| Nxt | Blockchain Platform | Proof of Stake | Official - page 360.

Eadeqa

hero member

Activity: 644

Merit: 500

Quote from: PilotofBTC on June 13, 2014, 03:08:44 PM

Generating a paper wallet would be pretty simple (since you are just generating a random password/id). The thing is, according to the NXT devs you really need to spend from an account/id to secure it (I guess that creates the public key?). Although, I do admit I'm not 100% sure how doing the spend really secures the account.

Your account number is 64 bits. So there could be many passwords (infinite actually) that result in the same 64 bit account ID. When you send an outgoing transaction, the account is no longer is protected just by 64 bit account ID, but by the 256 bit public key as the network now knows the public key for that account ID.

That's why it's required to send at least one outgoing transaction.

We don't need paper wallet. Just an app that does off line signing would make it close to 100% secure as the user is safe from keyloggers and malware. One outgoing transcation will still be needed, but that transaction can be signed on an offline computer that will never have internet connection.

PilotofBTC

legendary

Activity: 1736

Merit: 1001

Quote from: Cassius on June 13, 2014, 03:00:35 PM

Quote from: Eadeqa on June 13, 2014, 02:56:44 PM

Quote from: PilotofBTC on June 13, 2014, 02:52:28 PM

Any idea if anyone is working on a wallet like Armory that lets you create/sign transactions on a warm storage device and then transmit them from a hot wallet?

It's totally possible (and should be really easy) to create a small app (not fully featured client) that signs transactions on offline computer and then you broadcast it on online machine.

Maybe we can set a bounty on it?

This is a great idea. I really think that's one feature that NXT would benefit from, or some kind of cold storage solution.
At the moment, I'm keeping the bulk of my NXT in a separate account from my day-to-day one. I don't sign in often and was careful setting it up, but it's still not as secure as traditional (bitcoin-style) cold storage, where nothing needs to be done online.

Generating a paper wallet would be pretty simple (since you are just generating a random password/id). The thing is, according to the NXT devs you really need to spend from an account/id to secure it (I guess that creates the public key?). Although, I do admit I'm not 100% sure how doing the spend really secures the account.

dandruff1138

hero member

Activity: 700

Merit: 501

1000% ROI Masternode Coin

NXT won't let me unwatch this thread!!!! Angry

Cassius

legendary

Activity: 1764

Merit: 1031

Quote from: Eadeqa on June 13, 2014, 02:56:44 PM

Quote from: PilotofBTC on June 13, 2014, 02:52:28 PM

Any idea if anyone is working on a wallet like Armory that lets you create/sign transactions on a warm storage device and then transmit them from a hot wallet?

It's totally possible (and should be really easy) to create a small app (not fully featured client) that signs transactions on offline computer and then you broadcast it on online machine.

Maybe we can set a bounty on it?

This is a great idea. I really think that's one feature that NXT would benefit from, or some kind of cold storage solution.
At the moment, I'm keeping the bulk of my NXT in a separate account from my day-to-day one. I don't sign in often and was careful setting it up, but it's still not as secure as traditional (bitcoin-style) cold storage, where nothing needs to be done online.

Eadeqa

hero member

Activity: 644

Merit: 500

Quote from: PilotofBTC on June 13, 2014, 02:58:19 PM

Quote from: Eadeqa on June 13, 2014, 02:56:44 PM

Quote from: PilotofBTC on June 13, 2014, 02:52:28 PM

Any idea if anyone is working on a wallet like Armory that lets you create/sign transactions on a warm storage device and then transmit them from a hot wallet?

It's totally possible (and should be really easy) to create a small app (not fully featured client) that signs transactions on offline computer and then you broadcast it on online machine.

Maybe we can set a bounty on it?

I'm going to have to write code to do this for the anonymizer I am working on. So, I could probably put something together from that. A bounty would motivate me. Wink

You should ask Anon136 for bounty as he is on community funds

I don't think bounty should be large, as this should be really easy task as you just save the transaction to USB drive, sign it on offline machine, then back to online machine to broadcast it. All the API and error checking is already done by NRS

PilotofBTC

legendary

Activity: 1736

Merit: 1001

Quote from: Eadeqa on June 13, 2014, 02:56:44 PM

Quote from: PilotofBTC on June 13, 2014, 02:52:28 PM

Any idea if anyone is working on a wallet like Armory that lets you create/sign transactions on a warm storage device and then transmit them from a hot wallet?

It's totally possible (and should be really easy) to create a small app (not fully featured client) that signs transactions on offline computer and then you broadcast it on online machine.

Maybe we can set a bounty on it?

I'm going to have to write code to do this for the anonymizer I am working on. So, I could probably put something together from that. A bounty would motivate me. Wink

Eadeqa

hero member

Activity: 644

Merit: 500

Quote from: PilotofBTC on June 13, 2014, 02:52:28 PM

Any idea if anyone is working on a wallet like Armory that lets you create/sign transactions on a warm storage device and then transmit them from a hot wallet?

It's totally possible (and should be really easy) to create a small app (not fully featured client) that signs transactions on offline computer and then you broadcast it on online machine.

Maybe we can set a bounty on it?

PilotofBTC

legendary

Activity: 1736

Merit: 1001

Quote from: Anon136 on June 13, 2014, 02:25:13 PM

No i dont think so. Im pretty sure that a password that you store in a text file on your desktop and copy and paste into your client is less secure than one that you memorize and type into your client.

There's two issues here.

1. Will a sufficiently long/complex password protect your NXT account. YES. It will take ages to crack strong passworded NXT ids.

2. Are you able to keep your password safe? Um, storing it in a text file doesn't seem safe to me. But, I agree, memorizing a "pin" (call it that last 4-6 digits of your password) and never writing them down or saving them in a file is a nice idea. Also, make sure you are running a fire wall and good mal ware software to prevent key loggers from getting to your PC.

Any idea if anyone is working on a wallet like Armory that lets you create/sign transactions on a warm storage device and then transmit them from a hot wallet?

Eadeqa

hero member

Activity: 644

Merit: 500

Quote from: Anon136 on June 13, 2014, 02:25:13 PM

No i dont think so. Im pretty sure that a password that you store in a text file on your desktop and copy and paste into your client is less secure than one that you memorize and type into your client.

A keylogger can catch both password when you enter them (the one you type and the one you copy and paste)

Password manager is safer as some of them (like Keypass) have anti key logger features

http://keepass.info/help/v2/autotype_obfuscation.html

From Above

hero member

Activity: 700

Merit: 520

Quote from: Anon136 on June 13, 2014, 02:47:24 PM

Quote from: Este Nuno on June 13, 2014, 02:42:10 PM

Quote from: Anon136 on June 13, 2014, 10:16:58 AM

Quote from: salsacz on June 13, 2014, 02:17:48 AM

Words relating to pay expo

sending an ounce of silver to say thankyou for the hard work.

How does this work? I saw you have silver listed on NXT somehow from a giveaway thread you posted(I think it was you anyway). When you say you're sending him an ounce of silver, does that mean you're sending him coloured coins or something at represent 1 oz of silver? How does one redeem them for real silver?

Yes i am sending a colored coin. For the lower 48 in the US, inorder to redeam one must send an amount of tokens divisible by ten to the issuing address with an adjoined message containing the mailing address that you would like the coins to be delivered to. Shipping to anywhere else should pm me to discuss specific arrangements.

Send me some silver plz
U ship to Russia?

Anon136

legendary

Activity: 1722

Merit: 1217

Quote from: Este Nuno on June 13, 2014, 02:42:10 PM

Quote from: Anon136 on June 13, 2014, 10:16:58 AM

Quote from: salsacz on June 13, 2014, 02:17:48 AM

Words relating to pay expo

sending an ounce of silver to say thankyou for the hard work.

How does this work? I saw you have silver listed on NXT somehow from a giveaway thread you posted(I think it was you anyway). When you say you're sending him an ounce of silver, does that mean you're sending him coloured coins or something at represent 1 oz of silver? How does one redeem them for real silver?

Yes i am sending a colored coin. For the lower 48 in the US, inorder to redeam one must send an amount of tokens divisible by ten to the issuing address with an adjoined message containing the mailing address that you would like the coins to be delivered to. Shipping to anywhere else should pm me to discuss specific arrangements.

Este Nuno

legendary

Activity: 826

Merit: 1002

amarha

Quote from: Anon136 on June 13, 2014, 10:16:58 AM

Quote from: salsacz on June 13, 2014, 02:17:48 AM

Words relating to pay expo

sending an ounce of silver to say thankyou for the hard work.

How does this work? I saw you have silver listed on NXT somehow from a giveaway thread you posted(I think it was you anyway). When you say you're sending him an ounce of silver, does that mean you're sending him coloured coins or something at represent 1 oz of silver? How does one redeem them for real silver?

Anon136

legendary

Activity: 1722

Merit: 1217

Quote from: Eadeqa on June 13, 2014, 01:46:33 PM

Quote from: Anon136 on June 12, 2014, 11:09:44 PM

Quote from: zachamo on June 12, 2014, 10:25:15 PM

Ugh... Are you kidding me? Are there bots prowling the network with a boatload of password-account combinations stored watching the for transactions to known addresses or something?

I got some NXT a long time ago and kept it tucked away, but with the updated client it seems I didn't have a public key, so I sent a message.. easy enough... my balance was there, but I couldn't forge because it was unconfirmed... so I figure this has something to do with old balances being 'unconfirmed' under the updated protocol until it's seen activity.. So I flip my NXT into another account that I used in the past (tx 3603756272827733121), wait for it to confirm, and as soon as it does the NXT has moved on to an account out of my control (tx 10738856805317237622)...!!!

WTF? I sat here waiting for a confirm to flip it right back, and it vanishes before my very eyes! We're talking within 2 seconds of the first confirmation!

If the network is this compromised, how do you ever expect mainstream adoption... I've had an eye on NXT since the beginning and was really into the new look and feel, the asset exchange, etc.. My interest was building in NXT again (initially less than impressed by the distribution, but it seemed a lot of great work had gone into the protocol..) Too bad.. Nxt looked cool, but as it stands I'm out.. Not sure that this can be called a 2nd generation crypto when it's this vulnerable to theft. I'd say the target audience is even more specialized than bitcoin; the average joe can hardly remember "Password1"!

You should use 2 passwords. One that you save locally or on the cloud that has back ups and redundancies and that you dont actually memorize, and one that you do memorize and never save on any computer that touches the internet. Then simply concatenate the two passwords when entering your wallet. The first will protect you against rainbow tables (thats what got you) and the second will protect you against hackers. Its a pretty simple concept but it really should be spelled out, its certainly not peoples fault for not knowing this. Heck the client should even come with two password fields and concatenate them for people imo.

This makes absolutely no sense whatsoever. Two passwords and one long passwords is the same thing.

"Then simply concatenate the two passwords when entering your wallet."

If your machine is compromised, both passwords could be stolen when you are entering them in the wallet. This doesn't add any security then just having one longer password.

No i dont think so. Im pretty sure that a password that you store in a text file on your desktop and copy and paste into your client is less secure than one that you memorize and type into your client.

Triffin

sr. member

Activity: 952

Merit: 251

So, given zachamo's experience, is this a security issue that the devs need to address
or is this an individual wallet holder issue with regards to strength of password ??

Triff ..

Eadeqa

hero member

Activity: 644

Merit: 500

Quote from: Anon136 on June 12, 2014, 11:09:44 PM

Quote from: zachamo on June 12, 2014, 10:25:15 PM

Ugh... Are you kidding me? Are there bots prowling the network with a boatload of password-account combinations stored watching the for transactions to known addresses or something?

I got some NXT a long time ago and kept it tucked away, but with the updated client it seems I didn't have a public key, so I sent a message.. easy enough... my balance was there, but I couldn't forge because it was unconfirmed... so I figure this has something to do with old balances being 'unconfirmed' under the updated protocol until it's seen activity.. So I flip my NXT into another account that I used in the past (tx 3603756272827733121), wait for it to confirm, and as soon as it does the NXT has moved on to an account out of my control (tx 10738856805317237622)...!!!

WTF? I sat here waiting for a confirm to flip it right back, and it vanishes before my very eyes! We're talking within 2 seconds of the first confirmation!

If the network is this compromised, how do you ever expect mainstream adoption... I've had an eye on NXT since the beginning and was really into the new look and feel, the asset exchange, etc.. My interest was building in NXT again (initially less than impressed by the distribution, but it seemed a lot of great work had gone into the protocol..) Too bad.. Nxt looked cool, but as it stands I'm out.. Not sure that this can be called a 2nd generation crypto when it's this vulnerable to theft. I'd say the target audience is even more specialized than bitcoin; the average joe can hardly remember "Password1"!

You should use 2 passwords. One that you save locally or on the cloud that has back ups and redundancies and that you dont actually memorize, and one that you do memorize and never save on any computer that touches the internet. Then simply concatenate the two passwords when entering your wallet. The first will protect you against rainbow tables (thats what got you) and the second will protect you against hackers. Its a pretty simple concept but it really should be spelled out, its certainly not peoples fault for not knowing this. Heck the client should even come with two password fields and concatenate them for people imo.

This makes absolutely no sense whatsoever. Two passwords and one long passwords is the same thing.

"Then simply concatenate the two passwords when entering your wallet."

If your machine is compromised, both passwords could be stolen when you are entering them in the wallet. This doesn't add any security then just having one longer password.

ChuckOne

sr. member

Activity: 364

Merit: 250

☕ NXT-4BTE-8Y4K-CDS2-6TB82

Quote from: PilotofBTC on June 13, 2014, 11:41:52 AM

Quote from: ?? on ??

Quote from: ChuckOne on June 13, 2014, 11:24:30 AM

Quote from: ?? on ??

1000 million scam coins for sale

Where? I want to buy cheap! Cheesy

NOT on MINTPALL they dont do scamming shit coins.

Hmm... Starting at the top of their coin list going down.

AC - PoS coin.
AUR - PoW but 50% PREMINE - (created on a keyboard)
BC - PoS coin.
C2 - PoS coin.

Guess I'll stop there.

Why do you care? If you don't like them, don't buy or trade them. Why am I feeding trolls?

Because they are cute when they nibble their food.

Shivalein

member

Activity: 117

Merit: 10

A whole fucking forum full of fucking trolls.

Please close and moderate the nxt thread

zachamo

sr. member

Activity: 347

Merit: 251

There can be only one!

PilotofBTC

legendary

Activity: 1736

Merit: 1001

Quote from: ?? on ??

Quote from: ChuckOne on June 13, 2014, 11:24:30 AM

Quote from: ?? on ??

1000 million scam coins for sale

Where? I want to buy cheap! Cheesy

NOT on MINTPALL they dont do scamming shit coins.

Hmm... Starting at the top of their coin list going down.

AC - PoS coin.
AUR - PoW but 50% PREMINE - (created on a keyboard)
BC - PoS coin.
C2 - PoS coin.

Guess I'll stop there.

Why do you care? If you don't like them, don't buy or trade them. Why am I feeding trolls?

ChuckOne

sr. member

Activity: 364

Merit: 250

☕ NXT-4BTE-8Y4K-CDS2-6TB82

Quote from: ?? on ??

Quote from: ChuckOne on June 13, 2014, 11:24:30 AM

Quote from: ?? on ??

1000 million scam coins for sale

Where? I want to buy cheap! Cheesy

NOT on MINTPALL they dont do scamming shit coins.

salsacz?

Topic: | Nxt | Blockchain Platform | Proof of Stake | Official - page 360. (Read 941427 times)