Nxt Forum

Nxt Discussion => Nxt General Discussion => Topic started by: semibaron on July 28, 2014, 05:38:18 pm

Title: The most important feature NXT needs
Post by: semibaron on July 28, 2014, 05:38:18 pm
Everyone is talking about some fancy stuff like AT,SC (SSCL :) ) or MS.
But since the recent hacks on kLee and other NXT members I'm in daily fear of my beloved NXT.

2-factor auth or at least multisigning would increase the security and trustworthiness of NXT so much.
Unfortunately I'm not a computer expert and can't help with this.

Is any security enhancement planned for the next release? 
Title: Re: The most important feature NXT needs
Post by: Meizirkki on July 28, 2014, 05:42:21 pm
2FA is impossible with standard client.
Title: Re: The most important feature NXT needs
Post by: JackCelere on July 28, 2014, 05:44:12 pm
If I am not mistaken, there is a bounty to develop account control (https://nxtforum.org/account-control/what-is-account-control/msg5277/#msg5277), but AT are needed.
Title: Re: The most important feature NXT needs
Post by: semibaron on July 28, 2014, 05:48:10 pm
If I am not mistaken, there is a bounty to develop account control (https://nxtforum.org/account-control/what-is-account-control/msg5277/#msg5277), but AT are needed.

Account control == Multisig?

Why is AT needed for this?
Title: Re: The most important feature NXT needs
Post by: salsacz on July 28, 2014, 05:52:51 pm
Dunno if it's a feature, but we need a porn, to gain some mainstream users
Title: Re: The most important feature NXT needs
Post by: m30188 on July 28, 2014, 05:57:04 pm
Everyone is talking about some fancy stuff like AT,SC (SSCL :) ) or MS.
But since the recent hacks on kLee and other NXT members I'm in daily fear of my beloved NXT.

2-factor auth or at least multisigning would increase the security and trustworthiness of NXT so much.
Unfortunately I'm not a computer expert and can't help with this.

Is any security enhancement planned for the next release?
+1
Title: Re: The most important feature NXT needs
Post by: semibaron on July 28, 2014, 06:00:40 pm
I'm just saying without proper security nobody cares about the other features.
Bitcoin has the same security issues, but I think NXT can do better :-).

Title: Re: The most important feature NXT needs
Post by: valarmg on July 28, 2014, 06:10:34 pm
Agreed 100%. There're not many coins without multisig capability. Unfortunately Nxt is one of them.
Title: Re: The most important feature NXT needs
Post by: marcus03 on July 28, 2014, 06:21:58 pm
Agreed 100%. There're not many coins without multisig capability. Unfortunately Nxt is one of them.
After checking five altcoins for multisig capabilities today with all of them having them, I agree it feels quite disgraceful.
Title: Re: The most important feature NXT needs
Post by: Mexxer on July 28, 2014, 06:23:49 pm
Agreed 100%. There're not many coins without multisig capability. Unfortunately Nxt is one of them.
After checking five altcoins for multisig capabilities today with all of them having them, I agree it feels quite disgraceful.

Wait ... I thought Nxt has multisig capabilities ... otherwise the MGW would not have been possible. I think it's just not integrated into any of the clients yet.
Title: Re: The most important feature NXT needs
Post by: semibaron on July 28, 2014, 06:28:15 pm
Agreed 100%. There're not many coins without multisig capability. Unfortunately Nxt is one of them.
After checking five altcoins for multisig capabilities today with all of them having them, I agree it feels quite disgraceful.

Wait ... I thought Nxt has multisig capabilities ... otherwise the MGW would not have been possible. I think it's just not integrated into any of the clients yet.

MGW uses Bitcoin multisig. NXT mutlisig isn't required.
Title: Re: The most important feature NXT needs
Post by: valarmg on July 28, 2014, 06:38:44 pm

MGW uses Bitcoin multisig. NXT mutlisig isn't required.

MGW presently requires only the BTC/LTC/altcoin multisig. Additionally, having NXT multisig would improve the MGW system.
Title: Re: The most important feature NXT needs
Post by: Berzerk on July 28, 2014, 07:01:20 pm
I think Instant Transactions are more important.
Title: Re: The most important feature NXT needs
Post by: jefdiesel on July 28, 2014, 07:06:30 pm
I think its not ONE most important feature, but more of a Top 10 list

Top ten ways hodling makes you happy
Top ten reasons BCNext is probably an Alien from the Future
(omg, maybe hes a T2 sent to help us kill the humans!)
Top ten ways BTC makes your ass look big
Title: Re: The most important feature NXT needs
Post by: JackCelere on July 28, 2014, 07:08:12 pm
Account control == Multisig?
No.

Quote
The account control feature will allow a user to set a "lock" on an account which prohibits any outgoing transactions until certain conditions are met. Account control options may include:
  • Blocking some or all coins from spending, which would restrict the transmission of coins, aliases, assets, or any combination of these
  • Defining a duration period for these blocks
  • Allowing accounts to only send coins to a specified account
  • Specifying that outgoing transactions are only possible during certain hours of the day
  • Scheduling a transaction for a specified date in the future
  • Combining any of the above settings
These features present some interesting account usage scenarios:
  • tagging an account as a "savings" account, with no ability to send Nxt
  • using a locked account as an "escrow" account
  • limiting the ability to transfer assets or aliases from an account
  • setting a "spending limit" on an account, e.g. 100Nxt/day

Why is AT needed for this?
I don't know.
Title: Re: The most important feature NXT needs
Post by: m30188 on July 28, 2014, 07:14:35 pm
I think its not ONE most important feature, but more of a Top 10 list

Top ten ways hodling makes you happy
Top ten reasons BCNext is probably an Alien from the Future
(omg, maybe hes a T2 sent to help us kill the humans!)
Top ten ways BTC makes your ass look big
I think time travelers are already among us, but not to do anything important. I think rich guys from the future just come back to see Led Zeppelin live and visit relatives who have passed on.
Title: Re: The most important feature NXT needs
Post by: jefdiesel on July 28, 2014, 08:01:13 pm
I think its not ONE most important feature, but more of a Top 10 list

Top ten ways hodling makes you happy
Top ten reasons BCNext is probably an Alien from the Future
(omg, maybe hes a T2 sent to help us kill the humans!)
Top ten ways BTC makes your ass look big
I think time travelers are already among us, but not to do anything important. I think rich guys from the future just come back to see Led Zeppelin live and visit relatives who have passed on.
+1
Title: Re: The most important feature NXT needs
Post by: ChuckOne on July 28, 2014, 08:06:29 pm
Dunno if it's a feature, but we need a porn, to gain some mainstream users

Yes. Porn is definitely needed. +1440

Furthermore, we need devs. Anybody?
Title: Re: The most important feature NXT needs
Post by: Berzerk on July 28, 2014, 08:13:23 pm
Dunno if it's a feature, but we need a porn, to gain some mainstream users

Yes. Porn is definitely needed. +1440

Furthermore, we need devs. Anybody?

What do you wanna see? ;D
Title: Re: The most important feature NXT needs
Post by: ChuckOne on July 28, 2014, 08:19:04 pm
Dunno if it's a feature, but we need a porn, to gain some mainstream users

Yes. Porn is definitely needed. +1440

Furthermore, we need devs. Anybody?

What do you wanna see? ;D

Dev porn? :D
Title: Re: The most important feature NXT needs
Post by: Eadeqa on July 28, 2014, 08:25:11 pm
2-factor auth or at least multisigning would increase the security and trustworthiness of NXT so much.

Wallets like nxtblocks.info and mynxt.info have 2-factor auth. Use them, as I think they are pretty safe and easier to use. 
Title: Re: The most important feature NXT needs
Post by: m30188 on July 28, 2014, 08:32:49 pm
Wallets like nxtblocks.info and mynxt.info have 2-factor auth. Use them, as I think they are pretty safe and easier to use.
You can still access the account with the private key.
Title: Re: The most important feature NXT needs
Post by: Eadeqa on July 28, 2014, 08:38:41 pm
Wallets like nxtblocks.info and mynxt.info have 2-factor auth. Use them, as I think they are pretty safe and easier to use.
You can still access the account with the private key.

which always be the case , no matter what you do. 

2FA is designed to protect against weak/stolen passwords, and  nxtblocks.info and mynxt.info both achive that goal, fulling 2FA security goal.


Title: Re: The most important feature NXT needs
Post by: semibaron on July 28, 2014, 08:47:08 pm
Wallets like nxtblocks.info and mynxt.info have 2-factor auth. Use them, as I think they are pretty safe and easier to use.
You can still access the account with the private key.

which always be the case , no matter what you do. 

2FA is designed to protect against weak/stolen passwords, and  nxtblocks.info and mynxt.info both achive that goal, fulling 2FA security goal.

When a hacker enters my stolen private key into the standard client he can steal my NXT.
Title: Re: The most important feature NXT needs
Post by: Eadeqa on July 28, 2014, 08:53:24 pm
When a hacker enters my stolen private key into the standard client he can steal my NXT.

You mean when the hacker enters the secret phrase. The standard Nxt client doesn't use private key.

nxtblocks doesn't use secret phrase. It uses a password that encrypts your wallet. Your secret phrase is in your wallet file, you never type it. If you have 2FA enabled, losing the password alone won't expose the secret phrase as the hacker still would need the wallet file that requires 2FA before you can download it.   
Title: Re: The most important feature NXT needs
Post by: semibaron on July 28, 2014, 09:13:55 pm
When a hacker enters my stolen private key into the standard client he can steal my NXT.

You mean when the hacker enters the secret phrase. The standard Nxt client doesn't use private key.

nxtblocks doesn't use secret phrase. It uses a password that encrypts your wallet. Your secret phrase is in your wallet file, you never type it. If you have 2FA enabled, losing the password alone won't expose the secret phrase as the hacker still would need the wallet file that requires 2FA before you can download it.


Still the question if a 3rd party can be considered as safe.
Title: Re: The most important feature NXT needs
Post by: colin012 on July 28, 2014, 10:30:35 pm
When a hacker enters my stolen private key into the standard client he can steal my NXT.

You mean when the hacker enters the secret phrase. The standard Nxt client doesn't use private key.

nxtblocks doesn't use secret phrase. It uses a password that encrypts your wallet. Your secret phrase is in your wallet file, you never type it. If you have 2FA enabled, losing the password alone won't expose the secret phrase as the hacker still would need the wallet file that requires 2FA before you can download it.


Still the question if a 3rd party can be considered as safe.

3rd party is the only reasonable way 2 factor auth will be usable. What needs to happen is someone needs to create an open source 3rd party client using it.
Title: Re: The most important feature NXT needs
Post by: Tosch110 on July 28, 2014, 10:42:24 pm
There is  one:

https://wallet.mynxt.info/


Source code:

https://nxtforum.org/mynxt-info/online-wallet-road-map/

API:

https://nxtforum.org/mynxt-info/announcement-mynxt-info-api/

Title: Re: The most important feature NXT needs
Post by: m30188 on July 29, 2014, 12:53:15 am
Anyone know offhand the max characters allowed for nxt passphrase?
Title: Re: The most important feature NXT needs
Post by: Bitfinex_USD on July 29, 2014, 01:05:51 am
N of M signature transactions are really needed IMO. Just improves the security soo much.

If that is not possible in short time, someone should provide a tool to make offline addresses extremely easy!
Title: Re: The most important feature NXT needs
Post by: Eadeqa on July 29, 2014, 04:39:53 am
Anyone know offhand the max characters allowed for nxt passphrase?

There is no max; you can put a whole library, but that doesn't increase the security. The max strength is limited by curve25519's max strength, which is 128 bits security. 
elective-stereophonic
elective-stereophonic
assembly
assembly