Just give him the password 
This would blow his mind.
Topic: NXT :: descendant of Bitcoin - Updated Information - page 425. (Read 2761640 times)
This would blow his mind.
WARNING !!!!!
I have stopped looking at NXT and you should consider the same.
It seems to be possible to generate NXT out of thin air
Take a look at this account: http://87.230.14.1/nxt/nxt.cgi?action=3000&acc=1739068987193023818
He sends around millions of NXT that he does not have. No problem doing this, because his account balance is able to become negative without any restriction.
If I would hold NXT i would feel betrayed.
I have stopped looking at NXT and you should consider the same.
It seems to be possible to generate NXT out of thin air
Take a look at this account: http://87.230.14.1/nxt/nxt.cgi?action=3000&acc=1739068987193023818
He sends around millions of NXT that he does not have. No problem doing this, because his account balance is able to become negative without any restriction.
If I would hold NXT i would feel betrayed.
Thank you for looking at the GENESIS BLOCK!
Just give him the password
I bring forward a motion for Jean-Luc to modify the NRS client to check string length of the passphrase and reject it if less than 15 characters AND it has zero transactions. (dont want to lock out any people that do have NXT with a 15 char password)
what will happen if the user has already sent a fund to this less-than-15-chars-passphrase account but the fund has not been conformed and shown up in the balance yet? Should not allow to create a less than 35 chars pass phrase in the first place.
Ok, wesleyh. Great work! This is exactly what we need.
- we should clarify the security of this
- change the wording to "create" (instead of "register") and "passphrase of existing account" (instead of "passphrase") maybe
- we should clarify the security of this
- change the wording to "create" (instead of "register") and "passphrase of existing account" (instead of "passphrase") maybe
Wesleyh, Good work on the nxtra.org client. I would like to be able to use my yubikey with a random static password that I append to a phrase. If the random number generator is required that may not be possible. Thoughts?
Here's my new logic for my client http://nxtra.org/nxt-client (to be available later today, not yet uploaded)
Start page:
Can we get only "Login" and "Register" links here without the field to enter any random password as first option?
I bring forward a motion for Jean-Luc to modify the NRS client to check string length of the passphrase and reject it if less than 15 characters AND it has zero transactions. (dont want to lock out any people that do have NXT with a 15 char password)
Here's my new logic for my client http://nxtra.org/nxt-client (to be available later today, not yet uploaded)
Start page:
Can we get only "Login" and "Register" links here without the field to enter any random password as first option?
The method ''diceware'' is the best method 
.
. I bring forward a motion for Jean-Luc to modify the NRS client to check string length of the passphrase and reject it if less than 15 characters AND it has zero transactions. (dont want to lock out any people that do have NXT with a 15 char password)
Here's my new logic for my client http://nxtra.org/nxt-client (to be available later today, not yet uploaded)
Start page:
Can we get only "Login" and "Register" links here without the field to enter any random password as first option?
After clicking "Login" then the user will be able to enter the old password.
Also, I think if the user chooses his own password, 35 is way too long. Maybe drop that to 25
35 is what is shown in the current NRS client, I just took the same number.
I'm not a fan of only showing login and register links.
I could add a localStorage field that checks whether or not it's the first time you access the page and then and only then hide it? (Second time you get the field immediately)
hm, I'm not sure if that is perfect...
35 random characters (let's say from 50 different characters, numbers and signs) gives 10^59 possibilities.
12 words (or characters) out of 1626 are "only" 10^38 possibilites...
diceware could be used instead if that's what the people want. More than 7000 in their db. More difficult words though.
Let's hear opinions of other experts!
hm, I'm not sure if that is perfect...
35 random characters (let's say from 50 different characters, numbers and signs) gives 10^59 possibilities.
12 words (or characters) out of 1626 are "only" 10^38 possibilites...
I bring forward a motion for Jean-Luc to modify the NRS client to check string length of the passphrase and reject it if less than 15 characters AND it has zero transactions. (dont want to lock out any people that do have NXT with a 15 char password)
Here's my new logic for my client http://nxtra.org/nxt-client (to be available later today, not yet uploaded)
Start page:
Can we get only "Login" and "Register" links here without the field to enter any random password as first option?
After clicking "Login" then the user will be able to enter the old password.
Also, I think if the user chooses his own password, 35 is way too long. Maybe drop that to 25
Here's my new logic for my client http://nxtra.org/nxt-client (to be available later today, not yet uploaded)
This is absolutely great!
- Change "register" to "create" (Not an Account yet? Create one)
- order and capitalization matters
edit: In the future, I would like to see an option for storing the passphrase in a wallet file.
Example of where order and capitalization is wrong?
Wallet.dat may be done in the future.
I meant: "their order and capitalization matters
I bring forward a motion for Jean-Luc to modify the NRS client to check string length of the passphrase and reject it if less than 15 characters AND it has zero transactions. (dont want to lock out any people that do have NXT with a 15 char password)
Thoughts?
Are those 12 words that will be generated safe enough? Because I see no capitals and no #&(*&!#* or something.
Depends on the size of the dictionary. Wesleyh?
electrum database. (1626 words)
Larger diceware database could also be used.. if that's what the people want.
Here's my new logic for my client http://nxtra.org/nxt-client (to be available later today, not yet uploaded)
This is absolutely great!
- Change "register" to "create" (Not an Account yet? Create one)
- order and capitalization matters
edit: In the future, I would like to see an option for storing the passphrase in a wallet file.
Example of where order and capitalization is wrong?
Wallet.dat may be done in the future.
I bring forward a motion for Jean-Luc to modify the NRS client to check string length of the passphrase and reject it if less than 15 characters AND it has zero transactions. (dont want to lock out any people that do have NXT with a 15 char password)
Thoughts?
Are those 12 words that will be generated safe enough? Because I see no capitals and no #&(*&!#* or something.
Depends on the size of the dictionary. Wesleyh?
I bring forward a motion for Jean-Luc to modify the NRS client to check string length of the passphrase and reject it if less than 15 characters AND it has zero transactions. (dont want to lock out any people that do have NXT with a 15 char password)
Thoughts?
Are those 12 words that will be generated safe enough? Because I see no capitals and no #&(*&!#* or something.
Here's my new logic for my client http://nxtra.org/nxt-client (to be available later today, not yet uploaded)
This is absolutely great!
- Change "register" to "create" (Not an Account yet? Create one)
- order and capitalization matters
edit: In the future, I would like to see an option for storing the passphrase in a wallet file.
But the bias is very small, right? I mean, extremely minute, right, by like .0001 or something like that, right? At least this is how I understand it from the other thread where this was discussed.
Bias depends on BaseTarget. At some point we'll have to set it in stone and this will define the bias.
I bring forward a motion for Jean-Luc to modify the NRS client to check string length of the passphrase and reject it if less than 15 characters AND it has zero transactions. (dont want to lock out any people that do have NXT with a 15 char password)
Here's my new logic for my client http://nxtra.org/nxt-client (to be available later today, not yet uploaded)
Start page:
When clicking on the "not registered" link:
(first image is only necessary in older browsers, the newest browsers have cryptographically random numbers built in)
Secret phrase is auto generated
User is required to re-type the secret phrase
The user can still choose his own password too...
If you log in with an insecure password, you get a warning
Thoughts?
Jump to: