elective-stereophonic
elective-stereophonic
ANN: Release of browser-encrypted wallet of NXTblocks singapore
Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest Stable Nxt Client: Nxt 1.12.2

Pages: 1 [2] 3 4  All

Author Topic: ANN: Release of browser-encrypted wallet of NXTblocks  (Read 16803 times)

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #20 on: June 24, 2014, 06:24:28 pm »

If correctly implemented, it has potential to be safer and easier to use than Wesley client. for most users.

(1) There is online backup for wallet
(2) More than one account
(2) 2FA can protect encrypted backup against keyloggers
(3) Not entering secret phrase every time for Nxt account can be safer too (against key loggers).
(4) No Java/blochairn and installation problems
« Last Edit: June 24, 2014, 06:28:10 pm by Eadeqa »
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #21 on: June 24, 2014, 06:26:49 pm »

We want to let users add their accounts they have despite them not being totally secure, like in the default client. A warning is a good idea though, we'll definitely include one in the next version.

I don't think so. Users with Nxt secret phrases smaller than 16 char should just move to new account and transfer their funds to it.

I still say enforce stricter rules on Nxt account. "12345678" should not be acceptable password
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

antanst

  • Board Moderator
  • Full Member
  • ****
  • Karma: +36/-0
  • Offline Offline
  • Posts: 216
    • View Profile
    • nxtblocks.info
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #22 on: June 24, 2014, 06:44:08 pm »

We have disallowed blank passwords.

We want to let users add their accounts they have despite them not being totally secure, like in the default client. A warning is a good idea though, we'll definitely include one in the next version.

I don't think so. Users with Nxt secret phrases smaller than 16 char should just move to new account and transfer their funds to it.

I still say enforce stricter rules on Nxt account. "12345678" should not be acceptable password

You have a point here, it's a usability/security tradeoff we're going to have to consider. We'll add a warning in the next version for sure, but we'll wait for some more feedback before completely disallowing weak passwords.
Logged

LiQio

  • Hero Member
  • *****
  • Karma: +50/-5
  • Offline Offline
  • Posts: 672
    • View Profile
    • NxtLoader for Windows
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #23 on: June 24, 2014, 07:03:35 pm »

Great work antanst - nice, fast, perfect ice-breaker - thank you very much!

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #24 on: June 24, 2014, 07:30:50 pm »

Bug: If try to send money, the destination account can be only 20 char long

RS accounts are longer than that.
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

HolgerD77

  • Sr. Member
  • ****
  • Karma: +49/-0
  • Offline Offline
  • Posts: 299
    • View Profile
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #25 on: June 24, 2014, 07:47:36 pm »

Great work, very happy to finally have a NXT wallet for my smartphone! :-)
Logged
NXT-AQ9F-JC4F-NCM2-4JSXZ

antanst

  • Board Moderator
  • Full Member
  • ****
  • Karma: +36/-0
  • Offline Offline
  • Posts: 216
    • View Profile
    • nxtblocks.info
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #26 on: June 24, 2014, 07:54:59 pm »

Bug: If try to send money, the destination account can be only 20 char long

RS accounts are longer than that.

Confirmed. We'll fix it first thing tomorrow. Your feedback is greatly appreciated.

Great work antanst - nice, fast, perfect ice-breaker - thank you very much!

You're welcome!
Logged

allwelder

  • Hero Member
  • *****
  • Karma: +196/-13
  • Offline Offline
  • Posts: 1867
  • NxtChina.org
    • View Profile
    • NxtChina.org
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #27 on: June 25, 2014, 12:03:08 am »

great,the wallet is online.
the wallet is onchain like blockchain.info?
Logged
NxtChina |Weibo |Twitter Donation welcomed:NXT-APL9-66GU-K8LY-B3JJJ

joefox

  • Hero Member
  • *****
  • Karma: +62/-1
  • Offline Offline
  • Posts: 522
    • View Profile
    • The Nxt Wiki
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #28 on: June 25, 2014, 01:24:26 am »

Congratulations!

I've been taking this for a spin and you've done a terrific job.  It's a "thorough" experience with a workflow that will be familiar to anyone who has a QT-style wallet from another crypto.  The 2FA, wallet download, and wallet identifier components are *excellent*.

Bravo!  Can't wait to see additional features (Nxt AE!)
Logged
GPG Key Id: 0x94A521DA613CAE76 | BitMessage BM-NBzUURL9jLagPALxCpxYDaMVe9E3965u
Nxt Wiki: http://wiki.nxtcrypto.org/
Tips: NXT-DBDW-STA8-ARBE-6JRPA

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #29 on: June 25, 2014, 02:20:41 am »

I've been taking this for a spin and you've done a terrific job.  It's a "thorough" experience with a workflow that will be familiar to anyone who has a QT-style wallet from another crypto.  The 2FA, wallet download, and wallet identifier components are *excellent*.

I think they could have simplified it even more by not requiring wallet identifier. The encryption password itself could have been used as wallet identifier.

For example,

Encryption Key = Hash (password)

for 1 to 100000
  Key = Hash (Key)

Key would encrypt the wallet and  and wallet identifier then would be = Hash (Key) one more time




Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

joefox

  • Hero Member
  • *****
  • Karma: +62/-1
  • Offline Offline
  • Posts: 522
    • View Profile
    • The Nxt Wiki
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #30 on: June 25, 2014, 02:42:05 am »

I think they could have simplified it even more by not requiring wallet identifier. The encryption password itself could have been used as wallet identifier.

I don't disagree.  But there's something *reassuring* about the use of the identifier because:
  • it is simpler/more readable than the encryption password (or the hash of that password)
  • it's a clean, "password-like entity" that is NOT your encryption password AND that can be used for other purposes, like resetting 2FA -- so it can be exposed to the network without compromising your wallet

The big bonus is a psychological feeling of security... mixed with clear attention towards usability.
Logged
GPG Key Id: 0x94A521DA613CAE76 | BitMessage BM-NBzUURL9jLagPALxCpxYDaMVe9E3965u
Nxt Wiki: http://wiki.nxtcrypto.org/
Tips: NXT-DBDW-STA8-ARBE-6JRPA

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #31 on: June 25, 2014, 02:52:33 am »

I think they could have simplified it even more by not requiring wallet identifier. The encryption password itself could have been used as wallet identifier.

I don't disagree.  But there's something *reassuring* about the use of the identifier because:
  • it is simpler/more readable than the encryption password (or the hash of that password)
  • it's a clean, "password-like entity" that is NOT your encryption password AND that can be used for other purposes, like resetting 2FA -- so it can be exposed to the network without compromising your wallet

The big bonus is a psychological feeling of security... mixed with clear attention towards usability.

Yes, they did good a pretty good job. Now they need to add the rest of the features (messaging, aliases, asset exchange, etc)

Can it be released as stand alone plugin/extension? 




Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

CryptKeeper

  • Hero Member
  • *****
  • Karma: +78/-5
  • Offline Offline
  • Posts: 1235
    • View Profile
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #32 on: June 25, 2014, 06:45:29 am »


We have disallowed blank passwords.

We want to let users add their accounts they have despite them not being totally secure, like in the default client. A warning is a good idea though, we'll definitely include one in the next version.

I don't think so. Users with Nxt secret phrases smaller than 16 char should just move to new account and transfer their funds to it.

I still say enforce stricter rules on Nxt account. "12345678" should not be acceptable password

You have a point here, it's a usability/security tradeoff we're going to have to consider. We'll add a warning in the next version for sure, but we'll wait for some more feedback before completely disallowing weak passwords.

I second eadeqa's opinion here, strong passwords are a must have.
Logged
Follow me on twitter for the latest news on bitcoin and altcoins!
Vanity Accounts Sale :-)

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #33 on: June 25, 2014, 06:47:41 am »

I second eadeqa's opinion here, strong passwords are a must have.

At least they should enforce it by default and let the user disable that enforcement optionally in the setting . Both sides happy
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #34 on: June 25, 2014, 06:52:09 am »

If someone wants a free add for  nxtblocks on Wikipedia, add it here

https://en.wikipedia.org/wiki/Google_Authenticator#Usage

Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

antanst

  • Board Moderator
  • Full Member
  • ****
  • Karma: +36/-0
  • Offline Offline
  • Posts: 216
    • View Profile
    • nxtblocks.info
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #35 on: June 25, 2014, 08:14:17 am »

The send-to-custom-RS-account bug has been fixed.

Regarding the derivation of the wallet identifier from the user's passphrase, initially we gave this a thought as well. We thought about using an additional 20,000 rounds of PBKDF2 or so to derive the identifier from the user's passphrase. In the end, however, we decided that it's better to leave those two separate for security and other reasons, like the ones JoeFox outlines.

Regarding the password strength, I want to make it clear that we use strong passwords everywhere (256 bit keys when automatically creating NXT accounts), and that the tradeoff we are discussing only concerns the NXT account creation with manual password specification.
Logged

abctc

  • Hero Member
  • *****
  • Karma: +148/-13
  • Offline Offline
  • Posts: 1396
    • View Profile
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #36 on: June 25, 2014, 08:17:55 am »

We are pleased to announce the first version of our browser encrypted wallet.
- its HUGE!
Russian translation of the OP posted here.
Logged
Welcome to the Nxt generation of crypto!   Magis quam Moneta (More than a Coin)
"Do not worry, it is an attack" (c) Jean-Luc

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #37 on: June 25, 2014, 10:16:38 am »

The send-to-custom-RS-account bug has been fixed.

Regarding the derivation of the wallet identifier from the user's passphrase, initially we gave this a thought as well. We thought about using an additional 20,000 rounds of PBKDF2 or so to derive the identifier from the user's passphrase. In the end, however, we decided that it's better to leave those two separate for security and other reasons, like the ones JoeFox outlines.

Regarding the password strength, I want to make it clear that we use strong passwords everywhere (256 bit keys when automatically creating NXT accounts), and that the tradeoff we are discussing only concerns the NXT account creation with manual password specification.

Yes, and looks like you also fixed blank account bug. 
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

Eadeqa

  • Hero Member
  • *****
  • Karma: +83/-68
  • Offline Offline
  • Posts: 1888
    • View Profile
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #38 on: June 25, 2014, 10:24:11 am »

Another serious bug.

I sent some Nxt (less than 10)  to to deliberately mistyped RS account (I changed just one char -- from 3 to 2).  Instead of catching the error, the wallet sent the nxt to some total random  account. (that doesn't have a public key)


« Last Edit: June 25, 2014, 10:27:45 am by Eadeqa »
Logged
NXT-GZYP-FMRT-FQ9K-3YQGS

antanst

  • Board Moderator
  • Full Member
  • ****
  • Karma: +36/-0
  • Offline Offline
  • Posts: 216
    • View Profile
    • nxtblocks.info
Re: ANN: Release of browser-encrypted wallet of NXTblocks
« Reply #39 on: June 25, 2014, 10:40:22 am »

Another serious bug.

I sent some Nxt (less than 10)  to to deliberately mistyped RS account (I changed just one char -- from 3 to 2).  Instead of catching the error, the wallet sent the nxt to some total random  account. (that doesn't have a public key)

Confirmed.

This feature needs some more work. For the time being, we've disabled sending to custom RS accounts (sending to numeric accounts works ok, as is sending to accounts already on the wallet.)

Please send me a PM with your NXT address, we'll compensate you for those NXT and with a bonus as well for your testing so far :-)
Logged
Pages: 1 [2] 3 4  All
 

elective-stereophonic
elective-stereophonic
assembly
assembly