NXT :: descendant of Bitcoin - Updated Information - page 1375.

Fatih87SK

hero member

Activity: 616

Merit: 500

Quote from: Thingamajig on January 24, 2014, 06:18:53 PM

Quote from: rajc on January 24, 2014, 06:04:08 PM

Quote from: bitcoinpaul on January 24, 2014, 04:36:58 PM

Quote from: Fatih87SK on January 24, 2014, 04:33:56 PM

Started with my blog. Click at "NXT News" to take a glimpse.

I will add important news of the past to complete it.

http://ilgunf.wix.com/nxtmovement

When I post something new. I will tweet it at https://twitter.com/NXTmovement

You need to get rid of this advertising stuff. Domains are cheap nowadays.

Have a look at nxtion.com, nxtcrypto.org, mynxt.org, ...

there are still people that are not using adblock?
adblockplus.org

I get the feeling this is besides the point. Hardly encourages confidence in a rising currency when it's own sites rely on ad revenue.

I didn't activated any ads. It is activated by its own because you can build free websites there. I don't get any revenue for the ads. In fact I have to pay an amount of money per month to get rid of it. Maybe I will do it soon.

Let's get on topic now. Lot's of work to do.

EvilDave

hero member

Activity: 854

Merit: 1001

Quote from: iruu on January 24, 2014, 05:20:34 PM

It's easy to defeat bruteforce.

Instead of using the password for account, use the password as an input for PBKDF2 with number of iterations inversely related to password's length.
The relation: one second for safe passwords, longer for unsafe, let's say it's 15 second for something like "apple".

This makes bruteforcing much harder even for short passwords.

It's possible to add a second simple field, even an user's real name, and use it as a salt. The combination would make bruteforcing almost impossible.

For compatibility with other accounts, it's enough to add a checkbox 'use older password system'.

I can implement this in JS. Jitted JS in new browsers is fast enough. I asked Jean-Luc if he would include this if I did (no point writing only for myself - I have a secure password) but he wasn't interested.

https://forums.nxtcrypto.org/viewtopic.php?f=17&t=557

Forgive me for not being all that technically brilliant.
My understanding of what this idea translates to is a timeout in between each password log-in attempt, with the timeout period increasing for simpler passwords. Have I got the idea?

It seems like a good idea to me, maybe just set a default time between log-in attempts of 10-30 seconds. That will at least slow directed BF attacks down considerably. However, there is nothing to stop the attacker attacking multiple accounts simultaneously, switching between targets as it gets locked out.

Someone, whose name I shall not mention, did float the idea of creating a hashcat(?)-based tool to carry out an automated bruteforce attack on the entire NXT blockchain, ie all accounts. Maybe this has been implemented.......we need to keep a very good watch out for hacking reports, and take them seriously.

Damelon

legendary

Activity: 1092

Merit: 1010

Quote from: Thingamajig on January 24, 2014, 06:18:53 PM

Quote from: rajc on January 24, 2014, 06:04:08 PM

Quote from: bitcoinpaul on January 24, 2014, 04:36:58 PM

Quote from: Fatih87SK on January 24, 2014, 04:33:56 PM

Started with my blog. Click at "NXT News" to take a glimpse.

I will add important news of the past to complete it.

http://ilgunf.wix.com/nxtmovement

When I post something new. I will tweet it at https://twitter.com/NXTmovement

You need to get rid of this advertising stuff. Domains are cheap nowadays.

Have a look at nxtion.com, nxtcrypto.org, mynxt.org, ...

there are still people that are not using adblock?
adblockplus.org

I get the feeling this is besides the point. Hardly encourages confidence in a rising currency when it's own sites rely on ad revenue.

It's a site made by a Nxt owner who wants to help out.
I feel it's a bit weird to impose standards for site as fellow stakeholders.

Sure, we can have opinions, but it's not like there is a central bureaucracy endorsing sites here

TwinWinNerD

legendary

Activity: 1680

Merit: 1001

CEO Bitpanda.com

Quote from: mercenar1e on January 24, 2014, 06:16:38 PM

do we expect a price increase during/after the Bitcoin conference?

wait a minute, i need to warm up my glassball

Thingamajig

hero member

Activity: 497

Merit: 501

Quote from: rajc on January 24, 2014, 06:04:08 PM

Quote from: bitcoinpaul on January 24, 2014, 04:36:58 PM

Quote from: Fatih87SK on January 24, 2014, 04:33:56 PM

Started with my blog. Click at "NXT News" to take a glimpse.

I will add important news of the past to complete it.

http://ilgunf.wix.com/nxtmovement

When I post something new. I will tweet it at https://twitter.com/NXTmovement

You need to get rid of this advertising stuff. Domains are cheap nowadays.

Have a look at nxtion.com, nxtcrypto.org, mynxt.org, ...

there are still people that are not using adblock?
adblockplus.org

I get the feeling this is besides the point. Hardly encourages confidence in a rising currency when it's own sites rely on ad revenue.

mercenar1e

member

Activity: 112

Merit: 10

do we expect a price increase during/after the Bitcoin conference?

mynxtcoin

newbie

Activity: 20

Merit: 0

Is it possible to see a list of blocks your account has solved, the time it was created, and the nxt paid for that block?

rajc

full member

Activity: 139

Merit: 100

Quote from: bitcoinpaul on January 24, 2014, 04:36:58 PM

Quote from: Fatih87SK on January 24, 2014, 04:33:56 PM

Started with my blog. Click at "NXT News" to take a glimpse.

I will add important news of the past to complete it.

http://ilgunf.wix.com/nxtmovement

When I post something new. I will tweet it at https://twitter.com/NXTmovement

You need to get rid of this advertising stuff. Domains are cheap nowadays.

Have a look at nxtion.com, nxtcrypto.org, mynxt.org, ...

there are still people that are not using adblock?
adblockplus.org

Damelon

legendary

Activity: 1092

Merit: 1010

Quote from: Fatih87SK on January 24, 2014, 05:42:11 PM

Thanks Damelon. I just tweeted your website =)

Thanks you

Fatih87SK

hero member

Activity: 616

Merit: 500

Quote from: Damelon on January 24, 2014, 05:03:23 PM

Quote from: Passion_ltc on January 24, 2014, 04:59:14 PM

Quote from: bitcoinpaul on January 24, 2014, 04:53:33 PM

Quote from: Fatih87SK on January 24, 2014, 04:48:37 PM

Quote from: bitcoinpaul on January 24, 2014, 04:36:58 PM

Quote from: Fatih87SK on January 24, 2014, 04:33:56 PM

Started with my blog. Click at "NXT News" to take a glimpse.

I will add important news of the past to complete it.

http://ilgunf.wix.com/nxtmovement

When I post something new. I will tweet it at https://twitter.com/NXTmovement

You need to get rid of this advertising stuff. Domains are cheap nowadays.

Have a look at nxtion.com, nxtcrypto.org, mynxt.org, ...

I'm an Interior Architect. This is how much I can do with my knowledge. Enjoying doing it. I wish I could do it without the help of the wix plugins and could host it etc. Wix offer me to get rid of the advertising for 12 euros per month. Maybe I will do that if it succeeds.

If I don't succeed in inspiring people about NXT than so be it.

12€/month is expensive Shocked

rip-off

I pay 11$ / 8€ each month for 5 domains, 100gb space and unlimited traffic. Normal webhosting. Fatih, you should consider this. You will learn a lot. Wink

If Fatih feels comfortable doing it his way, it's his call.
I think it's great that people do something at the level of competence that they have.
If he keeps the work up, he will learn.

But yes, you could have spent less money

Thanks Damelon. I just tweeted your website =)

nakaone

hero member

Activity: 742

Merit: 500

some day it should be user-friendly - no person can handle a real 30+ random character password. for creating, well that is needed, but please make sure that the user gets a way (probably 2-Factor Securitized) Password for day to day usage

iruu

full member

Activity: 148

Merit: 100

It's easy to defeat bruteforce.

Instead of using the password for account, use the password as an input for PBKDF2 with number of iterations inversely related to password's length.
The relation: one second for safe passwords, longer for unsafe, let's say it's 15 second for something like "apple".

This makes bruteforcing much harder even for short passwords.

It's possible to add a second simple field, even an user's real name, and use it as a salt. The combination would make bruteforcing almost impossible.

For compatibility with other accounts, it's enough to add a checkbox 'use older password system'.

I can implement this in JS. Jitted JS in new browsers is fast enough. I asked Jean-Luc if he would include this if I did (no point writing only for myself - I have a secure password) but he wasn't interested.

https://forums.nxtcrypto.org/viewtopic.php?f=17&t=557

NxtChg

hero member

Activity: 840

Merit: 1002

Simcoin Developer

Quote from: opticalcarrier on January 24, 2014, 05:04:10 PM

Also should include a small ntp client and check accuracy of pc clock. This will prevent TONS off issues when nxt goes very large. Will end up saving us lots of headache in future

Can't we just ask several peers what the latest timestamp is and see if we're in the ballpark?

Heck, we might even do our own local "timezone" this way and disregard user's time completely.

opticalcarrier

full member

Activity: 238

Merit: 100

Quote from: coolmist on January 24, 2014, 05:00:12 PM

Quote from: gs02xzz on January 24, 2014, 04:36:27 PM

Client should enforce 30+ characters pass phrase with letters, numbers, special letters, uppercase, and lowercase requirement.

+1000

Some people don't know how this type of wallet works...

Also should include a small ntp client and check accuracy of pc clock. This will prevent TONS off issues when nxt goes very large. Will end up saving us lots of headache in future

Damelon

legendary

Activity: 1092

Merit: 1010

Quote from: Passion_ltc on January 24, 2014, 04:59:14 PM

Quote from: bitcoinpaul on January 24, 2014, 04:53:33 PM

Quote from: Fatih87SK on January 24, 2014, 04:48:37 PM

Quote from: bitcoinpaul on January 24, 2014, 04:36:58 PM

Quote from: Fatih87SK on January 24, 2014, 04:33:56 PM

Started with my blog. Click at "NXT News" to take a glimpse.

I will add important news of the past to complete it.

http://ilgunf.wix.com/nxtmovement

When I post something new. I will tweet it at https://twitter.com/NXTmovement

You need to get rid of this advertising stuff. Domains are cheap nowadays.

Have a look at nxtion.com, nxtcrypto.org, mynxt.org, ...

I'm an Interior Architect. This is how much I can do with my knowledge. Enjoying doing it. I wish I could do it without the help of the wix plugins and could host it etc. Wix offer me to get rid of the advertising for 12 euros per month. Maybe I will do that if it succeeds.

If I don't succeed in inspiring people about NXT than so be it.

12€/month is expensive Shocked

rip-off

I pay 11$ / 8€ each month for 5 domains, 100gb space and unlimited traffic. Normal webhosting. Fatih, you should consider this. You will learn a lot. Wink

If Fatih feels comfortable doing it his way, it's his call.
I think it's great that people do something at the level of competence that they have.
If he keeps the work up, he will learn.

But yes, you could have spent less money

rickyjames

full member

Activity: 196

Merit: 100

Quote from: NxtChg on January 24, 2014, 04:02:22 PM

Quote from: artila on January 24, 2014, 03:59:03 PM

Great, there goes my NXT experience. Hope you all do well. I have myself to blame.

Ok, we need good random generators included in all clients.

And when you create a new wallet, it should pre-fill your passphrase with 40 or something long random string.

And won't allow you to continue, until you click a small checkbox "Yes, I saved this passphrase somewhere".

+1000.

...saved this passphrase somewhere...ON PAPER.

And a checkbox that they did a SHA-256 file check.

And a strong warning about keyloggers.

NXT is so security critical that we have GOT to do some serious handholding / education for new users during the initial client setup!!!

Fatih87SK

hero member

Activity: 616

Merit: 500

Quote from: Passion_ltc on January 24, 2014, 04:59:14 PM

Quote from: bitcoinpaul on January 24, 2014, 04:53:33 PM

Quote from: Fatih87SK on January 24, 2014, 04:48:37 PM

Quote from: bitcoinpaul on January 24, 2014, 04:36:58 PM

Quote from: Fatih87SK on January 24, 2014, 04:33:56 PM

Started with my blog. Click at "NXT News" to take a glimpse.

I will add important news of the past to complete it.

http://ilgunf.wix.com/nxtmovement

When I post something new. I will tweet it at https://twitter.com/NXTmovement

You need to get rid of this advertising stuff. Domains are cheap nowadays.

Have a look at nxtion.com, nxtcrypto.org, mynxt.org, ...

I'm an Interior Architect. This is how much I can do with my knowledge. Enjoying doing it. I wish I could do it without the help of the wix plugins and could host it etc. Wix offer me to get rid of the advertising for 12 euros per month. Maybe I will do that if it succeeds.

If I don't succeed in inspiring people about NXT than so be it.

12€/month is expensive Shocked

rip-off

I pay 11$ / 8€ each month for 5 domains, 100gb space and unlimited traffic. Normal webhosting. Fatih, you should consider this. You will learn a lot. Wink

But when I finally have learned it. NXT is already on da m00n! So I chose the quick way =)

When I finish this one. I will start with your advice. Thanks!

opticalcarrier

full member

Activity: 238

Merit: 100

I just had the most awesome idea......

When will the asset exchange come out of holms test system? The reason i ask is because of the upcoming ethereum launch. If asset exhange is live then we should invite them to create the asset and issue ethereum units inside NxT.

How well will they take that?

coolmist

newbie

Activity: 56

Merit: 0

Quote from: gs02xzz on January 24, 2014, 04:36:27 PM

Client should enforce 30+ characters pass phrase with letters, numbers, special letters, uppercase, and lowercase requirement.

+1000

Some people don't know how this type of wallet works...

Passion_ltc

hero member

Activity: 714

Merit: 500

Crypti Community Manager

Quote from: bitcoinpaul on January 24, 2014, 04:53:33 PM

Quote from: Fatih87SK on January 24, 2014, 04:48:37 PM

Quote from: bitcoinpaul on January 24, 2014, 04:36:58 PM

Quote from: Fatih87SK on January 24, 2014, 04:33:56 PM

Started with my blog. Click at "NXT News" to take a glimpse.

I will add important news of the past to complete it.

http://ilgunf.wix.com/nxtmovement

When I post something new. I will tweet it at https://twitter.com/NXTmovement

You need to get rid of this advertising stuff. Domains are cheap nowadays.

Have a look at nxtion.com, nxtcrypto.org, mynxt.org, ...

I'm an Interior Architect. This is how much I can do with my knowledge. Enjoying doing it. I wish I could do it without the help of the wix plugins and could host it etc. Wix offer me to get rid of the advertising for 12 euros per month. Maybe I will do that if it succeeds.

If I don't succeed in inspiring people about NXT than so be it.

12€/month is expensive Shocked

rip-off

I pay 11$ / 8€ each month for 5 domains, 100gb space and unlimited traffic. Normal webhosting. Fatih, you should consider this. You will learn a lot. Wink

Topic: NXT :: descendant of Bitcoin - Updated Information - page 1375. (Read 2761650 times)