MaidSafe Dev Update - 19th July 2016

This stuff needs to be very secure. So when you create an account you want as much security as possible. They now use up to 16mb. of ram to do the whole thing. If I get this right this is what happens:

• Password 1
• Password 2
• Derive PIN from the 2 (this is derived from the hashes of both, so it’s like a random number)

A personal files is created and encrypted with both self_encryption and the PIN. So here’s the deal: You can’t request random tries from the network in the hope to get a personal file and after getting it, try to guess the password. To find your personal packet you need to know both passwords, and that’s only to find the packet!

So, if someone wants to guess account details, like the 2 passwords they can’t start with finding 1 and next try to find 2. You need to have them both correct at once, otherwise you fail. So try to find an account with these details:

&&Teslabananafans89
@@potatochipsarecool89

Well, you did find it as I posted it. But to get both right as a guess is almost impossible without a keylogger.

So why on earth would anyone want to choose a different way? This is thought out and discussed in detail and is very secure. The idea is you only need 2 passwords like these above and for the rest you can sign whatever you want without remembering more passwords.

I suggest to not use numbers at the end. Usual schemes are used to drop the entropy such as using capital letters in the beginning, and numbers at the end. Statistical searches are used to dramatically reduce the cracking time.
Even proper usage of grammar could be used to reduce entropy.

It’s exactly as impossible as the single password “&&Teslabananafans89 @@potatochipsarecool89”.

The tradeoff is between entropy and ease of remembering, and it’s arguably easier to remember an extra word or two in a meaningful (to you) sentence than to remember how exactly you broke your grammar.

Isn’t it a user interface thing though? If you fork the Launcher and decide you want to store your account details in a clear text SD block, I believe you are free to do so (if clear text SD blocks are still a thing, that is; I can’t remember).

I honestly don’t like the idea of having one passphase.

It should be username / passphase.

Then for extra feature on security, do sms/email/bitmessage pin number. Once it logs in, it should get verification number from sms/email/bitmesasage.

It really needs the added security.

I think keyword and password will be manageable for most and that they’ll understand that it keeps their data extra secure

Where would that verification number come from though? We don’t have anybody with access to the account details, like in a server based environment…

Really is a whole new way of thinking and designing, isn’t it

Decentralized Autonomous Computer in the network?

Each computer allocate it’s resources in the network to do computing calculations. Like gridcoin mixed with ethereum.

It’s not that there is no server that can do the computations, but that account information is not stored the way that server based systems use. The notification thing doesn’t seem to fit into the whole “logging into your data” concept that the SAFE network is about: you alone know enough about your account to generate a verification number, but at that point it becomes kinda useless, doesn’t it?