Pages:
Author

Topic: [NXT] Development Discussion - The dev plan that keeps on delivering - page 5. (Read 22223 times)

hero member
Activity: 574
Merit: 500
Important: Get ready for JAVA 8

Java 8 is needed for the NRS 1.5.x series of updates


You can do it when it is released but ChuckOne thought "some folks of you need more time to get this ready and test your environment well"


See Announcement thread here: https://nxtforum.org/general-discussion/(core)-get-ready-for-java-8-0/
hero member
Activity: 574
Merit: 500
Seems Nxt has a new core dev. I can't keep up..  Cheesy

Is Petko new?

Yes, active contributor made some improvements to peer layer & tests and working on AC [Account Control] now.
hero member
Activity: 574
Merit: 500
Also, for the fans...

Hi folks,

right now, we are busy finishing the experimental version of 1.5.0e. It will contain the long-announced Voting System and phased transactions.

Voting System will give several options to create polls and several options to vote on such creates polls. Also, the set of voters can be restricted.

Phased transactions leads to a new kind of transactions: transactions included within a block but with delayed execution.

However, understand its implications require a severe amount of time and consideration (concerning the protocol, server-side, UI-side, third-party applications, etc.) which the team currently is working on. We are on a good track to pin down every corner cases, try to smooth things out and remove insensible use-cases.

That's so far for the upcoming release 1.5.0e. I cannot tell a release date for now. We first need to make sure we got it all right (at least theoretically) to reduce the amount of work later on.

Cheers,
Chuck
hero member
Activity: 574
Merit: 500
2FA in Nxt will be realized with hashchains.


What if I have a smartphone app that has a secretphrase encrypted with the data in a qr code kept somewhere else, then I need to scan that qr code to decrypt the secretphrase, the app signs the transaction bytes with it and then discards the secretphrase and qr code data.

This isn't true 2FA. In 2FA the code is generated dynamically, so it changes every 30  second and can't be reused.

What you describe here is static password in the phone that you are scanning instead of typing.

That isn't 2FA

Nxt client never saves the password  anyway, so if you don't like typing that password, you can write an app that scans it instead. Same thing. This isn't 2FA

What (rough) release will hashchains be in? And is that the tech that prevents spam and allows zero fees?
sr. member
Activity: 364
Merit: 250
☕ NXT-4BTE-8Y4K-CDS2-6TB82
2FA in Nxt will be realized with hashchains.


What if I have a smartphone app that has a secretphrase encrypted with the data in a qr code kept somewhere else, then I need to scan that qr code to decrypt the secretphrase, the app signs the transaction bytes with it and then discards the secretphrase and qr code data.

This isn't true 2FA. In 2FA the code is generated dynamically, so it changes every 30  second and can't be reused.

What you describe here is static password in the phone that you are scanning instead of typing.

That isn't 2FA

Nxt client never saves the password  anyway, so if you don't like typing that password, you can write an app that scans it instead. Same thing. This isn't 2FA
hero member
Activity: 574
Merit: 500
Account Control (lock your account to prevent any thefts, only allow transfers to specified accounts and others) looks like it could be in version NRS 1.6.

So any news about AC  now ?

Another dev, Petko, is working on AC. I see regular updates in a corresponding branch, so I think it will be in 1.6
hero member
Activity: 644
Merit: 500

What if I have a smartphone app that has a secretphrase encrypted with the data in a qr code kept somewhere else, then I need to scan that qr code to decrypt the secretphrase, the app signs the transaction bytes with it and then discards the secretphrase and qr code data.

This isn't true 2FA. In 2FA the code is generated dynamically, so it changes every 30  second and can't be reused.

What you describe here is static password in the phone that you are scanning instead of typing.

That isn't 2FA

Nxt client never saves the password  anyway, so if you don't like typing that password, you can write an app that scans it instead. Same thing. This isn't 2FA
member
Activity: 63
Merit: 10
your password is the formula. you never type the formula. you calculate it in your head and you just type it out. even if there was a key logger they wouldnt be able to steal the code since its always changing. no one will know ur formula.

This doesn't make any sense. The client (software) also have to know the same formula  -- the one that is in your head -- otherwise how does the software check if your number  is correct?

2FA  doesn't work with decentralized system. It works when there are two parties, one is a server, and the second one is your phone, both have the same secret and can verify the code generated by the same shared secret. What you are saying makes no sense, as you and the software you  are using must have the same formula on the same machine. That doesn't add any security.


Not impossible, just different.

What if I have a smartphone app that has a secretphrase encrypted with the data in a qr code kept somewhere else, then I need to scan that qr code to decrypt the secretphrase, the app signs the transaction bytes with it and then discards the secretphrase and qr code data.

Then someone with my phone cant use my nxt unless they have my qr code also, 2 factors of authentication.
hero member
Activity: 644
Merit: 500
your password is the formula. you never type the formula. you calculate it in your head and you just type it out. even if there was a key logger they wouldnt be able to steal the code since its always changing. no one will know ur formula.

This doesn't make any sense. The client (software) also have to know the same formula  -- the one that is in your head -- otherwise how does the software check if your number  is correct?

2FA  doesn't work with decentralized system. It works when there are two parties, one is a server, and the second one is your phone, both have the same secret and can verify the code generated by the same shared secret. What you are saying makes no sense, as you and the software you  are using must have the same formula on the same machine. That doesn't add any security.
full member
Activity: 165
Merit: 101
your password is the formula. you never type the formula. you calculate it in your head and you just type it out. even if there was a key logger they wouldnt be able to steal the code since its always changing. no one will know ur formula.

i havent firgured out where its saved yet.. just an idea for now.
hero member
Activity: 644
Merit: 500
maybe make a 2fa thats somehow correlates to the block height since it changes. and with the block height u generate a 2fa code that only u remeber. say for example a math formula. ex. block height is 1000 . now u decide enter ur own 2fa formula which is: (blockheight * 2) + 5

2fa code is 2005

does this make sense?

No, it doesn't make sense. This is nonsense. Who decides if your formula is correct and lets you login? Where is the formula saved? Why can't the hacker use the same formula?
legendary
Activity: 1232
Merit: 1001
mining is so 2012-2013
maybe make a 2fa thats somehow correlates to the block height since it changes. and with the block height u generate a 2fa code that only u remeber. say for example a math formula. ex. block height is 1000 . now u decide enter ur own 2fa formula which is: (blockheight * 2) + 5

2fa code is 2005

this is all derived from the block height and the formula u remember. this makes it a always changing pass without the need of another device.

does this make sense?

using block height as a part of the 2FA is a pretty interesting idea
full member
Activity: 165
Merit: 101
maybe make a 2fa thats somehow correlates to the block height since it changes. and with the block height u generate a 2fa code that only u remeber. say for example a math formula. ex. block height is 1000 . now u decide enter ur own 2fa formula which is: (blockheight * 2) + 5

2fa code is 2005

this is all derived from the block height and the formula u remember. this makes it a always changing pass without the need of another device.

does this make sense?
member
Activity: 63
Merit: 10
I knew it  Cheesy Could it be adjusted to rely on a dynamic pin generator, a different PIN produced each use? That sounds complicated to do.

It could reencrypt the data with a different key each time, but it would just be more work for the user remembering new passwords each time the previous one is entered.

A 2fa like system would be cool, but is fairly impractical in a non centralized system. The closest to the is a project I've heard called nxt vault, but they plan to use nxt phasing and account control to achieve multisig like 2fa.
legendary
Activity: 1512
Merit: 1004
great,wait for NRS1.5 Smiley
hero member
Activity: 574
Merit: 500
I knew it  Cheesy Could it be adjusted to rely on a dynamic pin generator, a different PIN produced each use? That sounds complicated to do.
member
Activity: 63
Merit: 10
no what i meant was have it generate a custom QR time based code that is derived from your password. so everytime someone logins to nxt they must have the constantly changing pin # to login to their account.

Sorry, I forgot about this. I think I understand.  I'll ask the devs, Jones is always interested in stuff like this.

I am Smiley my most recent system uses an encrypted wallet.dat type format where you can use a keypad to type in your PIN to unencrypt the nxt secretphrase. That way your account is safe against keyloggers and losing your wallet.dat and its short enough to be rememberable.

hero member
Activity: 574
Merit: 500
no what i meant was have it generate a custom QR time based code that is derived from your password. so everytime someone logins to nxt they must have the constantly changing pin # to login to their account.

Sorry, I forgot about this. I think I understand.  I'll ask the devs, Jones is always interested in stuff like this.
hero member
Activity: 574
Merit: 500
The surprise gifts just keep on coming - Multiaccount wallets.


Login in Nxt 1.5 does not require a password anymore. Only sending a transaction does. In effect, 1.5 has a multi-account wallet as a client side only feature.
full member
Activity: 165
Merit: 101
no what i meant was have it generate a custom QR time based code that is derived from your password. so everytime someone logins to nxt they must have the constantly changing pin # to login to their account.
Pages:
Jump to: