Topic: NXT :: descendant of Bitcoin - Updated Information - page 785. (Read 2761629 times)

You are not sending your wallet key. You are sending a password that you defined that was used to encrypt the wallet.

I get the trust argument though. As with any online services, you need to trust the person running the server. Same for blockchain.info and all the exchanges out there.

http://kryptokit.com/  ?

Yeah, I only agreed with the stipulation that USD/Nxt be offered, and he also has a rewards program so he claims there is no big profit made.  

Well, of course the guy would say that. Everyone will say their product is better.

The fact is: you need to decrypt the wallet at some point in order to spend coins. The decryption can happen on the browser or the server, and to decrypt it you will need to type your password.

Don't forget when you sign up in blockchain.info you ALSO type your password on their website. There's no guarantee that they didn't save a copy of your password somewhere.

What I am saying is that I don't see the "save in the browser" as being any safer, to me this is more marketing that actual security. If there's any security experts here please prove me wrong (and I will be happy to be proven wrong).

Mikes...welcome to Holland, mate.
Still playing catch-up with this thread, suggest that all NXT'ers with promo material projects (clothing, stickers, monoliths, commemorative beer-mugs, etc)  post on the marketing thread:
https://bitcointalk.org/index.php?topic=412243.760
This will give us a chance to get an overview of what we have available.

(BTW, more on my stickers soon.)


+10, this could be huge for NXT.

Your browser downloads the java file (code?!?) and your wallet gets decrypted only within this java environment on your browser. With bitcoin you can prepare a transaction locally, you don't need a connection to the blockchain for that. After you have finished signing the transaction, you can broadcast it. No sensitive information ever leaves your browser!

How is that possible?

The really big difference is, that the person that hosts the wallet can spend your coins if you send your password. Because if you sign serverside, your wallet has to be decrypted atleast once for a short period of time. You as the owner of the server can interfere if you chose to, or if your server is compromised and bad code is implemented coins can be stolen. That is the reason that the guy that created blockchain.info said that all wallets that don't offer browserside signing WILL be hacked/scamed.

There is a big difference. You are sending your password to a third party who is running the server.

Password should never leave your computer. Only signed transactions should be broadcast to the servver

Thank you, i actually thought that they might charge an order of magnitude more.

Yes! Go, go, go!

Sure, 2.5btc.

Why is it such a big difference? If an attacker has a keylogger you may lose your coins the same way in mynxt.info and blockchain.info.

What is important is that the wallet is encrypted and in order to decrypt it you need the user's password. Whether the decrypting happens on the server or on the browser, I don't think this is such a big deal. In fact, I can imagine people developing a malware that you get in your browser (since your browser holds an unencrypted version of your wallet).

NXT 4th place on mintpal

https://www.mintpal.com/voting

Will you disclose how much you paid for that?

I am stuck on one last detail on multisig sending. In order to sign the rawtransaction, you need both the scriptPubKey and redeemScript fro the txid that you are using. From txid, I can do a getrawtransaction and decoderawtransaction and it outputs something like this:

        {
            "value" : 1.00000000,
            "n" : 1,
            "scriptPubKey" : {
                "asm" : "OP_HASH160 422ab98368da5c169f1dbd768216541152a54a61 OP_EQUAL",
                "hex" : "a914422ab98368da5c169f1dbd768216541152a54a6187",
                "reqSigs" : 1,
                "type" : "scripthash",
                "addresses" : [
                    "9xU8ScTEk9gAGvFXa66ms3zUuVfmJeiZiF"
                ]
            }
        }

However a listunspent shows the following:

    {
        "txid" : "ef9f3728453ed9864827178f1cc02c3376babda0831cb121af560141c239ce5b",
        "vout" : 1,
        "address" : "9xU8ScTEk9gAGvFXa66ms3zUuVfmJeiZiF",
        "account" : "shared",
        "scriptPubKey" : "a914422ab98368da5c169f1dbd768216541152a54a6187",
        "redeemScript" : "542103c75e4c9fce2297924d76eb50994b357c37a6936b16df38c47ce3e4580417f89c210259649 91f87aebca9d1444fb39ab7589fee1acf4ff94f13c2b004c1a40616d9502103ad6a17b314737354 5feb12cd091ff5bd46712383170f4fe3fb986eff50e74e982102ef6c1d4129de658579649f3f648 cd9bdec049f6e37aa06e1dffd109929f2a5032103619137770c3554e3475745db363be012685002 b46d24a0f1cbebc1b1b4ef1b6755ae",
        "amount" : 1.00000000,
        "confirmations" : 171
    }

The scriptPubKey matches the "hex" field, but I have no idea how to generate the raw bytes for redeemScript. I just started looking at bitcoind API today, so I am hoping it is an easy thing to do. On the server that created the multisig acct, it can use the listunspent, but my understanding is that a different server would not have any direct access to the accounts bitcoind manages. [It better not!] So, to deal with the case of one gateway going MIA, the other two would need to be able to transfer out all the funds in the multisig account and I think the only thing they will have is the txids of all the deposits into the multisig acct.

As soon as this mystery is solved, I will be ready to code up a proof of concept fully automated multisig gateway that uses AM, so all the deposits and withdrawals can be verified.

James

Not sure, he is working on it asap and I've contacted a few members here to help him integrate as he had some api questions.  Also, if anyone else wants to offer him help with integration, here is the contact email (subject "Nxt Integration") [email protected]

Yes but the signing happens on your server, that is the problem. With blockchain.info type wallet, NOTHING leaves the browser. Only the broadcast happens on the server there. This is a HUGE difference.

Yes. And the AE (auction house) generates real fees. As does crafting.

Obviously, since NXT is going to hit $1, we need fractional NXT.

This is how wallet.mynxt.info works. The user password is used to decrypt the wallet. Without the user password we cannot decrypt the wallet. And everything in wallet.mynxt.info is just a gateway to the actual Nxt network. We make API calls to NRS to send and receive Nxt.