elective-stereophonic
elective-stereophonic
Show Posts - v39453  
Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest Stable Nxt Client: Nxt 1.12.2

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - v39453

Pages: 1 ... 6 7 [8]
141
Nxt General Discussion / Re: Privacy for business and customers
« on: April 13, 2014, 11:32:06 am »
Quote
So to accept user payments I have to store the master key of all my funds somewhere in the code of my site. Don't you think it is a huge security hole?

You can move coins to a safe address after receiving payment.

Quote
The other problem is that clients can't be sure that they pay the right account. What for aliases then if  Ican't use them ?

You can use a well-known payment address, it just means that anybody can see how many coins you are receiving by using a block explorer.

142
Nxt General Discussion / Re: Privacy for business and customers
« on: April 12, 2014, 08:08:52 pm »
Page http://wiki.nxtcrypto.org/wiki/How-To:Automate_Nxt_for_your_website recommends using for example MasterSecret + userId as user's key.
 

143
Hmmm, the wheels are turning... if I can write a transaction to the blockchain, is there a place to write what I want in it? I there is a free form field of any kind, I could put info in a nice tight format and just parse it out in the client.

A Nxt arbitrary message is a free form field. You can put any data you want there. This data gets propagated to every node in the network. You can add your own prefix to your message to separate it from the other messages in the network.

144
Nxt General Discussion / Re: Privacy for business and customers
« on: April 12, 2014, 10:15:22 am »
Hi,
I'm really interested in using NXT for my online store but there is a problem.

As a business owner I want:
1. accept payments from my clients online
2. hide my balance and transactions from competitors
3. protect the client so that their purchases can't be tracked (or hard to be tracked) by 3d party

As a customer I want
1. an ability to somehow verify the target of my payment.
2. more privacy. I'm not sure if possible but need to hide account balance.



Thanks
Mikhail




Is it possible with NXT?

Thanks
Mikhail

At the moment the best way to do this is to generate a new payment address for each purchase. As in Bitcoin, transactions can be tracked, but is not easy because real identities of the accounts are not known. There have also been ideas for more privacy in Nxt.

Somebody correct me if I'm wrong.

145
I am a bit confused about exactly who, if anyone, is working on making the framework for a store to run on the blockchain, and what that work entails if it is being done.

This is Anon's thread, but I can say that at least the basic idea is not complicated, and doesn't necessarily need any framework. You can consider the blockchain your program's database. You write to that database using Send Message from the Nxt API.


146
I would like to look into helping with this.  Where would I find information about how to build something on top of the NXT blockchain?
I've started looking into the NXT API, but that seems to be more about access information from NXT nodes.

Thank you for any help

You can use the 'send message' call from the Nxt API for user-to-user communication and broadcasting messages. If you don't encrypt, messages are readable by everybody.

You can find an example workflow from BCNext in the thread I linked to earlier.

To send an encrypted message to somebody you can use the 'get shared secret' call from the Nxt source code and encrypting with AES. There is no API call for this, but I have tested it in Java, and it seems to work.

147
Quote
I would very much welcome such a client. In fact I see here a use case which might be even superior to the one of the AE!

The AE works for items that are sold and re-sold, such as stocks, cars or houses. Running a mail-order business by using the AE will probably not be a typical use case.

Quote
As you describe it, wouldnt that be somehow related to the Digital Goods Store CfB is developing?

I don't know, I'll study the DGS when it is released. I don't intend to compete with that or with Anon's system. If they work well, I don't need to continue with my idea. But having stores on the blockchain might be a killer app for Nxt, that's why I'm thinking about it.

Quote
So as my understanding goes, you would propose to develop a specific client for the Digital Goods Store?

No, it would be just an application program that works on top of the Nxt blockchain.

148
I am also offering a bounty for a service like this.

My thoughts on how it should work in this thread: https://bitcointalk.org/index.php?topic=317607.msg5699472#msg5699472

But I think it shouldn't be a web application. The user should run it on his local machine for added privacy.

My proposal also includes encrypting messages with the marketplace password, which also acts as the name for the marketplace.

I am building a prototype, which works as a command line program. But I'm also offering a bounty for somebody to implement it with a real GUI.




So as far as I understand it this would be an anonymous marketplace?

About local client vs. web based client:
Lets assume you are living in a country where buying oranges is forbidden. But you do like to buy oranges over the anonymous marketplace. Unfortunately your parcel with the oranges got intercepted by the police. The police is searching your computer and finds this client. Would this make you look better in front of the Judge? Probably not. I would recommend to have the client webbased. Reachable through Tor.

Yes, it would be an anonymous marketplace.

Having the program installed should be completely legal, as well as developing the software. If somebody were to use it to set up an illegal orange marketplace, I would have no way of knowing because all messages are encrypted.

A web server, even if hidden, has an owner who can be attacked legally or technically.  A blockchain has no owner. You can also run Nxt using Tor. In this case there would be four layers of security: knowing the existence of the marketplace, encryption of messages, blockchain, and Tor.

149
Arbitrary Messages / Re: Encrypted Messages
« on: April 08, 2014, 06:00:41 pm »
Are you saying that we have to justify using Java SE by finding a peer reviewed paper for it?
Who will investigate the backgrounds of the researchers who did the peer review?

Here's my answer: using AES would just mean using Java's AES function instead of another function which is not meant to be used for encryption.

150
Arbitrary Messages / Re: Encrypted Messages
« on: April 08, 2014, 04:12:40 pm »
Quote
So client devs should make their own decision about what algo they want to use.

Different clients would need to be able to read each others messages. I understand the messages will have a prefix. Can't different algorithms have different prefixes? (I would use AES if it is available.)

151
Quote
so my problem with this is that its simply too limiting. 900 characters that is. i thought it would be nice to do it like ebay.

Maybe more than one message could be used to store the product description, but I'll start with the limited version because it is easier to implement.

Quote
second is that we are trying to get censorship resistance and torrents are more censorship resistant than web-servers.

I'll have the initial version store everything on the blockchain, so there will not be images at all.

Quote
also i like the idea of, instead of prefixing the message with a "flag" telling everyone that its part of your store, encrypting it with the name of your store. any idea about how the cost in storage space would compare between these two methods?

There is both a prefix and encryption. The prefix adds some bytes but allows easier message lookup.

Encryption key is the name of your store. You can name your store 'Ebay' or you can name it 'Ebay_pguowjfgiue7357ughgdigjeuu87' if you want to keep outsiders out.


152
Arbitrary Messages / Re: Encrypted Messages
« on: April 07, 2014, 09:55:34 am »
I'm not an expert, but I'm a little worried if xor is used to encrypt messages. To use xor you need a key - with true randomness - as long as the message. I don't think it matters what extra steps you add if you don't have that.

Like I said I'm not an expert, but I remember reading that xor is one of the things that does not work.

XoredData satisfies these conditions. Pay attention that it's a little bit different from https://nextcoin.org/index.php?topic=727.0

Well, I am not qualified to say if it works or not. Let me just say this: if it doesn't implement a well-known method of doing the encryption, it at least raises the question of being secure.

For the record, I just use AES.

153
Quote
i am of the mind that we should have both a web app and a program that runs locally. i thought the web app would be nice to do first because it would be simpler and more accessible to ordinary people.

That's true, but i would prefer a local program for security and privacy.

Quote
how were you planning on dealing with the space restrictions on the blockchain? my idea was just to have people post a magnet link to a torrent on the blockchain.

Product descriptions should be limited to about 900 characters. If images are needed, only a link should be stored on the blockchain. Everything except images is on the blockchain.


154
Arbitrary Messages / Re: Encrypted Messages
« on: April 07, 2014, 09:05:04 am »
I'm not an expert, but I'm a little worried if xor is used to encrypt messages. To use xor you need a key - with true randomness - as long as the message. I don't think it matters what extra steps you add if you don't have that.

Like I said I'm not an expert, but I remember reading that xor is one of the things that does not work.

155
I am also offering a bounty for a service like this.

My thoughts on how it should work in this thread: https://bitcointalk.org/index.php?topic=317607.msg5699472#msg5699472

But I think it shouldn't be a web application. The user should run it on his local machine for added privacy.

My proposal also includes encrypting messages with the marketplace password, which also acts as the name for the marketplace.

I am building a prototype, which works as a command line program. But I'm also offering a bounty for somebody to implement it with a real GUI.


Pages: 1 ... 6 7 [8]
elective-stereophonic
elective-stereophonic
assembly
assembly