Supposing that the hacker has gotten access to the wallet and your passphrase on your main computer, they cannot spend any funds from the multisig 2fa address without having either your 2nd key or alternatively your 2fa secret that should only be on your phone as this is the requirement for the server to cosign.

In other words, your funds should still be safe.

Is this open source?

Yes!

https://github.com/asphyxiating/Multisig2faTxExample/blob/master/Multisig2faTxExample/Multisig2faTx.cs

The above is a reference implementation showing how any coin from a bitcoin code base can implement it. We would strongly advise all projects to implement such a mechanism to offer better security for users funds as this should be one of the top priorities for any project.

Notes

While our implementation is done externally from the wallet, it's entirely possible to natively implement this solution to the wallet but since it's our intent to develop a web wallet in the near future we have decided not to do this. Multisig 2fa transactions will be natively available in our web wallet at a later time.

Pretty big one, I'd say.

Also, Asphyxia said a bounty system was going to be integrated soon. Hopefully some more word on that will come in the next update(s).

Nice signature!  

Vtorrent is not a company so the concept of business model is ill-defined in its case, the more people use the technology the more the value of the coin rises by the law of supply and demand, the inability to control what users share doesn't make it illegal, only decentralized (though I'm sure some policy makers would love to make 'decentralized' illegal)

Stating facts doesn't make one a fanboy, and in case you haven't realized I posted on the first page of this thread

Security update on Thursday as stated in this thread earlier. (Page 68 if you are using default forum settings.)

I don't know what to tell you, don't use a shared computer, use a dedicated computer for staking, or use a virtual machine which you control (preferably on a computer that is not shared.)

I'm on a sort of shared computer (just me and one other person uses it) but for the most part it is relatively safe.

If you want to be extra safe, you will use an offline computer, but then that doesn't stake.

No

Big announcement coming tonight, right?

It is legal, there are DMCA take downs there, all the content there is user submitted and automatically generated, with Novus having no control over it unless they decide to add new rules to block content - which they will if rights holders file the take down. And atmos gateway is only one gateway, an example, anyone in the future wallet will have their own gateway with any rules they want.

Similarly, Bittorent is a legal company in US, similarly they have no control over what bittorent is used for.

Cryptopia is a trusted exchange and has never had problems. Dev already had several discussions with bittrex, but they won't release details until it's final, probably when we're further along in releases.

What new update?

A day happened
still no buywall at 800

Yeah it sure is Fake

It´s funny to see how the market on cryptopia is manipulated and whales trying to get out of this with fake Volume and Fake buy walls.
Everyday 3 times the same... 3 buy peaks and than the whole day nothing. No Trading.

I'm gonna be right behind ya. Get them on board with us