MaidSafe Dev Update - 19th July 2016

Yes, this is being addressed in the demo app itself. So there will be a slight change to user experience there, but it should resolve that issue of a single action doing everything at once.

12 Likes

Thanks Maidsafe devs for another cool update. It’s fun to keep testing the network like this…

Keep up the good work and that’s also for the hard working ants in this community :stuck_out_tongue:
We’re getting closer and closer, but patience is important and rewarding

4 Likes

BIP39 is cute (in a “let’s introduce more complexity, maybe it works better that way” kind of sense) but it’s simply not feasible to remember a long and meaningless string of random words, so I hope we’ll have a better solution, e.g. a simple password strength meter (may I suggest zxcvbn.) Also, I love my 17-word custom made passphreses :joy_cat:

3 Likes

The ability to manually delete multiple files is kinda important too :wink:

4 Likes

Your seeing issues with the current one?

BIP39 is good for secrets that need a known degree of security.

When you can easily change your password (eg most web services), this isn’t quite so important.

But with safe, it’s not easy to change. You set it once and that’s pretty-much the end of it.

So if you realize three years later that you picked a bit of a crappy credential, too bad!

This is the only reason I think bip39 is appropriate for credentials. In this case ‘your data in safe’ is essentially the same as ‘your money in bitcoin’ and safe credentials should be treated as such. Maybe I’m too extreme about the value of data?!

@mav

So if you realize three years later that you picked a bit of a crappy credential, too bad!

No, you will be able to change credentials. I don’t have a reference but am sure MaidSafe have said this will be possible.

5 Likes

Why should one not be able to change them if one
can provide the valid credentials to the mechanism ?

1 Like

Yes I think that was suggested and David even hinted at cracking tools being supplied for those who know most of their phrase and forgot say a couple of digits/letters.

17 word. I guess something like :stuck_out_tongue_closed_eyes:

I love my little pussy cat that purrs all day and sleeps on the sofa curled up

or

This passphrase has to be seventeen words long just to keep up my record breaking passphrases intact

:stuck_out_tongue_closed_eyes:

2 Likes

Cool that more password methods are being looked into. But I just ended up combining my password with my passphrase to mess around in Test6. It felt really nice having such a long password; and out of my own intuition, too. But for where everyone is concerned, including completely new players in the human race (youngsters, etc., basically), having 2 (instead of 3) pass codes individually is likely the way to go.

Yet, I still somewhat feel like there’s not much of a problem with having to use such a long password. Maybe initially people signing up could be guided to two separate passwords/passphrases to use—this gets two different parts of the brain thinking—and then basically once they’re all registered and ready to sign in: switch those two words/phrases to just one, long, strong, durable, insane password (guide them to realize that the two entries they used to register must be used together now, with no space in between, or something). People will feel accomplished and glad at this experience of “doubling down” on durability, in my opinion; just as I have, just out of coincidence perhaps. Just my thoughts. A bit weird only regarding how people will Assume the two phrases need to be combined… and regarding probably some coding hurdle.

4 Likes

Does this mean that alpha will be launched before data persistence (no loss of data) is guaranteed?

1 Like

Yes. They don’t know yet when data persistence will happen.

Best not to expect it until beta or release candidates

4 Likes

BIP39 is just a representation of a binary string with the assumption that remembering a random string of words is easier than remembering a random string of letters. However, for any levels of significant entropy, they both are similarly “impossible” to remember (and painful to type).

A BIP39 word is 11 bits, a letter from the [A-Za-z0-9] set is a little over 5.95 bits, so requesting a BIP39 word instead of 2 alphanumeric characters is not any better, just more complicated.

Also, I don’t see why I should type 12 random words (for 132 bit entropy) when I can come up with something more secure (larger vocabulary, numerics, punctuation, UTF-8 characters, capitals, etc.) in passphrase of 8-9 words that I can actually remember. Zxcvbn can measure password strength pretty well, so I don’t see why should we both restrict our choices and complicate our implementation for no additional benefit.

3 Likes

Main benefit of using words is that if you store a backup on paper and then aging/water damage etc. destroys a part of the letters it can be recovered just by knowing the language and the remaining letters. This is the reason it is commonly used in bitcoin paper wallets.

1 Like

… and that is a completely different use case from day-to-day password entry.

As for paper wallets, it’s better to store multiple copies at different places (secured by a passphrase, obviously).

1 Like

Quick question. Maybe this has been addressed elsewhere, so sorry if it has. With all these test being “taken down” it appears there is central control. So if that is part of the design, what is to prevent the entire network from being taken down after it is launched and running and everyone has data populated out there? Also with code updates to the network, clients, etc… who manages that, and what will prevent rogue code from being inserted in an update?

It seems that anything with a central control mechanism is susceptible to compromise.

Thanks!

2 Likes

i wanted to do the same question, if there will be central control this will not be successfull as we hope…

I’m a liar. My “master password” is a nonsensical, yet grammatically correct, sentence of only 8 words, properly punctuated, and it also includes multiple proper nouns. It’s stupid simple to remember, yet nearly impossible to guess (gauged at over 160 bits by zxcvbn.)

1 Like

The only reason it goes down is because everyone shuts down there vaults eventually. They’ve seen in past test nets where the network stayed “alive” after Maidsafe shut down there 100 nodes they had running. Once this suckers cooking and vaults are running, it won’t be going down. They are however still looking at measures to combat such an event.

They are dotting, x’ing and whatever’ing all scenarios! :slight_smile:

4 Likes

In addition to what @upstate said

Each test has new software and the current software ignores any packets from a previous version. This means that if people are using say test5 then they will be on a different network to those using test 6 software.

It requires people to use the new software. If everyone continued with test5 software then test5 would be still up and running. But people turned off all their test5 programs and started using test6. So test5 network died and all the data it contained.

I suppose its like other projects where forks occur and people running the nodes have to start running the new node software for the fork to take hold.

It would require enough people to stop running their nodes and not enough space to store the data.

In the Live network the protocol/software will be written to allow different versions to continue running together. Obviously there will be a limit on how old your vault/node software can be in order to still be recognised. So as long as most people upgrade in a reasonable time the network will just keep humming along.

4 Likes