elective-stereophonic
elective-stereophonic
ANN: Release of browser-encrypted wallet of NXTblocks singapore
Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest Nxt Client: Nxt 1.11.15

Pages: [1] 2 3 4  All

Author Topic: ANN: Release of browser-encrypted wallet of NXTblocks  (Read 9261 times)

antanst

  • Board Moderator
  • Full Member
  • ****
  • Karma: +36/-0
  • Offline Offline
  • Posts: 216
    • View Profile
    • nxtblocks.info
ANN: Release of browser-encrypted wallet of NXTblocks
« on: June 24, 2014, 04:39:03 pm »

We are pleased to announce the first version of our browser encrypted wallet.

https://nxtblocks.info

There will be a beta period for the first two weeks in order to iron out possible wallet bugs and polish it according to feedback.

* Key Characteristics:

- The wallet is browser-encrypted. We do not hold your keys, and we do not know your password.

- The encrypted wallets are backed up three times a day in off-site locations. The most recent 50 versions of each wallet are always kept.

- We've given huge emphasis to security. We don't include external Javascript code anywhere. The application requires a
  recent browser with cryptographic extensions (window.crypto). If your browser doesn't support those features, wallet functionality is disabled.

- We support Google two factor authentication for accessing your wallet.

* Initial features:

- Multiple account support. You can have up to 20 personal accounts, and up to 40 contacts.

- User-specified account support. You can specify your accounts' private keys and access them all from one place.

- Watch-only account support. You can add an account without entering its private key, for monitoring purposes.

- RS account support is the default account format. You can use the numeric account format as well.

- Account management: You can label your accounts to ease management. You can archive the accounts you do not use anymore to keep your wallet uncluttered.

- Contact management: Add accounts as contacts, label them, remove them, and get information about them with a single click.

- You can download your encrypted wallet for backup purposes. This is recommended whenever you add an account. In a few days we will release an offline decryption tool.

- Easily send funds: You can send NXT to one or more accounts at the same time.

- Integration with the Block Explorer: Get QR codes and information regarding every account you have in your wallet with a single click.

At this point, only send money transactions are supported. We'll be integrating more features in the near future, including AE trading directly from your browser.

We have also made some minor modifications regarding the design, icluding a new logo that combines design elements from the nice corporate design, but also enables us to keep a distinct tone. We also managed to acquire the twitter account @nxtblocks, so make sure you follow us there as well! https://twitter.com/nxtblocks

Feel free to inspect the wallet encryption/decryption code. The page loads the relevant code from a separate, on purpose unminified javascript file.
« Last Edit: June 24, 2014, 04:51:11 pm by antanst »
Logged

forkedchain

  • Ex-Staff Member
  • Hero Member
  • *****
  • Karma: +74/-10
  • Offline Offline
  • Posts: 1190
  • bite me
    • View Profile
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #1 on: June 24, 2014, 04:47:52 pm »

what do you mean you back up the wallets?  you say you dont know the passphrase.
Logged
NXT tips: 2319251 or NXT-8SWM-2224-YKWW-22222

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #2 on: June 24, 2014, 04:48:50 pm »

Looks pretty good.

Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #3 on: June 24, 2014, 04:50:15 pm »

what do you mean you back up the wallets?  you say you dont know the passphrase.

I guess it means the encrypted version of wallet is backed up. The wallet is encrypted on the client side in browser. One wallet can have many Nxt accounts.
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

antanst

  • Board Moderator
  • Full Member
  • ****
  • Karma: +36/-0
  • Offline Offline
  • Posts: 216
    • View Profile
    • nxtblocks.info
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #4 on: June 24, 2014, 04:50:47 pm »

what do you mean you back up the wallets?  you say you dont know the passphrase.

We don't. The encrypted wallets are backed up. Let me clarify this on the announcement as well, thanks.
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #5 on: June 24, 2014, 04:55:53 pm »

what do you mean you back up the wallets?  you say you dont know the passphrase.

We don't. The encrypted wallets are backed up. Let me clarify this on the announcement as well, thanks.

Is the signing done locally in the client side?
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

antanst

  • Board Moderator
  • Full Member
  • ****
  • Karma: +36/-0
  • Offline Offline
  • Posts: 216
    • View Profile
    • nxtblocks.info
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #6 on: June 24, 2014, 04:59:43 pm »

Is the signing done locally in the client side?

Yes. The transaction bytes are verified,signed and then broadcasted. The private keys don't leave the browser.
Logged

coretechs

  • Sr. Member
  • ****
  • Karma: +161/-1
  • Offline Offline
  • Posts: 435
    • View Profile
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #7 on: June 24, 2014, 05:22:52 pm »

The wallet looks great, nice work!
Logged
https://ardorportal.org - Ardor blockchain explorer | https://nxtportal.org - Nxt blockchain explorer | http://bitcoindoc.com - The Rise and Rise of Bitcoin
ARDOR-T43P-R2K9-8W79-9W2AL | NXT-WY9K-ZMTT-QQTT-3NBL7

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #8 on: June 24, 2014, 05:25:56 pm »

Is the signing done locally in the client side?

Yes. The transaction bytes are verified,signed and then broadcasted. The private keys don't leave the browser.

What happens if I enable 2FA and lose my phone later? I would like to see email confirmation to remove 2FA as my email already has 2FA enabled
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #9 on: June 24, 2014, 05:29:28 pm »

Is the signing done locally in the client side?

Yes. The transaction bytes are verified,signed and then broadcasted. The private keys don't leave the browser.

Does the user have to reenter the Nxt pass phrase for each outgoing transaction? (I hope not as that doesn't add anything to security and potentially exposes secret phrase to keyloger)
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

forkedchain

  • Ex-Staff Member
  • Hero Member
  • *****
  • Karma: +74/-10
  • Offline Offline
  • Posts: 1190
  • bite me
    • View Profile
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #10 on: June 24, 2014, 05:32:20 pm »

what do you mean you back up the wallets?  you say you dont know the passphrase.

We don't. The encrypted wallets are backed up. Let me clarify this on the announcement as well, thanks.


Logged
NXT tips: 2319251 or NXT-8SWM-2224-YKWW-22222

antanst

  • Board Moderator
  • Full Member
  • ****
  • Karma: +36/-0
  • Offline Offline
  • Posts: 216
    • View Profile
    • nxtblocks.info
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #11 on: June 24, 2014, 05:36:45 pm »

Does the user have to reenter the Nxt pass phrase for each outgoing transaction? (I hope not as that doesn't add anything to security and potentially exposes secret phrase to keyloger)

No, the passphrase is only used the first time when one opens the wallet. Although, if you have a keylogger on your system, you're probably already hosed...

What happens if I enable 2FA and lose my phone later? I would like to see email confirmation to remove 2FA as my email already has 2FA enabled

When you request a 2FA reset, we contact you in your verified email. This is why you have to verify your email before you enable 2FA.
Logged

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #12 on: June 24, 2014, 05:49:42 pm »

Problem: I tried adding one of my account, and the account that it gets is different from what I get in Wesley client (using the same passphrase)

In fact, the account it generates is this  NXT-23YP-M8H9-FA5W-5CX9B

which is an account with 0 balance and has apparently been hacked by a known hacker account account ( 4576541113110361188 ) according this thread  https://nextcoin.org/index.php?topic=4518.0


« Last Edit: June 24, 2014, 05:53:08 pm by Eadeqa »
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

antanst

  • Board Moderator
  • Full Member
  • ****
  • Karma: +36/-0
  • Offline Offline
  • Posts: 216
    • View Profile
    • nxtblocks.info
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #13 on: June 24, 2014, 06:02:39 pm »

Problem: I tried adding one of my account, and the account that it gets is different from what I get in Wesley client (using the same passphrase)

In fact, the account it generates is this NXT-23YP-M8H9-FA5W-5CX9B

which is an account with 0 balance and has apparently been hacked by a known hacker account account ( 4576541113110361188 ) according this thread  https://nextcoin.org/index.php?topic=4518.0

Are you sure you're using the same passphrase? We're using the same code as in Wesley's client for account generation, and the chances of randomly generating the same account from different passphrases are extremely low.
Logged

forkedchain

  • Ex-Staff Member
  • Hero Member
  • *****
  • Karma: +74/-10
  • Offline Offline
  • Posts: 1190
  • bite me
    • View Profile
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #14 on: June 24, 2014, 06:09:31 pm »

Problem: I tried adding one of my account, and the account that it gets is different from what I get in Wesley client (using the same passphrase)

In fact, the account it generates is this NXT-23YP-M8H9-FA5W-5CX9B

which is an account with 0 balance and has apparently been hacked by a known hacker account account ( 4576541113110361188 ) according this thread  https://nextcoin.org/index.php?topic=4518.0

Are you sure you're using the same passphrase? We're using the same code as in Wesley's client for account generation, and the chances of randomly generating the same account from different passphrases are extremely low.

I dont think that is what hes saying is happing; more likely there is some bug that whenever activated,  gives wrong accounts to wrong people.  which seems really really bad
Logged
NXT tips: 2319251 or NXT-8SWM-2224-YKWW-22222

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #15 on: June 24, 2014, 06:11:15 pm »

Are you sure you're using the same passphrase? We're using the same code as in Wesley's client for account generation, and the chances of randomly generating the same account from different passphrases are extremely low.

I wasn't generating an account. I was adding my own by entering (copy and paste) from lastpass secure note. When I clicked on continue, it got this account

NXT-23YP-M8H9-FA5W-5CX9B

Is that the account number for blank password? Can anyone check?

In any case, entering and removing a space fixed the problem.

Do not allow people to enter black password

Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #16 on: June 24, 2014, 06:12:31 pm »

I dont think that is what hes saying is happing; more likely there is some bug that whenever activated,  gives wrong accounts to wrong people.  which seems really really bad

It's not a bug. It just sometime doesn't see entered password if it's copy and pasted and probably just sees it as blank password

Solution: do not allow blank passwords
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

forkedchain

  • Ex-Staff Member
  • Hero Member
  • *****
  • Karma: +74/-10
  • Offline Offline
  • Posts: 1190
  • bite me
    • View Profile
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #17 on: June 24, 2014, 06:15:45 pm »

I dont think that is what hes saying is happing; more likely there is some bug that whenever activated,  gives wrong accounts to wrong people.  which seems really really bad

It's not a bug. It just sometime doesn't see entered password if it's copy and pasted and probably just sees it as blank password

Solution: do not allow blank passwords

ive seen this happen before, with a bluecoat SSL firewall,  it was giving incorrrect sessions to people, who then had access to other peoples web accounts on whatever servers were being utilized
Logged
NXT tips: 2319251 or NXT-8SWM-2224-YKWW-22222

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #18 on: June 24, 2014, 06:17:34 pm »

Another problem: I can enter 12345678 as a secret phrase for new account

Please enforce stricter rules for secret phrase. It must be over 16 char long, just as you enforce stricter rules for encryption password
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

antanst

  • Board Moderator
  • Full Member
  • ****
  • Karma: +36/-0
  • Offline Offline
  • Posts: 216
    • View Profile
    • nxtblocks.info
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #19 on: June 24, 2014, 06:21:42 pm »

It's not a bug. It just sometime doesn't see entered password if it's copy and pasted and probably just sees it as blank password

Solution: do not allow blank passwords

This account is indeed the account you get with a blank password. We've never stumbled in a copy paste problem, but you're right we should disallow blank passwords in any case. Thanks for the feedback!

Please enforce stricter rule secret phrases for. It must be over 16 char long, just as you enforce stricter rules for encryption passwordd

We want to let users add their accounts they have despite them not being totally secure, like in the default client. A warning is a good idea though, we'll definitely include one in the next version.
Logged
Pages: [1] 2 3 4  All
 

elective-stereophonic
elective-stereophonic
assembly
assembly