NXT :: descendant of Bitcoin - Updated Information - page 2440.

BitThink

legendary

Activity: 882

Merit: 1000

Quote from: ImmortAlex on December 05, 2013, 11:17:14 PM

Variant of user-friendly approach is to integrate some kind of password weakness test.
Or, at least, add a link to some online checking service (I saw something like that), which will guide user to select good passphrase.

It's dangerous to test your phrase online. People could record them and add to their dictionary. Currently the only valid way is to restrict the minimum length. Even the entropy is low, unless you are using a sentence from books, a pass phrase of 30 characters should be pretty safe for normal accounts.

ImmortAlex

hero member

Activity: 784

Merit: 501

Variant of user-friendly approach is to integrate some kind of password weakness test.
Or, at least, add a link to some online checking service (I saw something like that), which will guide user to select good passphrase.

msin

legendary

Activity: 1470

Merit: 1004

Quote from: ImmortAlex on December 05, 2013, 10:50:38 PM

Quote from: Chang Hum on December 05, 2013, 06:33:55 PM

Why can't an address be created that you associate a password with like Bitcoin?

It's just a different approach.

Either you have wallet.dat file with private keys which you must hold in dark cold place, affraid of viruses, bad blocks and your mom cleaning room early morning. Or you have just long passphrase associated - in your brain olny! - with some good old times when grass was greener and light was brighter... oh, nevermind

Both ways have some weak points, both required to understand things, both give you good ability to lost everything you have.

And I not even speak about thermorectal cryptoanalysis! Cheesy

Ha, very nice! I agree with you, both have weak points. People can stress about a wallet file on their desktop that could be stolen, destroyed with the computer, etc.. I think there are ways to improve security with Nxt model, such as limiting unlock attempts per minute for a specific IP, or perhaps locking a specific Nxt address to an IP as an option for the user, so you could only login from a specific IP address, etc.. There is room for improvement and the good thing about Nxt is you won't get the online hosted wallet thefts like BTC is seeing.

ImmortAlex

hero member

Activity: 784

Merit: 501

Quote from: Chang Hum on December 05, 2013, 06:33:55 PM

Why can't an address be created that you associate a password with like Bitcoin?

It's just a different approach.

Either you have wallet.dat file with private keys which you must hold in dark cold place, affraid of viruses, bad blocks and your mom cleaning room early morning. Or you have just long passphrase associated - in your brain olny! - with some good old times when grass was greener and light was brighter... oh, nevermind

Both ways have some weak points, both required to understand things, both give you good ability to lost everything you have.

And I not even speak about thermorectal cryptoanalysis! Cheesy

BitThink

legendary

Activity: 882

Merit: 1000

Quote from: 2Kool4Skewl on December 05, 2013, 09:51:54 PM

Quote from: BitThink on December 05, 2013, 09:38:50 PM

Quote from: bizz on December 05, 2013, 05:23:24 PM

Quote from: Kyune on December 05, 2013, 05:13:16 PM

Quote from: Come-from-Beyond on December 05, 2013, 03:57:37 PM

Added warning for secret phrases < 30 symbols.

Unlike Bitcoin, Nxt presently relies solely on brainwallets as the means of user authentication. There is no "cold storage" alternative offered. I see this security model as a vulnerability, and as future PR problem hurting mainstream adoption if Nxt coin heists do start happening. Brainwallets are surprisingly tough to get right for the unsophisticated user.

I just disconnected from Internet, started the client & generated offline cold storage address (wallet).

Then you have no way to put any Nxt into this address.

You can generate an address offline and then deposit funds to it.

Yes, but it does not solve the problem. Once people knows the brain-wallet password, he can withdraw the money on any computer. It does not matter whether you create the address online or offline. Creating an address offline only avoid sniffering, but cannot avoid dictionary attacks at all.

2Kool4Skewl

sr. member

Activity: 644

Merit: 250

Quote from: BitThink on December 05, 2013, 09:38:50 PM

Quote from: bizz on December 05, 2013, 05:23:24 PM

Quote from: Kyune on December 05, 2013, 05:13:16 PM

Quote from: Come-from-Beyond on December 05, 2013, 03:57:37 PM

Added warning for secret phrases < 30 symbols.

Unlike Bitcoin, Nxt presently relies solely on brainwallets as the means of user authentication. There is no "cold storage" alternative offered. I see this security model as a vulnerability, and as future PR problem hurting mainstream adoption if Nxt coin heists do start happening. Brainwallets are surprisingly tough to get right for the unsophisticated user.

I just disconnected from Internet, started the client & generated offline cold storage address (wallet).

Then you have no way to put any Nxt into this address.

You can generate an address offline and then deposit funds to it.

Kodoka

member

Activity: 63

Merit: 10

Quote from: Come-from-Beyond on December 05, 2013, 04:18:13 PM

Quote from: Kodoka on December 05, 2013, 04:07:29 PM

I remember seeing that the network needed more well-know addresses. Do we still need more of those, and if so, how do I volunteer?

Yes, we need more. Post ur IP/domain.

My IP is: 69.146.88.14.

BitThink

legendary

Activity: 882

Merit: 1000

Quote from: bizz on December 05, 2013, 05:23:24 PM

Quote from: Kyune on December 05, 2013, 05:13:16 PM

Quote from: Come-from-Beyond on December 05, 2013, 03:57:37 PM

Added warning for secret phrases < 30 symbols.

Unlike Bitcoin, Nxt presently relies solely on brainwallets as the means of user authentication. There is no "cold storage" alternative offered. I see this security model as a vulnerability, and as future PR problem hurting mainstream adoption if Nxt coin heists do start happening. Brainwallets are surprisingly tough to get right for the unsophisticated user.

I just disconnected from Internet, started the client & generated offline cold storage address (wallet).

Then you have no way to put any Nxt into this address.

lyynx

sr. member

Activity: 380

Merit: 275

Quote from: Taxidermista on December 05, 2013, 06:25:34 PM

After 38 hours my NXT deposit at dgex.com is still PENDING.

This is not the dgex.com forum, either go to their dedicated forum thread http://nextcoin.org/index.php/topic,3.0.html or send them an email.

Chang Hum

hero member

Activity: 714

Merit: 502

Quote from: mcjavar on December 05, 2013, 06:45:20 PM

Quote from: Chang Hum on December 05, 2013, 06:38:52 PM

Quote from: mcjavar on December 05, 2013, 06:31:39 PM

Quote from: mcjavar on December 05, 2013, 10:19:37 AM

I am reading about NXT a lot, but still can´t understand how the calculation and validation is working?

Is my PC actually doint anything if I am running the client? Wht does it mean if I process a block? What happens in the background? (I would also try to summarize it and add it to the FAQ if I would understand that)

Could someone please answer this?

As I understand it running your client helps confirm transactions, confirming transactions rewards you from transaction fees based on how many coins you already have (more coins, higher reward).

But hw does the confirmation works? What is my client doing?

In the client area you'll see strings of numbers constantly flickering and changing in the peers and blocks area. These set's of flickering numbers are like happy mini robots that will work day and night to make the chain successful. Sorry don't know.

mcjavar

hero member

Activity: 784

Merit: 500

Quote from: Chang Hum on December 05, 2013, 06:38:52 PM

Quote from: mcjavar on December 05, 2013, 06:31:39 PM

Quote from: mcjavar on December 05, 2013, 10:19:37 AM

I am reading about NXT a lot, but still can´t understand how the calculation and validation is working?

Is my PC actually doint anything if I am running the client? Wht does it mean if I process a block? What happens in the background? (I would also try to summarize it and add it to the FAQ if I would understand that)

Could someone please answer this?

As I understand it running your client helps confirm transactions, confirming transactions rewards you from transaction fees based on how many coins you already have (more coins, higher reward).

But hw does the confirmation works? What is my client doing?

Chang Hum

hero member

Activity: 714

Merit: 502

Quote from: mcjavar on December 05, 2013, 06:31:39 PM

Quote from: mcjavar on December 05, 2013, 10:19:37 AM

I am reading about NXT a lot, but still can´t understand how the calculation and validation is working?

Is my PC actually doint anything if I am running the client? Wht does it mean if I process a block? What happens in the background? (I would also try to summarize it and add it to the FAQ if I would understand that)

Could someone please answer this?

As I understand it running your client helps confirm transactions, confirming transactions rewards you from transaction fees based on how many coins you already have (more coins, higher reward).

Chang Hum

hero member

Activity: 714

Merit: 502

Quote from: idev on December 05, 2013, 06:21:42 PM

Quote from: demols on December 05, 2013, 06:19:35 PM

Quote from: bizz on December 05, 2013, 05:23:24 PM

Quote from: Kyune on December 05, 2013, 05:13:16 PM

Quote from: Come-from-Beyond on December 05, 2013, 03:57:37 PM

Added warning for secret phrases < 30 symbols.

Unlike Bitcoin, Nxt presently relies solely on brainwallets as the means of user authentication. There is no "cold storage" alternative offered. I see this security model as a vulnerability, and as future PR problem hurting mainstream adoption if Nxt coin heists do start happening. Brainwallets are surprisingly tough to get right for the unsophisticated user.

I just disconnected from Internet, started the client & generated offline cold storage address (wallet).

How to change the secret phrases ?

Passwords can not be changed. You will need to create a new account with a new password.

Why can't an address be created that you associate a password with like Bitcoin? aside from what's happened to my account which admittedly could have been due to my own failures/recent bitcointalk problems, if you want scale-ability the current set up will surely lead to problems as the user volume gets higher even with long phrases. You'll no doubt have phrases that will have been memorized by more than one user leading to a security floor. Even using Sha256, leads back to the original password or phrase!

mcjavar

hero member

Activity: 784

Merit: 500

Quote from: mcjavar on December 05, 2013, 10:19:37 AM

I am reading about NXT a lot, but still can´t understand how the calculation and validation is working?

Is my PC actually doint anything if I am running the client? Wht does it mean if I process a block? What happens in the background? (I would also try to summarize it and add it to the FAQ if I would understand that)

Could someone please answer this?

Taxidermista

legendary

Activity: 1148

Merit: 1001

After 38 hours my NXT deposit at dgex.com is still PENDING.

idev

hero member

Activity: 860

Merit: 1004

BTC OG and designer of the BitcoinMarket.com logo

Quote from: demols on December 05, 2013, 06:19:35 PM

Quote from: bizz on December 05, 2013, 05:23:24 PM

Quote from: Kyune on December 05, 2013, 05:13:16 PM

Quote from: Come-from-Beyond on December 05, 2013, 03:57:37 PM

Added warning for secret phrases < 30 symbols.

Unlike Bitcoin, Nxt presently relies solely on brainwallets as the means of user authentication. There is no "cold storage" alternative offered. I see this security model as a vulnerability, and as future PR problem hurting mainstream adoption if Nxt coin heists do start happening. Brainwallets are surprisingly tough to get right for the unsophisticated user.

I just disconnected from Internet, started the client & generated offline cold storage address (wallet).

How to change the secret phrases ?

Passwords can not be changed. You will need to create a new account with a new password.

nexern

hero member

Activity: 597

Merit: 500

Quote from: GCInc. on December 05, 2013, 06:10:28 PM

Quote from: nexern on December 05, 2013, 06:04:24 PM

great, this one looks fine. a poll intervall of 3 min. is ok?

Yea no problem with that, a static file it's hopefully gonna carry some decent load before throttle limiting needs to be considered.

very good, thanks. tomorrow i will process this data and link to your site.
please give me a note if poll frequency need to be lowered to save your
bandwith.

demols

newbie

Activity: 18

Merit: 0

Quote from: bizz on December 05, 2013, 05:23:24 PM

Quote from: Kyune on December 05, 2013, 05:13:16 PM

Quote from: Come-from-Beyond on December 05, 2013, 03:57:37 PM

Added warning for secret phrases < 30 symbols.

Unlike Bitcoin, Nxt presently relies solely on brainwallets as the means of user authentication. There is no "cold storage" alternative offered. I see this security model as a vulnerability, and as future PR problem hurting mainstream adoption if Nxt coin heists do start happening. Brainwallets are surprisingly tough to get right for the unsophisticated user.

I just disconnected from Internet, started the client & generated offline cold storage address (wallet).

How to change the secret phrases ?

GCInc.

hero member

Activity: 566

Merit: 500

Quote from: nexern on December 05, 2013, 06:04:24 PM

great, this one looks fine. a poll intervall of 3 min. is ok?

Yea no problem with that, a static file it's hopefully gonna carry some decent load before throttle limiting needs to be considered.

nexern

hero member

Activity: 597

Merit: 500

Quote from: GCInc. on December 05, 2013, 06:00:55 PM

Quote from: nexern on December 05, 2013, 05:50:43 PM

btw, the output is a valid json standard or is there a missing comma after each array?
one more thing, if you add a unix timestamp to each array, time math and aggregations
for data visualisations are much easier and faster. could you add this to your cgi output?

Yes, feel free to use the ticker. Timestamp added, please use a less resource intensive version at

http://dgex.com/API/trades.json

It updates on the server once every minute.

great, this one looks fine. a poll intervall of 3 min. is ok?

Topic: NXT :: descendant of Bitcoin - Updated Information - page 2440. (Read 2761629 times)