Pages:
Author

Topic: NXT :: descendant of Bitcoin - Updated Information - page 43. (Read 2761629 times)

hero member
Activity: 490
Merit: 504
1) creating account
- I can generate 12 words or choose a picture from computer
- my pass will be saved into wallet.dat if I want
- it will tell me how to backup my password

2) using account
- it will never ask for my password, if I chose to use wallet.dat
- NXT payments will be able to be approved by a creadit card, by a smartphone, by smart watch via android and other devices. If I go to the shop, I want to buy one apple for 5 Nxt by using my NXT credit card or smart device

Don't forget about ACCOUNT CONTROL! You will have limits on spending Nxt from your accounts, so it is like our credit card limits
hero member
Activity: 644
Merit: 500
I like the general idea of using hashes of files. But I think it confuses the hell out of users (especially with images). Passphrase/Wallet situation would be criticized even more.

I didn't say it should be implemented, but I am throwing an idea which is pretty safe (much safer than wallet.dat with private keys in it).  It's hard to write malware to steal wallet.dat when the   wallet could be any random file (or combination of random files) on the computer.


This is good idea! I also thought the same thing a while back. People can remember pics much better than most things. The one weakness is that if somebody knows you a bit and you dont have that many pics to choose from, they would be able to find the right one if they ever got access to your computer

If someone has access to your computer and wants to harm you, then they can do anything. Nothing can save you, They can install for example hardware/software keylogger.  There is no safety against the scenario where someone has both access to your computer and want  to steal/do harm.

A random file as a secret phrase saves you trouble of typing your passwords and it makes it harder to for malware writer to steal the right file.
  

Also, for extra paranoids they can keep the key files in USB thumb drive among 1000s of other images. That will make it even more safer, as the right files will not be even on the computer
 
hero member
Activity: 644
Merit: 500
I like the general idea of using hashes of files. But I think it confuses the hell out of users (especially with images). Passphrase/Wallet situation would be criticized even more.

I didn't say it should be implemented, but I am throwing an idea which is pretty safe (much safer than wallet.dat with private keys in it).  It's hard to write malware to steal wallet.dat when the   wallet could be any random file (or combination of random files) on the computer.


This is good idea! I also thought the same thing a while back. People can remember pics much better than most things. The one weakness is that if somebody knows you a bit and you dont have that many pics to choose from, they would be able to find the right one if they ever got access to your computer

If someone has access to your computer and wants to harm you, then they can do anything. Nothing can save you, They can install for example hardware/software keylogger.  There is no safety against the scenario where someone has both access to your computer and want  to steal/do harm.

A random file as a secret phrase saves you trouble of typing your passwords and it makes it harder to for malware writer to steal the right file.

  
legendary
Activity: 1176
Merit: 1134
I like the general idea of using hashes of files. But I think it confuses the hell out of users (especially with images). Passphrase/Wallet situation would be criticized even more.

I didn't say it should be implemented, but I am throwing an idea which is pretty safe (much safer than wallet.dat with private keys in it).  It's hard to write malware to steal wallet.dat when the   wallet could be any random file (or combination of random files) on the computer.


This is good idea! I also thought the same thing a while back. People can remember pics much better than most things. The one weakness is that if somebody knows you a bit and you dont have that many pics to choose from, they would be able to find the right one if they ever got access to your computer
sr. member
Activity: 404
Merit: 250
https://nxtforum.org/
By the way, since nxt is brain wallet, one password scheme  could be that hash of any file  that the user chooses can be his secret phrase. This could mean any photo from personal photo gallery could be a "secret phrase"

Even more than one file could be a "secret phrase". Something like Hash (Hash (file1) + hash (file2) + .... )

Not sure if it's a good idea, but this is possible due to brain wallet,

The real plus to this is that if there is malware on user computer, the malware wouldn't be able to guess what file is the secret phrase.

Plus, keylogger will not able to steal the secret either.

sounds like a really good idea for future clients.
full member
Activity: 189
Merit: 100
Can you save it as encrypted? The user picks a password (his choice, could be weak, doesn't matter)?

Yes (wouldn't save it any other way).

So the client creates 12 words secret phrase. Then it it asks the user to retype it (same everything as it's right now)

Then it also saves the 12 word secret phase in an encrypted file, so that the user doesn't have to retype that long secret phrase again. He has to only type a smaller password that was used for local encryption.

I think this will work fine.

well this can be tested right now in latest version of Clienxt. to see how this works out, not sure if it is suitable for web client though
hero member
Activity: 910
Merit: 1000
I like the general idea of using hashes of files. But I think it confuses the hell out of users (especially with images). Passphrase/Wallet situation would be criticized even more.

I didn't say it should be implemented

Never said that. Just discussing the idea.
hero member
Activity: 644
Merit: 500
I like the general idea of using hashes of files. But I think it confuses the hell out of users (especially with images). Passphrase/Wallet situation would be criticized even more.

I didn't say it should be implemented, but I am throwing an idea which is pretty safe (much safer than wallet.dat with private keys in it).  It's hard to write malware to steal wallet.dat when the   wallet could be any random file (or combination of random files) on the computer.

hero member
Activity: 910
Merit: 1000
I like the general idea of using hashes of files. But I think it confuses the hell out of users (especially with images). Passphrase/Wallet situation would be criticized even more.
hero member
Activity: 644
Merit: 500
eadeqa: not bad, but you must count with the degradation of JPG pictures (http://www.prophotoshow.net/2008/03/25/file-format-degradation-saving-destructive-edits-compared/)

The hash of a file never changes (even if you rename the file). Jpeg degradation refers to compression related degradation. That is, if you edit a jpeg file (like change white balance) it will do recompression that will degrade the quality.

jpegs as a file doesn't degrade even a million years from now Smiley It's a digital image (made of 1s and 0s) it's not a print Smiley
hero member
Activity: 490
Merit: 504
eadeqa: not bad, but you must count with the degradation of JPG pictures (http://www.prophotoshow.net/2008/03/25/file-format-degradation-saving-destructive-edits-compared/)
hero member
Activity: 644
Merit: 500
By the way, since nxt is brain wallet, one password scheme  could be that hash of any file  that the user chooses can be his secret phrase. This could mean any photo from personal photo gallery could be a "secret phrase"

Even more than one file could be a "secret phrase". Something like Hash (Hash (file1) + hash (file2) + .... )

Not sure if it's a good idea, but this is possible due to brain wallet,

The real plus to this is that if there is malware on user computer, the malware wouldn't be able to guess what file is the secret phrase.

Plus, keylogger will not able to steal the secret either.
hero member
Activity: 644
Merit: 500
By the way, since nxt is brain wallet, one password scheme  could be that hash of any file  that the user chooses can be his secret phrase. This could mean any photo from personal photo gallery could be a "secret phrase"

Even more than one file could be a "secret phrase". Something like Hash (Hash (file1) + hash (file2) + .... )

Not sure if it's a good idea, but this is possible due to brain wallet,
hero member
Activity: 490
Merit: 504
So I will use Nxt client - send messages and send Nxt without typing my password again and again? This is like Scifi Cheesy fantastic  Cool
Hmm this is already possible; go to http://nxtra.org/nxt-client and check the box "remember password during session" before logging in. (But client doesn't work well on testnet at the mo due to not yet transitioned to NQT / satoshis)
Thanks. This check box is maybe missing on the page: "Your secret phrase is very important! In order to be sure that you have saved it, please write your secret phrase below:" - after creating a new account, because after I write it there, I am in the client
hero member
Activity: 644
Merit: 500
Can you save it as encrypted? The user picks a password (his choice, could be weak, doesn't matter)?

Yes (wouldn't save it any other way).

So the client creates 12 words secret phrase. Then it it asks the user to retype it (same everything as it's right now)

Then it also saves the 12 word secret phase in an encrypted file, so that the user doesn't have to retype that long secret phrase again. He has to only type a smaller password that was used for local encryption.

I think this will work fine.


I will also add that next time the user opens the client, don't ask for encryption password or secret phase. Just open the account. The encryption password would only be needed for outgoing transaction (or forging) anyway, so there is no need to require the user to type it everytime. 


Password is also needed for decrypting encrypted messages. How do you think that should be handled? Need password in memory to decrypt them. (I can do that now if users checks box to remember password during session at login).


Yes, good point. I guess that means requiring the encryption password each time the client is opened (but not the longer 12 word pass phrase).

sr. member
Activity: 308
Merit: 250


So I will use Nxt client - send messages and send Nxt without typing my password again and again? This is like Scifi Cheesy fantastic  Cool


Hmm this is already possible; go to http://nxtra.org/nxt-client and check the box "remember password during session" before logging in. (But client doesn't work well on testnet at the mo due to not yet transitioned to NQT / satoshis)
hero member
Activity: 490
Merit: 504
Can you save it as encrypted? The user picks a password (his choice, could be weak, doesn't matter)?

Yes (wouldn't save it any other way).

So the client creates 12 words secret phrase. Then it it asks the user to retype it (same everything as it's right now)

Then it also saves the 12 word secret phase in an encrypted file, so that the user doesn't have to retype that long secret phrase again. He has to only type a smaller password that was used for local encryption.

I think this will work fine.


I will also add that next time the user opens the client, don't ask for encryption password or secret phase. Just open the account. The encryption password would only be needed for outgoing transaction (or forging) anyway, so there is no need to require the user to type it everytime. 


Password is also needed for decrypting encrypted messages. How do you think that should be handled? Need password in memory to decrypt them. (I can do that now if users checks box to remember password during session at login).

So I will use Nxt client - send messages and send Nxt without typing my password again and again? This is like Scifi Cheesy fantastic  Cool
sr. member
Activity: 308
Merit: 250

I will also add that next time the user opens the client, don't ask for encryption password or secret phase. Just open the account. The encryption password would only be needed for outgoing transaction (or forging) anyway, so there is no need to require the user to type it everytime.  


But this is not secure  !

Why wouldn't it be? Anyone can view any account they wish, you just cannot manipulate it. Read only until you enter your pw.
sr. member
Activity: 308
Merit: 250
Can you save it as encrypted? The user picks a password (his choice, could be weak, doesn't matter)?

Yes (wouldn't save it any other way).

So the client creates 12 words secret phrase. Then it it asks the user to retype it (same everything as it's right now)

Then it also saves the 12 word secret phase in an encrypted file, so that the user doesn't have to retype that long secret phrase again. He has to only type a smaller password that was used for local encryption.

I think this will work fine.


I will also add that next time the user opens the client, don't ask for encryption password or secret phase. Just open the account. The encryption password would only be needed for outgoing transaction (or forging) anyway, so there is no need to require the user to type it everytime. 


Password is also needed for decrypting encrypted messages. How do you think that should be handled? Need password in memory to decrypt them. (I can do that now if users checks box to remember password during session at login).
legendary
Activity: 1778
Merit: 1043
#Free market
Can you save it as encrypted? The user picks a password (his choice, could be weak, doesn't matter)?

Yes (wouldn't save it any other way).

So the client creates 12 words secret phrase. Then it it asks the user to retype it (same everything as it's right now)

Then it also saves the 12 word secret phase in an encrypted file, so that the user doesn't have to retype that long secret phrase again. He has to only type a smaller password that was used for local encryption.

I think this will work fine.


I will also add that next time the user opens the client, don't ask for encryption password or secret phase. Just open the account. The encryption password would only be needed for outgoing transaction (or forging) anyway, so there is no need to require the user to type it everytime. 


But this is not secure  !
Pages:
Jump to: