MaidSafe Dev Update - 19th July 2016

Yes I think that was suggested and David even hinted at cracking tools being supplied for those who know most of their phrase and forgot say a couple of digits/letters.

17 word. I guess something like :stuck_out_tongue_closed_eyes:

I love my little pussy cat that purrs all day and sleeps on the sofa curled up

or

This passphrase has to be seventeen words long just to keep up my record breaking passphrases intact

:stuck_out_tongue_closed_eyes:

2 Likes

Cool that more password methods are being looked into. But I just ended up combining my password with my passphrase to mess around in Test6. It felt really nice having such a long password; and out of my own intuition, too. But for where everyone is concerned, including completely new players in the human race (youngsters, etc., basically), having 2 (instead of 3) pass codes individually is likely the way to go.

Yet, I still somewhat feel like there’s not much of a problem with having to use such a long password. Maybe initially people signing up could be guided to two separate passwords/passphrases to use—this gets two different parts of the brain thinking—and then basically once they’re all registered and ready to sign in: switch those two words/phrases to just one, long, strong, durable, insane password (guide them to realize that the two entries they used to register must be used together now, with no space in between, or something). People will feel accomplished and glad at this experience of “doubling down” on durability, in my opinion; just as I have, just out of coincidence perhaps. Just my thoughts. A bit weird only regarding how people will Assume the two phrases need to be combined… and regarding probably some coding hurdle.

4 Likes

Does this mean that alpha will be launched before data persistence (no loss of data) is guaranteed?

1 Like

Yes. They don’t know yet when data persistence will happen.

Best not to expect it until beta or release candidates

4 Likes

BIP39 is just a representation of a binary string with the assumption that remembering a random string of words is easier than remembering a random string of letters. However, for any levels of significant entropy, they both are similarly “impossible” to remember (and painful to type).

A BIP39 word is 11 bits, a letter from the [A-Za-z0-9] set is a little over 5.95 bits, so requesting a BIP39 word instead of 2 alphanumeric characters is not any better, just more complicated.

Also, I don’t see why I should type 12 random words (for 132 bit entropy) when I can come up with something more secure (larger vocabulary, numerics, punctuation, UTF-8 characters, capitals, etc.) in passphrase of 8-9 words that I can actually remember. Zxcvbn can measure password strength pretty well, so I don’t see why should we both restrict our choices and complicate our implementation for no additional benefit.

3 Likes

Main benefit of using words is that if you store a backup on paper and then aging/water damage etc. destroys a part of the letters it can be recovered just by knowing the language and the remaining letters. This is the reason it is commonly used in bitcoin paper wallets.

1 Like

… and that is a completely different use case from day-to-day password entry.

As for paper wallets, it’s better to store multiple copies at different places (secured by a passphrase, obviously).

1 Like

Quick question. Maybe this has been addressed elsewhere, so sorry if it has. With all these test being “taken down” it appears there is central control. So if that is part of the design, what is to prevent the entire network from being taken down after it is launched and running and everyone has data populated out there? Also with code updates to the network, clients, etc… who manages that, and what will prevent rogue code from being inserted in an update?

It seems that anything with a central control mechanism is susceptible to compromise.

Thanks!

2 Likes

i wanted to do the same question, if there will be central control this will not be successfull as we hope…

I’m a liar. My “master password” is a nonsensical, yet grammatically correct, sentence of only 8 words, properly punctuated, and it also includes multiple proper nouns. It’s stupid simple to remember, yet nearly impossible to guess (gauged at over 160 bits by zxcvbn.)

1 Like

The only reason it goes down is because everyone shuts down there vaults eventually. They’ve seen in past test nets where the network stayed “alive” after Maidsafe shut down there 100 nodes they had running. Once this suckers cooking and vaults are running, it won’t be going down. They are however still looking at measures to combat such an event.

They are dotting, x’ing and whatever’ing all scenarios! :slight_smile:

4 Likes

In addition to what @upstate said

Each test has new software and the current software ignores any packets from a previous version. This means that if people are using say test5 then they will be on a different network to those using test 6 software.

It requires people to use the new software. If everyone continued with test5 software then test5 would be still up and running. But people turned off all their test5 programs and started using test6. So test5 network died and all the data it contained.

I suppose its like other projects where forks occur and people running the nodes have to start running the new node software for the fork to take hold.

It would require enough people to stop running their nodes and not enough space to store the data.

In the Live network the protocol/software will be written to allow different versions to continue running together. Obviously there will be a limit on how old your vault/node software can be in order to still be recognised. So as long as most people upgrade in a reasonable time the network will just keep humming along.

4 Likes

So data I deposit is lost if the software gets updated? That seems like a bad idea. I would think the data deposited would be agnostic to the tools used to deposit and retrieve the data. Or it needs to auto migrate to the new version. If I spend time putting things on the network, only to have a new version come out a month later, and I have to re upload everything…

1 Like

Updates will be supported once the network seems to work as hoped. Perhaps even before that, but currently the focus is to get basic functionality working.

These are called tests for a reason (not even alpha).

6 Likes

Data gets lost only if the update ignores the previous versions packets and
the users of the previous network decide to switch off in sufficient numbers .

Otherwise part or the entire network could co-exist , given enough persistence .

The more nodes go online & stay online the greater the likelihood of persistence .
Once we go alpha/beta , thousands of nodes will create a stronger persistence …

1 Like

We’ll all be reuploading data until beta release because we’re participating in tests that will help improve betas security, efficiency, functionality, etc. These are tests, not a secure or reliable network to store sensitive data yet. But it will be after beta so if you would like to contribute to making it a better network then feel free to upload, reupload, with the rest of us until we get our shiny release candidate that will be everything that was promised.

3 Likes

You should have read the sentence before the one you highlighted. People switched off test 5.

then the sentence[quote=“neo, post:34, topic:10345”]
In the Live network the protocol/software will be written to allow different versions to continue running together. Obviously there will be a limit on how old your vault/node software can be in order to still be recognised. So as long as most people upgrade in a reasonable time the network will just keep humming along.
[/quote][quote=“Nigel, post:38, topic:10345”]
We’ll all be reuploading data until beta release
[/quote]

I lay bets that we will be doing that (sometimes) up to the live release candidates. I cannot see it being so good that betas do not see at least one or two bugs that require a fix that needs data flushed.

2 Likes

We take or nodes down and ask others to do the same. If they do it’s down but only because folk are testing. We have no control there though and in release it will be very clear there is no control. In many tests we have had less than 10% of the nodes and community tests run without us. When network is tiny then if a person controls all the seed nodes it would be an issue, but the design forbids that (when we uncomment the boostrap cache etc.). So yes whilest bootstrap cache is off you could say we control new nodes joining (as we are the only seed nodes in many tests, but that is all really. No central control though in the actual network. Fully decentralised.

12 Likes

This may help you

8 Likes

Why couldn’t we give the user the choice as to which encryption method they wish to use? We can choose which encryption method we want to use when encrypting our email and making a public/private key so why can’t we do the same when making a SAFE account?