Important: Get ready for JAVA 8
Java 8 is needed for the NRS 1.5.x series of updates
You can do it when it is released but ChuckOne thought "some folks of you need more time to get this ready and test your environment well"
See Announcement thread here: https://nxtforum.org/general-discussion/(core)-get-ready-for-java-8-0/
Topic: [NXT] Development Discussion - The dev plan that keeps on delivering - page 5. (Read 22180 times)
March 24, 2015, 05:47:18 AM
March 19, 2015, 09:30:01 AM
Seems Nxt has a new core dev. I can't keep up.. 
Yes, active contributor made some improvements to peer layer & tests and working on AC [Account Control] now.
Is Petko new?
Yes, active contributor made some improvements to peer layer & tests and working on AC [Account Control] now.
March 18, 2015, 01:31:29 PM
Also, for the fans...
Hi folks,
right now, we are busy finishing the experimental version of 1.5.0e. It will contain the long-announced Voting System and phased transactions.
Voting System will give several options to create polls and several options to vote on such creates polls. Also, the set of voters can be restricted.
Phased transactions leads to a new kind of transactions: transactions included within a block but with delayed execution.
However, understand its implications require a severe amount of time and consideration (concerning the protocol, server-side, UI-side, third-party applications, etc.) which the team currently is working on. We are on a good track to pin down every corner cases, try to smooth things out and remove insensible use-cases.
That's so far for the upcoming release 1.5.0e. I cannot tell a release date for now. We first need to make sure we got it all right (at least theoretically) to reduce the amount of work later on.
Cheers,
Chuck
right now, we are busy finishing the experimental version of 1.5.0e. It will contain the long-announced Voting System and phased transactions.
Voting System will give several options to create polls and several options to vote on such creates polls. Also, the set of voters can be restricted.
Phased transactions leads to a new kind of transactions: transactions included within a block but with delayed execution.
However, understand its implications require a severe amount of time and consideration (concerning the protocol, server-side, UI-side, third-party applications, etc.) which the team currently is working on. We are on a good track to pin down every corner cases, try to smooth things out and remove insensible use-cases.
That's so far for the upcoming release 1.5.0e. I cannot tell a release date for now. We first need to make sure we got it all right (at least theoretically) to reduce the amount of work later on.
Cheers,
Chuck
March 18, 2015, 01:31:06 PM
2FA in Nxt will be realized with hashchains.
What if I have a smartphone app that has a secretphrase encrypted with the data in a qr code kept somewhere else, then I need to scan that qr code to decrypt the secretphrase, the app signs the transaction bytes with it and then discards the secretphrase and qr code data.
This isn't true 2FA. In 2FA the code is generated dynamically, so it changes every 30 second and can't be reused.
What you describe here is static password in the phone that you are scanning instead of typing.
That isn't 2FA
Nxt client never saves the password anyway, so if you don't like typing that password, you can write an app that scans it instead. Same thing. This isn't 2FA
What if I have a smartphone app that has a secretphrase encrypted with the data in a qr code kept somewhere else, then I need to scan that qr code to decrypt the secretphrase, the app signs the transaction bytes with it and then discards the secretphrase and qr code data.
This isn't true 2FA. In 2FA the code is generated dynamically, so it changes every 30 second and can't be reused.
What you describe here is static password in the phone that you are scanning instead of typing.
That isn't 2FA
Nxt client never saves the password anyway, so if you don't like typing that password, you can write an app that scans it instead. Same thing. This isn't 2FA
What (rough) release will hashchains be in? And is that the tech that prevents spam and allows zero fees?
March 18, 2015, 01:27:36 PM
2FA in Nxt will be realized with hashchains.
What if I have a smartphone app that has a secretphrase encrypted with the data in a qr code kept somewhere else, then I need to scan that qr code to decrypt the secretphrase, the app signs the transaction bytes with it and then discards the secretphrase and qr code data.
This isn't true 2FA. In 2FA the code is generated dynamically, so it changes every 30 second and can't be reused.
What you describe here is static password in the phone that you are scanning instead of typing.
That isn't 2FA
Nxt client never saves the password anyway, so if you don't like typing that password, you can write an app that scans it instead. Same thing. This isn't 2FA
What if I have a smartphone app that has a secretphrase encrypted with the data in a qr code kept somewhere else, then I need to scan that qr code to decrypt the secretphrase, the app signs the transaction bytes with it and then discards the secretphrase and qr code data.
This isn't true 2FA. In 2FA the code is generated dynamically, so it changes every 30 second and can't be reused.
What you describe here is static password in the phone that you are scanning instead of typing.
That isn't 2FA
Nxt client never saves the password anyway, so if you don't like typing that password, you can write an app that scans it instead. Same thing. This isn't 2FA
March 18, 2015, 07:59:34 AM
Account Control (lock your account to prevent any thefts, only allow transfers to specified accounts and others) looks like it could be in version NRS 1.6.
Another dev, Petko, is working on AC. I see regular updates in a corresponding branch, so I think it will be in 1.6
So any news about AC now ?
Another dev, Petko, is working on AC. I see regular updates in a corresponding branch, so I think it will be in 1.6
March 16, 2015, 03:38:51 PM
What if I have a smartphone app that has a secretphrase encrypted with the data in a qr code kept somewhere else, then I need to scan that qr code to decrypt the secretphrase, the app signs the transaction bytes with it and then discards the secretphrase and qr code data.
This isn't true 2FA. In 2FA the code is generated dynamically, so it changes every 30 second and can't be reused.
What you describe here is static password in the phone that you are scanning instead of typing.
That isn't 2FA
Nxt client never saves the password anyway, so if you don't like typing that password, you can write an app that scans it instead. Same thing. This isn't 2FA
March 16, 2015, 02:10:13 AM
your password is the formula. you never type the formula. you calculate it in your head and you just type it out. even if there was a key logger they wouldnt be able to steal the code since its always changing. no one will know ur formula.
This doesn't make any sense. The client (software) also have to know the same formula -- the one that is in your head -- otherwise how does the software check if your number is correct?
2FA doesn't work with decentralized system. It works when there are two parties, one is a server, and the second one is your phone, both have the same secret and can verify the code generated by the same shared secret. What you are saying makes no sense, as you and the software you are using must have the same formula on the same machine. That doesn't add any security.
Not impossible, just different.
What if I have a smartphone app that has a secretphrase encrypted with the data in a qr code kept somewhere else, then I need to scan that qr code to decrypt the secretphrase, the app signs the transaction bytes with it and then discards the secretphrase and qr code data.
Then someone with my phone cant use my nxt unless they have my qr code also, 2 factors of authentication.
March 16, 2015, 01:18:02 AM
your password is the formula. you never type the formula. you calculate it in your head and you just type it out. even if there was a key logger they wouldnt be able to steal the code since its always changing. no one will know ur formula.
This doesn't make any sense. The client (software) also have to know the same formula -- the one that is in your head -- otherwise how does the software check if your number is correct?
2FA doesn't work with decentralized system. It works when there are two parties, one is a server, and the second one is your phone, both have the same secret and can verify the code generated by the same shared secret. What you are saying makes no sense, as you and the software you are using must have the same formula on the same machine. That doesn't add any security.
March 15, 2015, 10:45:57 PM
your password is the formula. you never type the formula. you calculate it in your head and you just type it out. even if there was a key logger they wouldnt be able to steal the code since its always changing. no one will know ur formula.
i havent firgured out where its saved yet.. just an idea for now.
i havent firgured out where its saved yet.. just an idea for now.
March 15, 2015, 03:14:29 PM
maybe make a 2fa thats somehow correlates to the block height since it changes. and with the block height u generate a 2fa code that only u remeber. say for example a math formula. ex. block height is 1000 . now u decide enter ur own 2fa formula which is: (blockheight * 2) + 5
2fa code is 2005
does this make sense?
2fa code is 2005
does this make sense?
No, it doesn't make sense. This is nonsense. Who decides if your formula is correct and lets you login? Where is the formula saved? Why can't the hacker use the same formula?
March 15, 2015, 10:46:43 AM
maybe make a 2fa thats somehow correlates to the block height since it changes. and with the block height u generate a 2fa code that only u remeber. say for example a math formula. ex. block height is 1000 . now u decide enter ur own 2fa formula which is: (blockheight * 2) + 5
2fa code is 2005
this is all derived from the block height and the formula u remember. this makes it a always changing pass without the need of another device.
does this make sense?
2fa code is 2005
this is all derived from the block height and the formula u remember. this makes it a always changing pass without the need of another device.
does this make sense?
using block height as a part of the 2FA is a pretty interesting idea
March 15, 2015, 09:35:22 AM
maybe make a 2fa thats somehow correlates to the block height since it changes. and with the block height u generate a 2fa code that only u remeber. say for example a math formula. ex. block height is 1000 . now u decide enter ur own 2fa formula which is: (blockheight * 2) + 5
2fa code is 2005
this is all derived from the block height and the formula u remember. this makes it a always changing pass without the need of another device.
does this make sense?
2fa code is 2005
this is all derived from the block height and the formula u remember. this makes it a always changing pass without the need of another device.
does this make sense?
March 14, 2015, 11:53:18 PM
I knew it Could it be adjusted to rely on a dynamic pin generator, a different PIN produced each use? That sounds complicated to do.
Could it be adjusted to rely on a dynamic pin generator, a different PIN produced each use? That sounds complicated to do.It could reencrypt the data with a different key each time, but it would just be more work for the user remembering new passwords each time the previous one is entered.
A 2fa like system would be cool, but is fairly impractical in a non centralized system. The closest to the is a project I've heard called nxt vault, but they plan to use nxt phasing and account control to achieve multisig like 2fa.
March 14, 2015, 07:34:32 PM
great,wait for NRS1.5 
March 14, 2015, 05:41:23 PM
I knew it Could it be adjusted to rely on a dynamic pin generator, a different PIN produced each use? That sounds complicated to do.
Could it be adjusted to rely on a dynamic pin generator, a different PIN produced each use? That sounds complicated to do. March 14, 2015, 05:34:19 PM
no what i meant was have it generate a custom QR time based code that is derived from your password. so everytime someone logins to nxt they must have the constantly changing pin # to login to their account.
Sorry, I forgot about this. I think I understand. I'll ask the devs, Jones is always interested in stuff like this.
I am
my most recent system uses an encrypted wallet.dat type format where you can use a keypad to type in your PIN to unencrypt the nxt secretphrase. That way your account is safe against keyloggers and losing your wallet.dat and its short enough to be rememberable. March 14, 2015, 05:16:26 PM
no what i meant was have it generate a custom QR time based code that is derived from your password. so everytime someone logins to nxt they must have the constantly changing pin # to login to their account.
Sorry, I forgot about this. I think I understand. I'll ask the devs, Jones is always interested in stuff like this.
March 14, 2015, 05:15:02 PM
The surprise gifts just keep on coming - Multiaccount wallets.
Login in Nxt 1.5 does not require a password anymore. Only sending a transaction does. In effect, 1.5 has a multi-account wallet as a client side only feature.
March 02, 2015, 12:04:16 AM
no what i meant was have it generate a custom QR time based code that is derived from your password. so everytime someone logins to nxt they must have the constantly changing pin # to login to their account.
Jump to: