Topic: NXT :: descendant of Bitcoin - Updated Information - page 1963. (Read 2761645 times)

if you just reduce the cost of forging down to ~0 than the low incentive wont matter. thats the point im trying to make. of course this can only come with time as third party developers make better client applications but this is what we should be focusing on. not pooled mining.

The problem with using an authenticator, in their current forms, is that they rely on a centralized point -- google, a SMS gateway, whatever.  

That, and it'd need multisig implemented.

Except the multisig, this is something that a NXT service provider could solve, I think.  I imagine it would work like this:

A group of nodes would run a parallel blockchain for the NXT2SMS functions.  These nodes would use transparent forging between themselves to maintain their N2S blockchain.  When you need to send a SMS, you would pay a fee and have a payload as an arbitrary message on the main blockchain.  The N2S nodes would notice the payload and decide who on their blockchain gets to collect the fee and transmit whatever is represented in the payload over SMS.  The one who generates the SMS is also the one who does the other side of the multisig to release the funds.

There's lots of hand-waving in the above paragraph because I don't know exactly how the core NXT functions that this is build upon will operate as they're yet to be released, but it's the general idea.

The hardware for the SMS transmission is the simple part as that already exists as an off-the-shelf solution: a smartphone or, for the more hardware hacker oriented, a GSM/GPRS module and an Arduio/RPi/etc to interface to it.

I might have overlooked something, however.

oh wait, since which version is it all 256 bits? )

You are probably right - but you can't be sure.   And this difference between "probably right / probably safe" and "sure / certain" is the shadow of doubt that the public mind will seize upon that will hinder widespread adaptation of NXT.  Bitcoin will always be able to claim an air gap option that we will not.  Getting ahead of this with some form of account freeze blockchain option / two step authentication scheme is the right thing to do.

As long as I'm wishing for a shiny new security add-on that allows frozen accounts that would take NXT out of circulation, I would also note that tabulating from the blockchain just how much NXT was indeed frozen and OUT of circulation helps the market know just how much is IN circulation - and would be an upward pressure on NXT prices.

If u use truly random password then u r ok. Recent horror stories r just black PR tricks.

Ok so when a new client arises is it reccomended that all users create new accounts? All current nrs accounts are currently at risk?
Some of these horror storys have me spooked a bit. I have a 50+ random password but still dont feel secure if im honest

Who will store the seed that used for Google auth?

CfB

If the client runs all the authentication software, where is the centralization?
Nxt is java running on each node, if that node ran all the authentication software, how is that centralized? Pop3 and smtp are not so much to add into client is it? I cant imagine adding support for google authenticator in the client is impossible. The part i can't figure out is how to have an api that enforces the additional security, at worst all the nodes would have to run google authenticator verification on all transactions. Difficult, but not impossible.

Ok, sms probably not good to have a zillion verification texts senta to your cellphone, but google authenticator has a dynamically changing code for each acct, if there was a authenticator alias for an acct could that be used by all nodes to enable validation before sending of funds?

James

New clients r supposed to generate keys with higher entropy (all 256 bits). All successful attacks were on low-entropy keys only.

BCNext was forced to offer such the way coz small stakeholders won't bother with forging due to very high variation. Less coins forge - cheaper attacks.

Both bitcoin and nxt generate your address from a 256bit key.
The only problem is that bitcoin generates your private key while nxt uses sha256(pass) to get your private key.

I think a lot of people would feel safer letting nxt itself generate the private keys.

Even if it is a client issue. Wouldnt the hacker just continue to use nrs? Instead of targeting accounts thru a new client with extra security?
Will nrs always be able to connect u to ur account even if a new client comes out

I think this is the wrong way. what we need are clients that fore seamlessly, so even though the chance of winning will be minuscule, there will no no cost to forging, no barrier to entry so people will do it anyway. People pay to play the lottery now don't they? This lottery would be free to play, i think there is definitely some appeal there for users.

This is client issue. U should ask Nxt client devs to use wallet.dat approach.

Who want the Nike justdoit alias ? just contact me

Dude, it's time to roll out the Nike slogan:  Just Do It.

 Hackers cannot easily target specific accts, but they automatically target all accounts at once
It is like parallel mining of btc and nmc at the same time, but it is parallel mining of all nxt accts, so the more nxt accts the higher the probability of getting a hit.

The only defense against this i can see, other than additional security in the client and or core, is to split up your funds into tiny amounts across many accts. of course this just increases the hackers chances that much more, but at least you only lose a small percentage of what you have instead of all

This is a SERIOUS issue and responses like get a stronger password are not responsive. We need an actial solution to this problem, BCNext you are our only hope!

James

Fantastic! I was hoping this would be implemented! I have big ideas for applications of this. Will keep you guys posted.

Thanks,
Al

Nxt is decentralized. Email verification, google authenticator and even cellphone SMS require centralization.