MaidSafe Dev Update - May 4, 2017

I think I understand, so you’re thinking that we one input for the user that serves more than 1 purpose e.g. first half of password = location and second half = encryption/decryption?

2 Likes

Yes.

Or probably more likely have 1 hash of password = location and 2 hashes of password = encryption. It depends on the consequence of having the entropy compromised as to how it should be utilised.

2 Likes

Preferably the other way around, or else an attacker can hash the location to find the crypto key!

Incidentally, I have the same issue as @polpolrene and @JPL on Windows. I’m going to try on Linux.

7 Likes

But doesn’t this make it difficult to change your passphrase in the future.

My understanding for splitting it into two parts was to allow for the address phrase to remain the same and simply change the 2nd (with re-encryption) allowing for the user to update their password in case it was found.

If you had only one passphrase then wouldn’t you also be changing the account address and potentially anything external using your account public address for verification would then not recognise your account when you changed the single passphrase.

1 Like

Will it be possible to provide only computing power in the future? I am not nearly well enough informed but, a computing node would require less bandwidth correct?
So all the talk about the early network not being able to handle certain implementations of divisibility due to work load could be compensated for by allowing users with insufficient bandwidth to transfer large amounts of data to earn coin by providing processing power?
Or am missing the boat here?

Please make sure you are using node version 6.5.0

2 Likes

@Seneca, I think you are all having the same issue that you haven’t changed to dev branch with git checkout dev command.

5 Likes

Ahh, getting through it now, thank you very much…

@jpl @Seneca

3 Likes

I switched to 6.5.0 before even trying. :slight_smile:

I was already on the dev branch, so that’s not it for me.

Actually, now that I look at @polpolrene’s screenshot it’s not the same issue, though it is the same step. After that command it seems to do nothing after printing:

@ pack-authenticator C:\SAFE\safe_browser-dev
node ./shell_scripts/pack_authenticator.js

@ pack-authenticator:windows C:\SAFE\safe_browser-dev
powershell.exe -ExecutionPolicy Bypass -File “.\shell_scripts\pack_authenticat
or.ps1”

That step can take some time, can you please let it run for a while and then confirm?

2 Likes

Can we get the README updated to add
git checkout dev

and the need for patience (lots of it)?

cos I was nearly about to raise a ticket thinking the process had died.

1 Like

I’m getting this one from normal terminal:

C:\Users\user\safe_browser>npm run pack-authenticator

@ pack-authenticator C:\Users\user\safe_browser
node ./shell_scripts/pack_authenticator.js

Pack Authenticator exited with code 45940943

C:\Users\user\safe_browser>

I let it run for almost an hour now, and I also don’t see any CPU/memory activity.

1 Like

The seventh circle of hell is filled with unfortunates forced to compile node apps on Windows for eternity.

11 Likes

This looks great. I would say the two biggest features I am looking for from the authenticator workflow are a headless authenticator that can be set to auto-approve all requests when built against mock (to enable ci testing), and support for multiple users when built against mock (so that we can test user-interaction and permissioning bugs).

I’m looking forward to starting to poke at the authenticator API more seriously. Hopefully it can be a relatively smooth drop-in replacement for the old safe_launcher API. I may try writing some typings for safe_app_nodejs while I do.

6 Likes

I agreed with you when I read your comment, but now have changed my mind, I think.

On the plus side, I like the elegance of a single password. It is like a bitcoin private key, which allows a single string to access the content.

However, as I had that thought, I realized that I do not want a bitcoin private key. I want something I can remember, but that is also secure. People who do Brain Wallets, using clever pass phrases to generate their bitcoin private key, are constantly losing their bitcoin.

I want to be able to log in from memory, with a reasonable expectation that my passphrases are not vulnerable to bots that try permutations of common phrases.

Forcing people to use two pass phrases, and perhaps forcing them to have those pass phrases have a long Levenshtein distance from each other, should help to achieve that.

I would vote to call them Password1 and Password2. That conveys that they can be alphanumeric, should be kept secret, and are both important.

Password or passphrase, neither is properly descriptive!? Tricky UX :slight_smile:

3 Likes

@JPL Encouraged to know it’s possible, I’m wondering why I’m not able to simple action the same Linux build…

Noting my fail here, in case useful step forward for others:

See nodejs.org for more info.

didn’t help with Linux Mint having an old version.

Instead, I found a good route to getting the latest version of nodejs and also then npm
via https://nodejs.org/en/download/package-manager/#debian-and-ubuntu-based-linux-distributions
curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash - sudo apt-get install -y nodejs
Looks good then as
$ ./node -v v6.10.3 $ ./npm -v 3.10.10 $ rustc -V rustc 1.16.0 (30cf806ef 2017-03-10)

but…
this fails on your system: npm ERR! cd app && npm install && cd ../ && npm run build-safe-app
So, I did also the obvious
npm run burnthemall
but same result.

In both attempts I also see what I expect are less important warnings
which compound my impression that npm is not useful friendly in suggesting how to resolve WARNs.
npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue npm WARN deprecated graceful-fs@1.2.3: graceful-fs v3.0.0 and before will fail on node releases >= v7.0. Please update to graceful-fs@^4.0.0 as soon as possible. Use 'npm ls graceful-fs' to find it in the tree.

So, I’m surprised it doesn’t just compile… I don’t expect that is just because I’ve now got node v6.10.3 :confused:
While we’ve got JPL’s version of the browser that works ok here, I wonder the examples need npm to be working to get those compiled.

Might try again later this weekend :slight_smile:

1 Like

I completely agree with you.

There has been a whole topic dedicated on the subject in the dev forum (Two passwords for login process) and a majority of people didn’t like 2 passwords and would prefer a name (call it common name, account name, pet name, friendly name …) and a password.

IMO the traditional solution (name + password) and deriving both the location and encryption/decryption keys from these 2 elements was the way to go. I argued here and here) but I failed to convince MaidSafe. Maybe you could revive this topic and be more successful than me.

7 Likes

We just added this tutorial to the SAFE Dev Forum:

It explains how to build the SAFE Browser with Mock-Vault and how to upload a website using the SAFE Hosting Manager app. We are also planning to add a few code examples that will help you understand how to use the SAFE Browser DOM APIs to build dynamic web applications. We are having some issues with some of the code examples, so we can only publish one of them for now. We’ll update this tutorial with more code examples once we resolve these issues. :slight_smile:

15 Likes