Author

Topic: NXT :: descendant of Bitcoin - Updated Information - page 1269. (Read 2761629 times)

sr. member
Activity: 490
Merit: 250
I don't really come from outer space.
It's a good trick if applied in a right place. In Nxt we don't need it if a secret phrase entropy is high enough (~256 bits).

Yeah, but that's the problem! People constantly pick low-entropy passphrases, because they are used to regular passwords.

And then their account gets hacked with something that looks like offline bruteforcing.

So what if instead of doing

MessageDigest.getInstance("SHA-256").digest(secretPhrase.getBytes("UTF-8"))

we add something like PBKDF2 to improve security?

If we did something like this: https://bitcointalksearch.org/topic/m.4821453 then we could easily add Bitcoin-like wallet functionality.  Let the computer use a good random number generator to generate the private key.  Local machine could have its own "weak" password for the local wallet, and the blockchain address would not be able to be brute-forced.
sr. member
Activity: 448
Merit: 280
Hello ! I relooked NXT message with CSS and HTML. The yellow block is pasted from How to send a message (NXT wiki). Do you like it ?

hero member
Activity: 840
Merit: 1002
Simcoin Developer
It's a good trick if applied in a right place. In Nxt we don't need it if a secret phrase entropy is high enough (~256 bits).

Yeah, but that's the problem! People constantly pick low-entropy passphrases, because they are used to regular passwords.

And then their account gets hacked with something that looks like offline bruteforcing.

So what if instead of doing

MessageDigest.getInstance("SHA-256").digest(secretPhrase.getBytes("UTF-8"))

we add something like PBKDF2 to improve security?
full member
Activity: 266
Merit: 100
NXT is the future
yes, we need unless you prefer emunie starts to gain market share at the expense of nxt. What would happen if emunie starts to gain investor attention because they implement some features that nxt is just talking about??

don't you think it would be better to say to the world, look, nxt is here with those features done before any other crypto and make a strong marketing campaing.

Has any stakeholder talked about hiring a good SEO or marketing professional??

TBH, I prefer to use Nxt as store of value, eMunie as mean of exchange and Ethereum for public smart contracts (to fund firemen, etc.).

ok time for the blue one  Grin
legendary
Activity: 2142
Merit: 1010
Newbie
yes, we need unless you prefer emunie starts to gain market share at the expense of nxt. What would happen if emunie starts to gain investor attention because they implement some features that nxt is just talking about??

don't you think it would be better to say to the world, look, nxt is here with those features done before any other crypto and make a strong marketing campaing.

Has any stakeholder talked about hiring a good SEO or marketing professional??

TBH, I prefer to use Nxt as store of value, eMunie as mean of exchange and Ethereum for public smart contracts (to fund firemen, etc.).
sr. member
Activity: 490
Merit: 250
I don't really come from outer space.
- people not generating public keys - in the client there could be some warning with explanation and advice to get it, to send 1 transaction / create 1 alias

I'd really like to see an API call similar to broadcastTransaction that would allow one to specify the full 256-bit public key address to send to, rather than just a 64-bit recipient address.

There would be a minimum of 1 NXT fee, and a send payment amount minimum of 1 NXT.

If the 256-bit public key collided with an existing 64-bit recipient address, the transaction would be rejected.

If the 256-bit public key did not already exist in the blockchain, it would be added.

This would allow the creation of secure paper wallets.
legendary
Activity: 2142
Merit: 1010
Newbie
Oh, I remembered what I wanted to ask you, CfB: what do you think about key stretching?

It's a good trick if applied in a right place. In Nxt we don't need it if a secret phrase entropy is high enough (~256 bits).
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
Oh, I remembered what I wanted to ask you, CfB: what do you think about key stretching?

Would this protect users with weak passphrases?

Indeed - key stretching is what scrypt is all about and was proven by both myself and Mike Caldwell in challenges to crack passwords that were only 5 or 6 characters long (his challenge was 6 and mine was 5 from memory).

Apart from that I think that the ability to create a new account from an existing one with the pubic key being published as part of the account creation would help things from the perspective of "cold storage" (actually it would be even better if rather than the public key a hash of it could be used for those that are paranoid about ECDSA being cracked).
newbie
Activity: 21
Merit: 0
come-from-beyond:

are you working with timelines to present some new and innovative nxt feautures in order to counter-attack emunie and ehtereum (further in time) IPO?

i mean, for instance, if emunie is gonna be launch in a few days, implement something new in nxt just one or two days before the emunie IPO??

in case of affirmative answer, is it going to be a good marketing campaing to promote it??

Counter-attack? We don't need to counter-attack them, do we?

yes, we need unless you prefer emunie starts to gain market share at the expense of nxt. What would happen if emunie starts to gain investor attention because they implement some features that nxt is just talking about??

don't you think it would be better to say to the world, look, nxt is here with those features done before any other crypto and make a strong marketing campaing.

Has any stakeholder talked about hiring a good SEO or marketing professional??
legendary
Activity: 2142
Merit: 1010
Newbie
Are you going to invest in Ethereum?

Maybe, depends on if I get answers on my questions.

I heard that they have switched Dagger with a PoS/PoW mix solution. Did that answer your question?

No.
hero member
Activity: 840
Merit: 1002
Simcoin Developer
- people using weak passwords

Oh, I remembered what I wanted to ask you, CfB: what do you think about key stretching?

Would this protect users with weak passphrases?
full member
Activity: 221
Merit: 100
Are you going to invest in Ethereum?

Maybe, depends on if I get answers on my questions.

I heard that they have switched Dagger with a PoS/PoW mix solution. Did that answer your question?
hero member
Activity: 490
Merit: 504
Current security problems that could be solved by new clients:

- people using weak passwords (could be implemented this script so people would know they use weak password? https://nextcoin.org/index.php/topic,3608.msg34002.html#msg34002 )

- people sending Nxt to the wrong addresses (it looks like it is being implemented, something like - if you add a receiver accound number, you will see his ballance.

- people not generating public keys - in the client there could be some warning with explanation and advice to get it, to send 1 transaction / create 1 alias
legendary
Activity: 2142
Merit: 1010
Newbie
come-from-beyond:

are you working with timelines to present some new and innovative nxt feautures in order to counter-attack emunie and ehtereum (further in time) IPO?

i mean, for instance, if emunie is gonna be launch in a few days, implement something new in nxt just one or two days before the emunie IPO??

in case of affirmative answer, is it going to be a good marketing campaing to promote it??

Counter-attack? We don't need to counter-attack them, do we?
newbie
Activity: 21
Merit: 0
come-from-beyond:

are you working with timelines to present some new and innovative nxt feautures in order to counter-attack emunie and ehtereum (further in time) IPO?

i mean, for instance, if emunie is gonna be launch in a few days, implementing something new in nxt just one or two days before the emunie IPO??

in case of affirmative answer, is it going to be a good marketing campaing to promote it??
legendary
Activity: 1120
Merit: 1000
Are you going to invest in Ethereum?

Maybe, depends on if I get answers on my questions.

Yeah exactly, missing those.
legendary
Activity: 2142
Merit: 1010
Newbie
Are you going to invest in Ethereum?

Maybe, depends on if I get answers on my questions.
legendary
Activity: 1120
Merit: 1000
What niches are you referring to?

Nxt is for high tps rate. Ethereum can't process a lot of transactions without usage of supercomputers.

Are you going to invest in Ethereum?
legendary
Activity: 2142
Merit: 1010
Newbie
What niches are you referring to?

Nxt is for high tps rate. Ethereum can't process a lot of transactions without usage of supercomputers.
newbie
Activity: 25
Merit: 0
If we're afraid of memory corruption then we need to add error check for the amount of money sent and for the fee, don't we?  Smiley

Sure. Unfortunately it's not possible. But that's not a valid reason to skip address verification.

As I said before, the fact that you can die from a heart attack on an airplane, doesn't mean we now don't have to worry about engine safety.

Plus, if the amount is corrupted then the address will probably be corrupted too and if there is a check for it, such transaction will be rejected.

NxChg, I completely agree with you about address verification.

Money can easily be lost with NXT by sending to the wrong address.

I think this currency could "go viral" with little need for marketing if we can demonstrate we can address underlying issues quickly and intelligently.  To me, this appears to be a glaring issue.  I have a hard time introducing NXT to people until we have reliable error detection so people don't send money to a bad address.  I would love to setup friends and family with some NXT but I don't feel comfortable yet.  This may be a more difficult change to implement and get right but it is critical and a higher priority than anything else I can think of.

Jump to: