Here you have these pro-devs and uber-geeks...
SCOLDING you that to use NXT you must become an amateur cryptologist...
He doesn't have to be come an amateur cryptologist - quite the reverse. We discourage that. What he needed to do was use the password the default client provided. That would have been 12 words, with over 128 bits of entropy. It's because he chose to use his own password that he needs to know how to make a strong one. His refusal to say what his password actually was makes it impossible to say whether he did that. He is refusing because he's used similar passwords, with many of the same words, elsewhere. That too is a weakness. We discourage amateur cryptology because they so often get it wrong.
Sort of sad that one has to generate some crazy password in order to secure an account.
You don't. Just use the password the default client generates for you.
Cause it seems to me NXT gets a lot of stolen NXT reports and would point to a fundamental problem with NXT.
The problem isn't fundamental; it'd be easy to fix in the client. I'd rather it used a wallet.dat, same as Bitcoin. Some Nxt clients do. The downside is that if you lose the wallet.dat file, you lose access to your coins; and that has happened to people. Swings and roundabouts. It would help if the client didn't allow users to pick their own passwords at all. (I also think the client should ask for the account code, and only ask for the password when they actually make a transaction.)
Well actually, it is a fundamental problem. It doesn't matter what password anyone generates. If you receive NXT and have not sent any out, a hacker doesn't even have to know your exact password to steal them. All they have to do is have a pregenerated key (based on some alternate password) that match your account number (part of the issue here is that this is only 64 bits long instead of 128+ like other coins) and they can steal them. That's why NXT implemented that "hack" to put your public key into the blockchain once you do your first send of coins and that makes it so a hacker then needs your full password to get access to your account.
In other words, in order to secure your account, you have to first generate a strong password, receive some NXT and then send some out. Only then is your account going to be truly "secure".
There are people on the nxt forum right now trying to generate keys to get access to accounts that have NXT sitting in them but have never had any outputs.
https://nxtforum.org/general-discussion/darknxt-up-for-grabs-first-come-first-serve!/
People should educate themselves before they start saying it's someones fault for not having a strong password.
) on BitcoinTrashTalk makes me wary. I'm tempted to take the hard line and point out that, AFAIK, you haven't proven beyond doubt that you actually have used this account yet... you can do this by posting the passphrase and showing you have access...
