BitShares Forum

Other => Graveyard => Keyhotee => Topic started by: bytemaster on November 26, 2013, 07:09:44 am

Title: Screen Shot
Post by: bytemaster on November 26, 2013, 07:09:44 am
(http://the-iland.net/static/keyhotee.png)
Title: Re: Screen Shot
Post by: JustHayden on November 26, 2013, 07:20:06 am
Is that all there is at the moment? Is there an ID page that shows your reputation and other things too yet?

Looks really good so far though, I can't wait to see what more keyhotee can become.
Title: Re: Screen Shot
Post by: bytemaster on November 26, 2013, 07:26:43 am
Is that all there is at the moment? Is there an ID page that shows your reputation and other things too yet?

Looks really good so far though, I can't wait to see what more keyhotee can become.

IDs are being mined and you can add contacts by name and communicate with them.  There is a lot of polish left to do in the GUI as most of the work is under the hood.
Title: Re: Screen Shot
Post by: bytemaster on November 26, 2013, 07:31:21 am
The sad thing is that it doesn't look new and different compared to regular email.

But compare it to:

(http://the-iland.net/static/bitmessage.png)

Title: Re: Screen Shot
Post by: bytemaster on November 26, 2013, 07:36:19 am
(http://the-iland.net/static/create_profile.png)

Title: Re: Screen Shot
Post by: fav on November 26, 2013, 07:38:26 am
looks really good!
Title: Re: Screen Shot
Post by: devilfish on November 26, 2013, 09:07:16 am
Good work guys, can't wait!
Title: Re: Screen Shot
Post by: Sy on November 26, 2013, 10:00:43 am
Is Keyhotee forked from PTS? And if so, how can you use your PTS to credit your id if you have to mine them aka different private keys...
Title: Re: Screen Shot
Post by: lib on November 26, 2013, 10:31:54 am
Thank you guys for the great work!
So excited about the coming holidays!
Title: Re: Screen Shot
Post by: Stan on November 26, 2013, 01:31:23 pm
Is Keyhotee forked from PTS? And if so, how can you use your PTS to credit your id if you have to mine them aka different private keys...

Keyhotee is an application for secure interaction with people and DACs.  It does not have a tradable currency itself, but it will have a wallet for managing other currencies.  Its underlying block chain is for storing free Keyhotee IDs where just a little proof-of-work mining in the  background secures your free ID for a year.  As a user, you don't even have to think about this.  As long as you run Keyhotee about a day per year, your free ID is renewed.  If you get hit by a bus, your free ID name (not your associated private information) becomes available for someone else to claim after one year of no use.  IDs are not transferrable so there is no motivation to reserve names you don't plan to use.  Keyhotee Founder IDs, however, never expire.
Title: Re: Screen Shot
Post by: Sy on November 26, 2013, 01:33:28 pm
Thanks for clearing that up :)
Title: Re: Screen Shot
Post by: JustHayden on November 26, 2013, 01:42:39 pm
Is Keyhotee forked from PTS? And if so, how can you use your PTS to credit your id if you have to mine them aka different private keys...

Keyhotee is an application for secure interaction with people and DACs.  It does not have a tradable currency itself, but it will have a wallet for managing other currencies.  Its underlying block chain is for storing free Keyhotee IDs where just a little proof-of-work mining in the  background secures your free ID for a year.  As a user, you don't even have to think about this.  As long as you run Keyhotee about a day per year, your free ID is renewed.  If you get hit by a bus, your free ID name (not your associated private information) becomes available for someone else to claim after one year of no use.  IDs are not transferrable so there is no motivation to reserve names you don't plan to use.  Keyhotee Founder IDs, however, never expire.

How secure will this wallet be? It has to be the most top notch secure wallet you can have. If I were you guys I'd pay a few high end hackers to expose these security breaches (if there are any). Because one hack can completely destroy Keyhotees reputation, and fail.
Title: Re: Screen Shot
Post by: cass on November 26, 2013, 02:53:01 pm
woah - i like it - Nice to see all in progress ...
Title: Re: Screen Shot
Post by: phoenix on November 26, 2013, 05:05:28 pm
I like what you've shown us so far, looking forward to seeing more screenshots :)
Title: Re: Screen Shot
Post by: Financisto on November 27, 2013, 02:40:49 am
Nice to see such progress.

Keep up the good work!
Title: Re: Screen Shot
Post by: testz on November 27, 2013, 06:18:24 am
Very nice!
Title: Re: Screen Shot
Post by: fredafrica on November 28, 2013, 02:03:15 pm
Muito Legal!
Title: Re: Screen Shot
Post by: Pocket Sand on November 29, 2013, 01:16:16 am
Props to the development team, great job
Title: Re: Screen Shot
Post by: Lighthouse on November 29, 2013, 01:34:33 am
Will Keyhotee support Protoshares?  I notice it is missing from the list although Litecoin is there.
Title: Re: Screen Shot
Post by: bytemaster on November 29, 2013, 01:37:02 am
It will support all alts that have the bitcoin API

Initial version will not support any wallet features. But they will be added quickly. 


Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
Title: Re: Screen Shot
Post by: NineLives on November 29, 2013, 07:45:57 pm
Looking good.

What kind of authentication are you looking to implement to ensure an account won't get hacked?

Eg:  Google Authentication maybe?
Title: Re: Screen Shot
Post by: bytemaster on November 29, 2013, 07:50:31 pm
Google auth is centralized.   I could use it in kehotee but the files would still be protected via aes.   

The only way to compromise your account is to hack your computer and guess your password.   




Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
Title: Re: Screen Shot
Post by: NineLives on November 29, 2013, 07:58:18 pm
Google auth is centralized.   I could use it in kehotee but the files would still be protected via aes.   

The only way to compromise your account is to hack your computer and guess your password.   


Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)

This is the same common problem with all wallets.  It can be hacked.
I'm certain there is lots to do but i like the way Armory Wallet conducts its protection process so malware have a hard time logging..  Something to consider seems security part of Keyhotee's product.
Title: Re: Screen Shot
Post by: bytemaster on November 29, 2013, 07:59:26 pm
We want to use best practices. I will look into armory approach. 


Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
Title: Re: Screen Shot
Post by: HackFisher on November 30, 2013, 01:02:27 pm
Is Keyhotee possible to send mail to tranditional mail, e.g. Gmail etc? As Keyhotee ID is defferent from mail address?

Or is it use some third party service/plugin to build the communication from Keyhotee and Mail? Some miners provide api proxy service and using keyhotee-mail.org, than people can use Keyhotee to send mails to someone@gmail.com(keyhotee -- mail.keyhotee.org as gateway)? and someone at gmail send to someone(Keyhotee ID), by sending mail to someone@keyhotee.org e.g.?
Title: Re: Screen Shot
Post by: bytemaster on November 30, 2013, 02:18:55 pm
Some bridges may be possible but your security would be comprised


Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
Title: Re: Screen Shot
Post by: HackFisher on December 01, 2013, 12:29:31 am
Some bridges may be possible but your security would be comprised


Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)

It may not part of Keyhotee, but api should be provided for third-parties(including invictus) to provide these services. Let users to select and trust providers themselves. These service provides belongs to the traditional world, but its ok, helping people circles migrate to the Keyhotee new world.

If Keyhotee can connect to the exsisting world of mail, wide users can easily accept it, help it spread quickly. It should not be an iland in the sea, should keep opened and connected.

Sent from my GT-N7100 using Tapatalk
Title: Re: Screen Shot
Post by: bytemaster on December 01, 2013, 12:34:49 am
We agree and will have a jsonrpc API to allow anyone to do this


Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
Title: Re: Screen Shot
Post by: Troglodactyl on December 01, 2013, 07:16:05 am
Are there plans for Keyhotee to support plugins?  My understanding is that a key feature of Keyhotee is directly establishing PKI secured TCP connections between users either through a blockchain or DHT for IP lookups, which could be readily usable for many features, some of which are undoubtedly too obscure to clutter the standard application by default.

Also, has Invictus had any contact with the RetroShare (http://retroshare.sourceforge.net/) team?  The identity and reputation management seems much more elegant in Keyhotee, but I'd love to see forums and even a full p2p social network in Keyhotee eventually.
Title: Re: Screen Shot
Post by: luckybit on December 01, 2013, 06:10:03 pm
Looking good.

What kind of authentication are you looking to implement to ensure an account won't get hacked?

Eg:  Google Authentication maybe?

Why not use Yubikey? Anyway I think 2FA is absolutely necessary for Keyhotee. I think you would want to give multiple options, such as Yubikey, Google Auth, SMS msg, Email.

But if it is just a password on the computer then a keylogger is all it would take to retrieve the keys to the castle.
Title: Re: Screen Shot
Post by: bytemaster on December 01, 2013, 06:18:37 pm
Explain to me how all of those centralized solutions allow you to protect a private key on your computer.  The best approach is a hardware wallet which we will be happy to support.  But we also need recoverability.  Storing your wallet on a USB stick can provide some basic two factor auth. 




Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
Title: Re: Screen Shot
Post by: JustHayden on December 01, 2013, 06:24:25 pm
Explain to me how all of those centralized solutions allow you to protect a private key on your computer.  The best approach is a hardware wallet which we will be happy to support.  But we also need recoverability.  Storing your wallet on a USB stick can provide some basic two factor auth. 




Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)

Maybe once you get the ball rolling with Keyhotee after it's release to the public, you can work on releasing a USB stick made special to store your wallet on. Maybe even fit that USB to also mine when plugged in if that's possible? That would almost guarantee constant miners throughout Keyhotee's existence.
Title: Re: Screen Shot
Post by: bitcool on December 03, 2013, 12:38:52 am
It's inevitable that somebody will irrecoverably lose his private key or the key gets compromised, the stake can be very high ... so all we can do is say "tough luck"?
Title: Re: Screen Shot
Post by: bytemaster on December 03, 2013, 02:26:43 am
It's inevitable that somebody will irrecoverably lose his private key or the key gets compromised, the stake can be very high ... so all we can do is say "tough luck"?

Your only option is to back it up and risk theft.  IF you trust it to someone else then all you do is transfer the risks and introduce new risks.
Title: Re: Screen Shot
Post by: bitcool on December 03, 2013, 04:27:15 pm
It's inevitable that somebody will irrecoverably lose his private key or the key gets compromised, the stake can be very high ... so all we can do is say "tough luck"?

Your only option is to back it up and risk theft.  IF you trust it to someone else then all you do is transfer the risks and introduce new risks.
So if Bytemaster's private key got stolen and become known by many, what's going to happen? I guess there need to be a public directory for all compromised IDs?
Title: Re: Screen Shot
Post by: bytemaster on December 03, 2013, 04:29:51 pm
It's inevitable that somebody will irrecoverably lose his private key or the key gets compromised, the stake can be very high ... so all we can do is say "tough luck"?

Your only option is to back it up and risk theft.  IF you trust it to someone else then all you do is transfer the risks and introduce new risks.
So if Bytemaster's private key got stolen and become known by many, what's going to happen? I guess there need to be a public directory for all compromised IDs?

The KeyhoteeID block chain allows you to cancel an ID, at which point you would have to rebuild your reputation under a new ID.
Title: Re: Screen Shot
Post by: robozombie on December 03, 2013, 10:19:37 pm
Is Keyhotee forked from PTS? And if so, how can you use your PTS to credit your id if you have to mine them aka different private keys...

Keyhotee is an application for secure interaction with people and DACs.  It does not have a tradable currency itself, but it will have a wallet for managing other currencies.  Its underlying block chain is for storing free Keyhotee IDs where just a little proof-of-work mining in the  background secures your free ID for a year.  As a user, you don't even have to think about this.  As long as you run Keyhotee about a day per year, your free ID is renewed.  If you get hit by a bus, your free ID name (not your associated private information) becomes available for someone else to claim after one year of no use.  IDs are not transferrable so there is no motivation to reserve names you don't plan to use.  Keyhotee Founder IDs, however, never expire.
Are the founders IDs the only ones that will be on sale, Stan?
Title: Re: Screen Shot
Post by: robozombie on December 03, 2013, 10:22:45 pm
(http://the-iland.net/static/keyhotee.png)

Is there a Keyhotee client for the *nix family in the works, too?
Title: Re: Screen Shot
Post by: phoenix on December 03, 2013, 10:27:43 pm
Is Keyhotee forked from PTS? And if so, how can you use your PTS to credit your id if you have to mine them aka different private keys...

Keyhotee is an application for secure interaction with people and DACs.  It does not have a tradable currency itself, but it will have a wallet for managing other currencies.  Its underlying block chain is for storing free Keyhotee IDs where just a little proof-of-work mining in the  background secures your free ID for a year.  As a user, you don't even have to think about this.  As long as you run Keyhotee about a day per year, your free ID is renewed.  If you get hit by a bus, your free ID name (not your associated private information) becomes available for someone else to claim after one year of no use.  IDs are not transferrable so there is no motivation to reserve names you don't plan to use.  Keyhotee Founder IDs, however, never expire.
Are the founders IDs the only ones that will be on sale, Stan?

Only founders IDs will be sold for PTS given in exchange for a donation of PTS to help support the development of Keyhotee and other Invictus DACs. Normal IDs will be mined out for a little bit of CPU power, which any normal user should be able to do on a home computer.
Title: Re: Screen Shot
Post by: Stan on December 04, 2013, 01:43:21 am
Is Keyhotee forked from PTS? And if so, how can you use your PTS to credit your id if you have to mine them aka different private keys...

Keyhotee is an application for secure interaction with people and DACs.  It does not have a tradable currency itself, but it will have a wallet for managing other currencies.  Its underlying block chain is for storing free Keyhotee IDs where just a little proof-of-work mining in the  background secures your free ID for a year.  As a user, you don't even have to think about this.  As long as you run Keyhotee about a day per year, your free ID is renewed.  If you get hit by a bus, your free ID name (not your associated private information) becomes available for someone else to claim after one year of no use.  IDs are not transferrable so there is no motivation to reserve names you don't plan to use.  Keyhotee Founder IDs, however, never expire.
Are the founders IDs the only ones that will be on sale, Stan?

Only founders IDs will be sold for PTS. Normal IDs will be mined out for a little bit of CPU power, which any normal user should be able to do on a home computer.

Founder's ID's are not sold.  They are small public recognition of people who have made a significant donation to development of Keyhotee - a contribution that goes above and beyond the call of duty.
Title: Re: Screen Shot
Post by: Gekko on December 04, 2013, 05:51:02 am
Is there a Keyhotee client for the *nix family in the works, too?
Not knowing the answer I would say: it doesn't make sense otherwise, does it?
I couldn't use Keyhotee if it was Windows/Mac only, which would mean I could not be one of those to get the new proclaimed freedom because I use a free and open operating system. :)

Edit:
Wouldn't using a proprietary operating system like Windows make Keyhotee obsolete, because if the NSA controls the OS they also have control over the installed applications?
Title: Re: Screen Shot
Post by: bytemaster on December 04, 2013, 03:33:50 pm
Everything is cross platform based on Qt. 
Title: Re: Screen Shot
Post by: robozombie on December 05, 2013, 02:45:00 am
Nice to know that, Bytemaster! Thank you, Stan, Phoenix, for clearing that idea up :D I'm really excited about all these projects that are coming up! I know this is going to be BIG!
Title: Re: Screen Shot
Post by: ebay on December 06, 2013, 04:39:26 pm
wo.......
Title: Re: Screen Shot
Post by: 0dayZh on December 16, 2013, 06:54:11 pm
Nice work!
Title: Re: Screen Shot
Post by: earthbound on December 26, 2013, 09:03:34 pm
(http://the-iland.net/static/create_profile.png)

:o

I'm frankly surprised and a little disappointed to see a screen capture where the profile registration requires that level of real-world information: full name, birthday, and SSN#/Passport#/Driver's License#??

I hope that the only way in which that information is used is as a basis to generate the public/private key pair tied to an identity? And if that is the case, why should the keys necessarily be generated from information which is itself mediated by any nationality? Furthermore, why is the required information given with a bias to the nationality of the United States?

Keyhotee will, I hope and believe, be part of a global information/currency freedom (and security) revolution. I therefore strongly suggest that the information used to create any identity be abstract enough to thoroughly disintermediate the generation of an ID from anything necessarily having to do with any one nationality.

I suggest changing the ID creation mnemonics to three "security questions," and providing a very long list of rather obscure questions which only someone who is not any kind of, uh . . . Superior Sibling . . . :) would know. I also suggest that the name and birthday fields be optional, and that they be labeled "full name OR alias" and "obscure identifying number" (with a suggestion that SSNs, etc. are not obscure enough.)

It should also offer a link to very specific suggested steps for absolutely securing the information provided to generate the ID (e.g. three different digital and three different paper backups, all secured at different physical locations where you can trust them to be absolutely safe), and it should very pointedly demand that this be the case before it will allow the ID to be created. For the paper backups, that should be printouts of the information tied to the id, sent in nondescript envelopes, to three different people or locations (in sufficiently diverse areas of the planet) whom you trust with your life.

(Hint: an internet search for "excellent security questions" offers some really good leads)

I'm also a bit alarmed by the push here in some comments to tie a service which is disintermediated by design into integration with other, mediated services, for "security??"

A good spy can tell you that if any important information of yours is controlled by a third party (in particular companies or organizations), it is not a matter of whether any adversary can cheat or extort to acquire that information, but how motivated and resourceful they are.

If any third party has access to any useful information about you, you should consider that information--and all information which is routed through that party--potentially public, period.

So, at the very least, if this aspect of the design of ID creation goes unchanged, I personally would recommend that anyone creating an ID provide harmlessly false instead of true information, if you want your Keyhotee ID absolutely secured.
Title: Re: Screen Shot
Post by: bytemaster on December 26, 2013, 09:52:25 pm
All information is optional and was chosen merely because it is easy to remember for most users

It is used as a salt that makes attackers pick an individual




Sent from my iPhone using Tapatalk (http://tapatalk.com/m?id=1)
Title: Re: Screen Shot
Post by: earthbound on December 27, 2013, 03:25:37 am
I see.

I didn't understand your second sentence there.  ???
Title: Re: Screen Shot
Post by: bytemaster on December 27, 2013, 03:43:04 am
I see.

I didn't understand your second sentence there.  ???

It is one thing to guess all common pass phrases, but if you have to pair that with a name and SSN then your search gets much harder.  The attacker would have to choose to attack your brain wallet rather than 'any brain wallet using supercalifragilisticexpialidocious as a password'.

We also stretch the brain wallet with about 5 seconds of memory intensive computational time upon creation of your profile.
Title: Re: Screen Shot
Post by: super3 on December 27, 2013, 05:13:42 am
We will have polish that up later, but this is great progress! BitMessage is going to have a very bad day when this is released.
Title: Re: Screen Shot
Post by: VEscudero on December 27, 2013, 11:36:56 am
We also stretch the brain wallet with about 5 seconds of memory intensive computational time upon creation of your profile.

Definitely it's good news to know that you are applying some countermeasures against brute force attacks. However in SQRL (https://www.grc.com/sqrl/sqrl.htm), as the master key should be rarely used, even importing an encrypted key with the right passphrase is delayed for 1 minute instead of 'just' 5 seconds.

Could it be possible to let users setup their own preferences to truly secure their master keys?

In my opionion, a delay like 5 seconds could be the default, nevertheless if the user choose an advanced or expert view, she should be able to adjust Keyhoote preferences to match her security needs from the very beginning.
Title: Re: Screen Shot
Post by: sharpayq on December 30, 2013, 11:05:23 am
 :)
Title: Re: Screen Shot
Post by: arcke on December 30, 2013, 04:23:06 pm
About the year of birth input field. Personally I prefer to see the full year when I am entering this information, so instead of 65, I could choose 1965. Does anyone disagree? It would just have "smoothened" my first Keyhotee GUI impression, so I am bringing it up.
Title: Re: Screen Shot
Post by: rysgc on December 30, 2013, 05:12:18 pm
About the year of birth input field. Personally I prefer to see the full year when I am entering this information, so instead of 65, I could choose 1965. Does anyone disagree? It would just have "smoothened" my first Keyhotee GUI impression, so I am bringing it up.

Yeah that's more intuitive 
Title: Re: Screen Shot
Post by: kmtan on December 31, 2013, 05:01:30 am
not bad design for the UI