elective-stereophonic
elective-stereophonic
This is going to severely hinder NXT adoption... singapore
Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest Stable Nxt Client: Nxt 1.12.2

Author Topic: This is going to severely hinder NXT adoption...  (Read 3174 times)

Tai Zen

  • Jr. Member
  • **
  • Karma: +31/-4
  • Offline Offline
  • Posts: 81
    • View Profile
    • Prison Or Freedom
This is going to severely hinder NXT adoption...
« on: September 18, 2014, 07:00:51 pm »

I personally believe this is going to severely hinder NXT adoption by the general public:

"The recipient account is an unknown account, meaning it has never had an incoming or outgoing transaction. To submit this request you must supply the recipient public key also."

There has to be a better way for a new user to acquire and send coins...  This security process creates too much "friction" and "confusion" for a new user.

We have a lot of smart folks in the NXT community... somebody please come up with a better solution.  I understand there are security concerns but there has to be a better compromise...

Enjoy!
Tai Zen
Logged
Founder of www.PrisonOrFreedom.com | BTC: 19HHZ1yEimKUYVFM9TkXqd9xwM54jSFrmc | NXT:  17225446755425423638 | LTC:  LTA99422wieqR1MfWeNxZU5xAsESE9MzW7

mczarnek

  • Hero Member
  • *****
  • Karma: +68/-4
  • Offline Offline
  • Posts: 898
    • View Profile
    • Nxt Place - Craigslist for Nxt
Re: This is going to severely hinder NXT adoption...
« Reply #1 on: September 18, 2014, 09:03:36 pm »

You only have to submit this for the very first request?  Is there a way to do it at the same time as the account is created?

The purpose is to make sure that you can't send money to non-existent accounts, correct?

Let's say I try sending money to NXT-5DB7-5L7H-MSJ8-GGTR3 but mistype it and instead end up with: NXT-5DB7-5L7H-MSJ8-HHTR3

Reed-Solomon encoding somewhat protects but is this more protection for that specific case?

If there is a way for the user's computer to do this upon account creation, I don't see a problem as it can be done within the wallet and most users will never have to touch this.
Logged
NXT Organization: Tech
Donations greatly appreciated: NXT-DWVJ-G89C-RHNL-6QW6Q

8

  • Full Member
  • ***
  • Karma: +6/-6
  • Offline Offline
  • Posts: 122
  • English-Chinese translation Service
    • View Profile
Re: This is going to severely hinder NXT adoption...
« Reply #2 on: September 20, 2014, 01:12:09 pm »

I don't think so. If the Nxt is powerful enough, the new users will get there.
Logged
My crypto blog: http://coinour.com

lucky88888

  • Hero Member
  • *****
  • Karma: +42/-14
  • Offline Offline
  • Posts: 694
  • NXT-E328-UJDF-KTGH-9C6YQ
    • View Profile
Re: This is going to severely hinder NXT adoption...
« Reply #3 on: September 20, 2014, 01:26:46 pm »


The purpose is to make sure that you can't send money to non-existent accounts, correct?


no the purpose is to prevent this.
Quote
So if a botnet of 10k computers would start to precompute Address ID's, 0.5% of new users of NXT would have their founds stolen immediately after creating an account in 2024.
https://nxtforum.org/security/account-id-precomputation-attack/

no matter what, it's still much much easier than going to the bank and registering a new bank account.right? ofcourse though, if there is easier ways then it would be better.
« Last Edit: September 20, 2014, 01:32:32 pm by lucky88888 »
Logged
NXT-E328-UJDF-KTGH-9C6YQ
8897013707391239174

EvilDave

  • Hero Member
  • *****
  • Karma: +341/-40
  • Offline Offline
  • Posts: 1789
    • View Profile
    • NXT Foundation
Re: This is going to severely hinder NXT adoption...
« Reply #4 on: September 20, 2014, 01:33:12 pm »

Well, it is a PITA to have to supply the public key for that first transaction, but it is a valuable safeguard to stop people turning their first NXT purchase into a useless lump of darkNXT.

Most/all businesses have managed to adjust to the change, though we needed to communicate much more clearly with them.
AFAIK, ChuckOne has taken on the role of project co-ordinator (handling communication between core devs and the wider NXT business user community), so changes will be handled better in the future.

I think that we need to create simple starters guides to using NXT, and maybe a dedicated n00bie section on the forum, and set this up as the first place to come to for any new NXT user......I've brought a few people into NXT recently, and it still is quite difficult to figure out wtf is going on with NXT from the perspective of a non-crypto geek. 

There is a vague plan going on for a Reddit advertising campaign, see:
https://nxtforum.org/nxt-promotion/nxt-reddit-ad-campaign/

I'd like to see this become a solid plan........get people interested on Reddit, bring them here to a simple guide (and help if needed) to get them into NXT as easily and painlessly as possible.

 
« Last Edit: September 20, 2014, 01:47:52 pm by EvilDave »
Logged
Nulli Dei, nulli Reges, solum NXT
NXT Donations: NXT-BNZB-9V8M-XRPW-3S3WD
We will ride eternal, shiny and chrome!

abctc

  • Hero Member
  • *****
  • Karma: +148/-13
  • Offline Offline
  • Posts: 1396
    • View Profile
Re: This is going to severely hinder NXT adoption...
« Reply #5 on: September 20, 2014, 02:31:08 pm »

I personally believe this is going to severely hinder NXT adoption by the general public
- agree 100%.

We need to make that "must supply the recipient public key" feature optional as soon as possible.
Logged
Welcome to the Nxt generation of crypto!   Magis quam Moneta (More than a Coin)
"Do not worry, it is an attack" (c) Jean-Luc

LocoMB

  • Hero Member
  • *****
  • Karma: +101/-37
  • Offline Offline
  • Posts: 751
    • View Profile
Re: This is going to severely hinder NXT adoption...
« Reply #6 on: September 20, 2014, 03:30:14 pm »


if we present the argument nicely, this may even be converted into a virtue:

people often ask- 'so how can I get an account?' and that is exactly the point where we have to say, well, get yourself a public key for free, and you have one!

Certainly that beats the procedure of getting an account with a fiat bank!

And getting an account with a fiat bank is s.t. everybody can relate to.
oth, the 'get yourself a high entropy passphrase, and take care that it is rainbow table resistant' is certainly on the other end of the accessibility spectrum..
Logged
TOX
90E54E5B5213290EE616D425CADC473038CFABFA53C913271AA8559D1937DC4AF3A354A9E4E5

sv3n

  • Sr. Member
  • ****
  • Karma: +29/-0
  • Offline Offline
  • Posts: 268
    • View Profile
Re: This is going to severely hinder NXT adoption...
« Reply #7 on: September 20, 2014, 03:38:49 pm »

This isn't just about fiat, this is about the entirety of cryptos.  Sure it's easier than a bank, but that's not the only thing to consider.  It's like selling a bike by saying it's easier than walking 10 miles.  Of course it is, but if requires you to put it together when every other bike is sold assembled, then it's still a lesser product relative to others (in that regard at least).  Given that this is a very customer facing issue, this is a pretty important issue to resolve.
Logged
NXT-QK6T-BTVP-N8SL-9ZLD4

jones

  • Hero Member
  • *****
  • Karma: +310/-8
  • Offline Offline
  • Posts: 1043
  • write code not war
    • View Profile
    • jNxt
Re: This is going to severely hinder NXT adoption...
« Reply #8 on: September 20, 2014, 07:44:02 pm »

http://Http://jaft.pw/key is my proposed solution that takes your public key and address directly from a get request from the client, and sends you a starter message therefore broadcasting your public key.
I am currently working on putting a decentralized version of this directly into a client.
Logged
-- Jones NXT-RJU8-JSNR-H9J4-2KWKY

Marc De Mesel

  • Hero Member
  • *****
  • Karma: +228/-83
  • Offline Offline
  • Posts: 643
    • View Profile
Re: This is going to severely hinder NXT adoption...
« Reply #9 on: September 20, 2014, 08:33:09 pm »

I personally believe this is going to severely hinder NXT adoption by the general public:

"The recipient account is an unknown account, meaning it has never had an incoming or outgoing transaction. To submit this request you must supply the recipient public key also."

There has to be a better way for a new user to acquire and send coins...  This security process creates too much "friction" and "confusion" for a new user.

We have a lot of smart folks in the NXT community... somebody please come up with a better solution.  I understand there are security concerns but there has to be a better compromise...

Enjoy!
Tai Zen

+1440

I have been donating NXT to many people, but none since this development.

I have a list ready, they gave me their NXT address, and now I have to contact them again and bother them for a public key. :/

Jeff Berwick was interested and almost created an NXT account, but then, when I explained to also send me the second key, he said, 'I give up, thanks anyway'

Please, make it optional.
« Last Edit: September 21, 2014, 10:43:14 am by Marc De Mesel »
Logged

Sebastien256

  • Hero Member
  • *****
  • Karma: +169/-24
  • Offline Offline
  • Posts: 2823
  • ^LOOK UP^ = Nxt community!
    • View Profile
Re: This is going to severely hinder NXT adoption...
« Reply #10 on: September 20, 2014, 08:37:17 pm »

well, the public key is as easy to get as the Nxt account number. I think it is fairly easy. Just ask them to copy paste these two strings instead of only the  Nxt account number string. Both are on the main page of the client, plus the public key is in red, you can't miss it...
Logged
Please drop your ideas concerning Nxt and/or NRS in this topic -> List of feature request for Nxt and/or NRS (with the full list in OP).

rudeboi

  • Hero Member
  • *****
  • Karma: +55/-4
  • Offline Offline
  • Posts: 633
  • Nxt Organization Member
    • View Profile
Re: This is going to severely hinder NXT adoption...
« Reply #11 on: September 20, 2014, 10:41:43 pm »

How about the Nxt account and public key aren't treated as two separate things.

The new user just gets given a long account number (technically a combined account number + public key)

All exchanges and facuets don't then need the extra public key entry box.

Once the user receives the first payment, a message pops up saying "congratulations on funding your account, your Nxt account address has been shortened to..."

Someone should come up with a catchy name for the 'long' account number, if it needs to be referred to but essentially it is a initial temporary address
« Last Edit: September 20, 2014, 10:44:09 pm by rudeboi »
Logged
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

lucky88888

  • Hero Member
  • *****
  • Karma: +42/-14
  • Offline Offline
  • Posts: 694
  • NXT-E328-UJDF-KTGH-9C6YQ
    • View Profile
Re: This is going to severely hinder NXT adoption...
« Reply #12 on: September 20, 2014, 11:43:02 pm »

I personally believe this is going to severely hinder NXT adoption by the general public
- agree 100%.

We need to make that "must supply the recipient public key" feature optional as soon as possible.

this would be a great feature but only for limited time until asics are created specific for this attack.
they are making pub key announcement compulsory for this reason.

the precomputed attack will already have all the 64bit (no pubkey) nxt account before you even create them.
the fear is when you try to send nxt in the first time it will already be gone/hacked before you get a chance to make outgoing transaction to secure your account.
this is probably 5-20years into the future, we are just doing our due diligence to protect before mass adoption.

so i think the current solution is very important, i first didn't like it, until someone mentioned the above scenario.


this was designed like this by BCNext because;
it's the way how java works something technical about "long" address blablabla https://nxtforum.org/index.php?action=post;quote=71270;topic=3899.20
it's made on purpose by BCNext for specific reasons he already thought of.
I believe the 64-bit are chosen on purpose, balanced (storage vs. efficiency vs. security) solution for now, but not built for "eternity".

if anyone has better idea they should say it out loud.
Logged
NXT-E328-UJDF-KTGH-9C6YQ
8897013707391239174

abctc

  • Hero Member
  • *****
  • Karma: +148/-13
  • Offline Offline
  • Posts: 1396
    • View Profile
Re: This is going to severely hinder NXT adoption...
« Reply #13 on: September 22, 2014, 05:32:23 pm »

...
this is probably 5-20years into the future, we are just doing our due diligence to protect before mass adoption.
...
- this "feature" severely hinder NXT adoption now.

In 5-10 years Nxt will migrate to 128-bit RS account.
Logged
Welcome to the Nxt generation of crypto!   Magis quam Moneta (More than a Coin)
"Do not worry, it is an attack" (c) Jean-Luc

abctc

  • Hero Member
  • *****
  • Karma: +148/-13
  • Offline Offline
  • Posts: 1396
    • View Profile
Re: This is going to severely hinder NXT adoption...
« Reply #14 on: September 22, 2014, 05:51:49 pm »

How many posts like this do you need until you make the "you must supply the recipient public key also" feature optional ?
Logged
Welcome to the Nxt generation of crypto!   Magis quam Moneta (More than a Coin)
"Do not worry, it is an attack" (c) Jean-Luc

Peter2516

  • Hero Member
  • *****
  • Karma: +132/-27
  • Offline Offline
  • Posts: 1235
    • View Profile
Re: This is going to severely hinder NXT adoption...
« Reply #15 on: September 22, 2014, 07:24:26 pm »


well, the public key is as easy to get as the Nxt account number. I think it is fairly easy. Just ask them to copy paste these two strings instead of only the  Nxt account number string. Both are on the main page of the client, plus the public key is in red, you can't miss it...

+1

If people can't be bothered to read, and copy a second string once, maybe they shouldn't be involved in crypto at the moment.
Creating safe complex passwords, learning to use services like Lastpass, 2FA, keeping your pc free from trojans and keyloggers, etc is a lot more complicated than copying a public key once. Mainstream users should probably wait for online services and webwallets, insured 'cryptobanks' to take care of the complicated stuff.
Logged

websioux

  • Sr. Member
  • ****
  • Karma: +69/-1
  • Offline Offline
  • Posts: 343
  • Great changes grow bottom up
    • View Profile
    • Scriba.io the Blockchain Scribe
Re: This is going to severely hinder NXT adoption...
« Reply #16 on: September 24, 2014, 12:19:51 pm »

How about the Nxt account and public key aren't treated as two separate things.

Yes, that is idea.
Their is also the fact that there is some historical mistake in the client which suggest that the account is created once the passphrase is given.
It's not !
And clients should not mistaken people.
They are only in the middle of a two steps creation process as double optin email subscription processes.

After the passphrase is given, clients should only say (or say everywhere) :

Congratulation! Your PassPhrase is registered

One more step

To unlock your NXT account, there must be a transaction with your VIRGIN NXT address:

NXT-DDRE-DFSF-DSD-oiusd987sdg654aziopjhgfd654sdetg6sq54sdt6h5s4gdqd

Fund this adress first and come back here to gain full access to your secured NXT account.
Logged
Secret Miner <= communicate with style | NotBot <= timestamp digital docs

rudeboi

  • Hero Member
  • *****
  • Karma: +55/-4
  • Offline Offline
  • Posts: 633
  • Nxt Organization Member
    • View Profile
Re: This is going to severely hinder NXT adoption...
« Reply #17 on: September 24, 2014, 06:20:43 pm »


How about the Nxt account and public key aren't treated as two separate things.

Yes, that is idea.
Their is also the fact that there is some historical mistake in the client which suggest that the account is created once the passphrase is given.
It's not !
And clients should not mistaken people.
They are only in the middle of a two steps creation process as double optin email subscription processes.

After the passphrase is given, clients should only say (or say everywhere) :

Congratulation! Your PassPhrase is registered

One more step

To unlock your NXT account, there must be a transaction with your VIRGIN NXT address:

NXT-DDRE-DFSF-DSD-oiusd987sdg654aziopjhgfd654sdetg6sq54sdt6h5s4gdqd

Fund this adress first and come back here to gain full access to your secured NXT account.

I think this approach is the easiest for the user, exchanges and service providers. But the question is can it be implemented, technically speaking.
Logged
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬

coffeetime

  • Full Member
  • ***
  • Karma: +14/-1
  • Offline Offline
  • Posts: 217
    • View Profile
Re: This is going to severely hinder NXT adoption...
« Reply #18 on: September 24, 2014, 06:39:06 pm »

having to give public key on first transaction , for me is not a massive problem , it just needs explaining during set up of NXT

or am i missing something ? ,marc as for your friend saying cant be arsed now , thats just ridiculous imo 
« Last Edit: September 24, 2014, 06:41:21 pm by coffeetime »
Logged
NXT-XQ76-5XRL-EEEW-BHRCQ

rudeboi

  • Hero Member
  • *****
  • Karma: +55/-4
  • Offline Offline
  • Posts: 633
  • Nxt Organization Member
    • View Profile
Re: This is going to severely hinder NXT adoption...
« Reply #19 on: October 05, 2014, 12:58:10 am »

Easier new account set up (public key) - NO CHANGE TO CORE

New addresses are stated as
NXT-XXXX-XXXX-XXXX-XXXXX:p:jhbcww1ioucnsigxc568gtfrew7zoospsks

:p: is the separator that signifies a public key is attached

When copied and pasted into default Nxt client, the wallet just copies everything after :p: and populates the public key field. Only before the :p: gets submitted as the address to the core API.

Exactly the same needs to happen on any exchange, when copied into the browser the site splits the information to the correct inputs for the API.

I believe this is much easier for new users, Wesley has already made the UI process pretty slick by checking if the account has a public key, so the above should compliment and improve his method.

The other thing that would have to be done is to openly publish the standard of how NXT address separator attachments should be mapped when submitted to the API, this can then be shared with the main exchanges and 3rd party sites.

The main benefit is that this doesn't require changes to the core.

Bonus idea for merchants:

They don't need to create new address for each transaction, but instead just state the receiving address as:
NXT-XXXX-XXXX-XXXX-XXXXX:m:0001764

:m: is the separator that signifies a message (AM) is attached, this could be used by the merchant as order number or customer number. Exact same principle as above.
Logged
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬  ▄▀▀▀▀▀▀▀▀▄  ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬●  nimirum  ●▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
▬▬▬ ◖ENDING CENSORSHIP ONLINE◗  ◖ ICO OPEN NOW◗ ▬▬▬
 

elective-stereophonic
elective-stereophonic
assembly
assembly