Topic: NXT :: descendant of Bitcoin - Updated Information - page 421. (Read 2761638 times)

No

We need NXT ATMs.

http://arstechnica.com/information-technology/2014/03/ars-buys-bitcoins-at-one-of-the-countrys-only-bitcoin-atms/

The advantage of a larger dictionary like diceware is that a 10 words passphrase would be as strong as a 12 words passphrase with the electrum dictionary. Am I right? Just a little more convenient for the end user.

To quote Eadeqa, "Huh? I never mentioned yubikey. I think that's for 2-factor authentication. It won't even work with Nxt as Nxt is local login to NRS. "

Yubikey has a second slot for a user programmed static password.  The second slot is not involved with 2-factor authentication by server.

I understand that we are attempting to provide a mechanism for users to create (or REQUIRE) strong passwords; however I am looking at ease of use while preserving security.

In my proposed use case I program my 32 character password to the Yubikey.  As I login to Nxt, I type a phrase known to me (longer than 18 characters) and then press the Yubikey button for 2-3 seconds to trigger the Yubikey to enter the stored static password and the Enter key at the end.

Presto chango - Pseudo 2-factor authentication with no third party validation servers required.

If Wesley implements his interface requiring random password generation it locks out users that would like to implement what I described above out of the ability to login securely with the described Yubikey use case.

Can Passphrase generation on Wesleyh client show password entropy and Strength as the Passphrase is input (before Account creation)?
Can I use my own strong password if I choose to so that I can use a Yubikey in pseudo 2-factor authentication.

I hope I am being clear enough.

That's why i propose a reminder at the 5th or 10th of the client to backup/encrypt the wallet.dat

This is dangerous. They need to know where it is so they can back it up for future use (different computer, hard drive crashes, etc).  Otherwise, just leave it as it is. They just need to save the generated passphrase. They won't be able to login without the passphrase, so it's safe to assume they saved it.

I see.

Do you think the masterchain will need to achieve 1000 TPS?

me either, but logically it just makes more sense in that if we have an option where we get fewer fingers pointing our way, then that method will be the way that NXT will spread larger/faster.  A nxtwallet.dat file by default gives us that.

For the sake of focused Nxt projects, let's please get some more minds posting here:

https://bitcointalksearch.org/topic/nxt-automated-transactions-at-progress-and-discussion-463731 - Nxt AT

&

https://bitcointalksearch.org/topic/nxt-cross-chain-transaction-3m-to-5m-bounty-498898 - Nxt X-chain transactions

Ty for looking at it.

Its true what you say.The URL thing can make it safer in bitcoin,because hackers dont know if the wallet used this system.But would be useless in Nxt,if all the wallets used this.

I brought this up, in the original TF thread I think it was, the answer was that the forging pools that publish IP address so as to participate in TF will also require some DDoS protection, be it actual hardware in the case of owned/operated forging equipment or as a cloud service in the case of using a VPS.

This is why in the long run, using odroid/RPi forging devices as a network in a TF enabled system will be a no go.

+1, would love to see the development committee start a thread with projects listed with deadlines.  

Rickyjames seems to be the perfect person to head this up!

Well, if this is the default method, a "hacker" would simply use the same encryption method on the brain password to get the "real" passphrase. Or am I wrong, anyone?

Thats why im not a programmer,and maybe its just stupid,hahah. But at least it made you create a more than 30 characters long easy to remember passphrase with numbers and letters,and symbols could be added and mandatory.

The idea is that nxttrialnxtsecondgenerationnxt123456 --> 5KACFTu5aESZQ7THmSpgkFkew9J8EJRhSeuNWuBmEkcGhE28yGk (longer for nxt), which would be the Nxt passphrase,but maybe it is useless for security

What's the difference between this and simply having the brain password:

nxttrialnxtsecondgenerationnxt123456?

Might have been me, but I did say it needs to be made stupid proof.

But make no mistake it is stupidity for anyone to lose their NXT because of a bad password even on the NRS client as it is.

I can understand someone being a little lax when making an email password or something but when you're investing thousands of dollars into a new technology I would think any reasonably smart person would take a degree of extra caution.

I studied bitcoin for a full week straight before I bought my first hundred dollars worth.

I think part of it is on-line banking, which lets you get away with weak passwords. People think "if it's ok for my bank should be ok here"

I'm not saying these people are "non-functioning" stupid, but they are stupid nonetheless. I think it's kind of similar to the people who
don't like bothering with reading the manual when they are putting together something complicated from IKEA. They are confident they'll figure it out and just start putting it together. Usually they swear a lot while doing it and mess up a couple of times.

With crypto the consequences are more dire. You cannot screw up even once.

It's hard for me to garner a lot of sympathy for these people.

Im not a programmer,but i guess URL could be excluded.This is just how this site works.I found it in a tweet from Antonopoulos, supporting this.What i think is useful is the idea.

Just try it and take the idea.It will even show you the bitcoin private key the wallet generated if you want to save it somewhere.
It could let people use 2 or 3 easy passwords,and a PIN,easy to remember,and create the NXT passphrase from there

For example,putting
account name : nxttrial
passphrase: nxtsecondgeneration
extra salt: nxt
pin : 123456

This gives access to the publid bitcoin ID 1Ax7FXk9Q8oneRpkPv9GzMyi6gjf4y6Sg5
If you click backup, it gives you the QR code and the private key : 5KACFTu5aESZQ7THmSpgkFkew9J8EJRhSeuNWuBmEkcGhE28yGk

So you are not saving it anywhere,it keeps the essence of Nxt brain wallet.

Its a pain but http://wiki.nxtcrypto.org/wiki/Nxt_API#Get_trades
gives you enough info to figure out transaction history. I had to do that to reconcile current asset balances based on transactions (trades and transfers) as compared to what NXT core returns as current asset balance.

James

Is DoS expected to be more of a problem with TF than regular forging?   If we can guess who will forge the next block with a high degree of probability, won't an attacker do the same?

If this was already discussed, can someone point me to it?  I'd like to find more detailed information on how TF is planned to be implemented.


edit -
Just noticed this is mentioned in the faq, but not really answered fully.

http://www.thenxtwiki.org/wiki/FAQ - "This is possible. If it is a concern for you, you should run your Nxt software through a personal VPN service or Tor. "

10 words