Screen Shot

[kmtan]

not bad design for the UI

[rysgc]

About the year of birth input field. Personally I prefer to see the full year when I am entering this information, so instead of 65, I could choose 1965. Does anyone disagree? It would just have "smoothened" my first Keyhotee GUI impression, so I am bringing it up.

Yeah that's more intuitive 

[arcke]

About the year of birth input field. Personally I prefer to see the full year when I am entering this information, so instead of 65, I could choose 1965. Does anyone disagree? It would just have "smoothened" my first Keyhotee GUI impression, so I am bringing it up.

[sharpayq]

 

[VEscudero]

We also stretch the brain wallet with about 5 seconds of memory intensive computational time upon creation of your profile.

Definitely it's good news to know that you are applying some countermeasures against brute force attacks. However in SQRL, as the master key should be rarely used, even importing an encrypted key with the right passphrase is delayed for 1 minute instead of 'just' 5 seconds.

Could it be possible to let users setup their own preferences to truly secure their master keys?

In my opionion, a delay like 5 seconds could be the default, nevertheless if the user choose an advanced or expert view, she should be able to adjust Keyhoote preferences to match her security needs from the very beginning.

[super3]

We will have polish that up later, but this is great progress! BitMessage is going to have a very bad day when this is released.

[bytemaster]

I see.

I didn't understand your second sentence there. 

It is one thing to guess all common pass phrases, but if you have to pair that with a name and SSN then your search gets much harder.  The attacker would have to choose to attack your brain wallet rather than 'any brain wallet using supercalifragilisticexpialidocious as a password'.

We also stretch the brain wallet with about 5 seconds of memory intensive computational time upon creation of your profile.

[earthbound]

I see.

I didn't understand your second sentence there. 

[bytemaster]

All information is optional and was chosen merely because it is easy to remember for most users

It is used as a salt that makes attackers pick an individual




Sent from my iPhone using Tapatalk

[earthbound]

I'm frankly surprised and a little disappointed to see a screen capture where the profile registration requires that level of real-world information: full name, birthday, and SSN#/Passport#/Driver's License#??

I hope that the only way in which that information is used is as a basis to generate the public/private key pair tied to an identity? And if that is the case, why should the keys necessarily be generated from information which is itself mediated by any nationality? Furthermore, why is the required information given with a bias to the nationality of the United States?

Keyhotee will, I hope and believe, be part of a global information/currency freedom (and security) revolution. I therefore strongly suggest that the information used to create any identity be abstract enough to thoroughly disintermediate the generation of an ID from anything necessarily having to do with any one nationality.

I suggest changing the ID creation mnemonics to three "security questions," and providing a very long list of rather obscure questions which only someone who is not any kind of, uh . . . Superior Sibling . . . would know. I also suggest that the name and birthday fields be optional, and that they be labeled "full name OR alias" and "obscure identifying number" (with a suggestion that SSNs, etc. are not obscure enough.)

It should also offer a link to very specific suggested steps for absolutely securing the information provided to generate the ID (e.g. three different digital and three different paper backups, all secured at different physical locations where you can trust them to be absolutely safe), and it should very pointedly demand that this be the case before it will allow the ID to be created. For the paper backups, that should be printouts of the information tied to the id, sent in nondescript envelopes, to three different people or locations (in sufficiently diverse areas of the planet) whom you trust with your life.

(Hint: an internet search for "excellent security questions" offers some really good leads)

I'm also a bit alarmed by the push here in some comments to tie a service which is disintermediated by design into integration with other, mediated services, for "security??"

A good spy can tell you that if any important information of yours is controlled by a third party (in particular companies or organizations), it is not a matter of whether any adversary can cheat or extort to acquire that information, but how motivated and resourceful they are.

If any third party has access to any useful information about you, you should consider that information--and all information which is routed through that party--potentially public, period.

So, at the very least, if this aspect of the design of ID creation goes unchanged, I personally would recommend that anyone creating an ID provide harmlessly false instead of true information, if you want your Keyhotee ID absolutely secured.

[0dayZh]

Nice work!

[ebay]

wo.......

[robozombie]

Nice to know that, Bytemaster! Thank you, Stan, Phoenix, for clearing that idea up I'm really excited about all these projects that are coming up! I know this is going to be BIG!

[bytemaster]

Everything is cross platform based on Qt. 

[Gekko]

Is there a Keyhotee client for the *nix family in the works, too?

Not knowing the answer I would say: it doesn't make sense otherwise, does it?
I couldn't use Keyhotee if it was Windows/Mac only, which would mean I could not be one of those to get the new proclaimed freedom because I use a free and open operating system.

Edit:
Wouldn't using a proprietary operating system like Windows make Keyhotee obsolete, because if the NSA controls the OS they also have control over the installed applications?

[Stan]

Is Keyhotee forked from PTS? And if so, how can you use your PTS to credit your id if you have to mine them aka different private keys...

Keyhotee is an application for secure interaction with people and DACs.  It does not have a tradable currency itself, but it will have a wallet for managing other currencies.  Its underlying block chain is for storing free Keyhotee IDs where just a little proof-of-work mining in the  background secures your free ID for a year.  As a user, you don't even have to think about this.  As long as you run Keyhotee about a day per year, your free ID is renewed.  If you get hit by a bus, your free ID name (not your associated private information) becomes available for someone else to claim after one year of no use.  IDs are not transferrable so there is no motivation to reserve names you don't plan to use.  Keyhotee Founder IDs, however, never expire.

Are the founders IDs the only ones that will be on sale, Stan?

Only founders IDs will be sold for PTS. Normal IDs will be mined out for a little bit of CPU power, which any normal user should be able to do on a home computer.

Founder's ID's are not sold.  They are small public recognition of people who have made a significant donation to development of Keyhotee - a contribution that goes above and beyond the call of duty.

[phoenix]

Is Keyhotee forked from PTS? And if so, how can you use your PTS to credit your id if you have to mine them aka different private keys...

Keyhotee is an application for secure interaction with people and DACs.  It does not have a tradable currency itself, but it will have a wallet for managing other currencies.  Its underlying block chain is for storing free Keyhotee IDs where just a little proof-of-work mining in the  background secures your free ID for a year.  As a user, you don't even have to think about this.  As long as you run Keyhotee about a day per year, your free ID is renewed.  If you get hit by a bus, your free ID name (not your associated private information) becomes available for someone else to claim after one year of no use.  IDs are not transferrable so there is no motivation to reserve names you don't plan to use.  Keyhotee Founder IDs, however, never expire.

Are the founders IDs the only ones that will be on sale, Stan?

Only founders IDs will be sold for PTS given in exchange for a donation of PTS to help support the development of Keyhotee and other Invictus DACs. Normal IDs will be mined out for a little bit of CPU power, which any normal user should be able to do on a home computer.

[robozombie]

Is there a Keyhotee client for the *nix family in the works, too?

[robozombie]

Is Keyhotee forked from PTS? And if so, how can you use your PTS to credit your id if you have to mine them aka different private keys...

Keyhotee is an application for secure interaction with people and DACs.  It does not have a tradable currency itself, but it will have a wallet for managing other currencies.  Its underlying block chain is for storing free Keyhotee IDs where just a little proof-of-work mining in the  background secures your free ID for a year.  As a user, you don't even have to think about this.  As long as you run Keyhotee about a day per year, your free ID is renewed.  If you get hit by a bus, your free ID name (not your associated private information) becomes available for someone else to claim after one year of no use.  IDs are not transferrable so there is no motivation to reserve names you don't plan to use.  Keyhotee Founder IDs, however, never expire.

Are the founders IDs the only ones that will be on sale, Stan?

[bytemaster]

It's inevitable that somebody will irrecoverably lose his private key or the key gets compromised, the stake can be very high ... so all we can do is say "tough luck"?

Your only option is to back it up and risk theft.  IF you trust it to someone else then all you do is transfer the risks and introduce new risks.

So if Bytemaster's private key got stolen and become known by many, what's going to happen? I guess there need to be a public directory for all compromised IDs?

The KeyhoteeID block chain allows you to cancel an ID, at which point you would have to rebuild your reputation under a new ID.

[bitcool]

It's inevitable that somebody will irrecoverably lose his private key or the key gets compromised, the stake can be very high ... so all we can do is say "tough luck"?

Your only option is to back it up and risk theft.  IF you trust it to someone else then all you do is transfer the risks and introduce new risks.

So if Bytemaster's private key got stolen and become known by many, what's going to happen? I guess there need to be a public directory for all compromised IDs?

[bytemaster]

It's inevitable that somebody will irrecoverably lose his private key or the key gets compromised, the stake can be very high ... so all we can do is say "tough luck"?

Your only option is to back it up and risk theft.  IF you trust it to someone else then all you do is transfer the risks and introduce new risks.

[bitcool]

It's inevitable that somebody will irrecoverably lose his private key or the key gets compromised, the stake can be very high ... so all we can do is say "tough luck"?

[JustHayden]

Explain to me how all of those centralized solutions allow you to protect a private key on your computer.  The best approach is a hardware wallet which we will be happy to support.  But we also need recoverability.  Storing your wallet on a USB stick can provide some basic two factor auth. 




Sent from my iPhone using Tapatalk

Maybe once you get the ball rolling with Keyhotee after it's release to the public, you can work on releasing a USB stick made special to store your wallet on. Maybe even fit that USB to also mine when plugged in if that's possible? That would almost guarantee constant miners throughout Keyhotee's existence.

[bytemaster]

Explain to me how all of those centralized solutions allow you to protect a private key on your computer.  The best approach is a hardware wallet which we will be happy to support.  But we also need recoverability.  Storing your wallet on a USB stick can provide some basic two factor auth. 




Sent from my iPhone using Tapatalk

[luckybit]

Looking good.

What kind of authentication are you looking to implement to ensure an account won't get hacked?

Eg:  Google Authentication maybe?

Why not use Yubikey? Anyway I think 2FA is absolutely necessary for Keyhotee. I think you would want to give multiple options, such as Yubikey, Google Auth, SMS msg, Email.

But if it is just a password on the computer then a keylogger is all it would take to retrieve the keys to the castle.

[Troglodactyl]

Are there plans for Keyhotee to support plugins?  My understanding is that a key feature of Keyhotee is directly establishing PKI secured TCP connections between users either through a blockchain or DHT for IP lookups, which could be readily usable for many features, some of which are undoubtedly too obscure to clutter the standard application by default.

Also, has Invictus had any contact with the RetroShare (http://retroshare.sourceforge.net/) team?  The identity and reputation management seems much more elegant in Keyhotee, but I'd love to see forums and even a full p2p social network in Keyhotee eventually.

[bytemaster]

We agree and will have a jsonrpc API to allow anyone to do this


Sent from my iPhone using Tapatalk

[HackFisher]

Some bridges may be possible but your security would be comprised


Sent from my iPhone using Tapatalk

It may not part of Keyhotee, but api should be provided for third-parties(including invictus) to provide these services. Let users to select and trust providers themselves. These service provides belongs to the traditional world, but its ok, helping people circles migrate to the Keyhotee new world.

If Keyhotee can connect to the exsisting world of mail, wide users can easily accept it, help it spread quickly. It should not be an iland in the sea, should keep opened and connected.

Sent from my GT-N7100 using Tapatalk

[bytemaster]

Some bridges may be possible but your security would be comprised


Sent from my iPhone using Tapatalk

[HackFisher]

Is Keyhotee possible to send mail to tranditional mail, e.g. Gmail etc? As Keyhotee ID is defferent from mail address?

Or is it use some third party service/plugin to build the communication from Keyhotee and Mail? Some miners provide api proxy service and using keyhotee-mail.org, than people can use Keyhotee to send mails to someone@gmail.com(keyhotee -- mail.keyhotee.org as gateway)? and someone at gmail send to someone(Keyhotee ID), by sending mail to someone@keyhotee.org e.g.?

[bytemaster]

We want to use best practices. I will look into armory approach. 


Sent from my iPhone using Tapatalk

[NineLives]

Google auth is centralized.   I could use it in kehotee but the files would still be protected via aes.   

The only way to compromise your account is to hack your computer and guess your password.   


Sent from my iPhone using Tapatalk

This is the same common problem with all wallets.  It can be hacked.
I'm certain there is lots to do but i like the way Armory Wallet conducts its protection process so malware have a hard time logging..  Something to consider seems security part of Keyhotee's product.

[bytemaster]

Google auth is centralized.   I could use it in kehotee but the files would still be protected via aes.   

The only way to compromise your account is to hack your computer and guess your password.   




Sent from my iPhone using Tapatalk

[NineLives]

Looking good.

What kind of authentication are you looking to implement to ensure an account won't get hacked?

Eg:  Google Authentication maybe?

[bytemaster]

It will support all alts that have the bitcoin API

Initial version will not support any wallet features. But they will be added quickly. 


Sent from my iPhone using Tapatalk

[Lighthouse]

Will Keyhotee support Protoshares?  I notice it is missing from the list although Litecoin is there.

[Pocket Sand]

Props to the development team, great job

[fredafrica]

Muito Legal!

[testz]

Very nice!

[Financisto]

Nice to see such progress.

Keep up the good work!

[phoenix]

I like what you've shown us so far, looking forward to seeing more screenshots

[cass]

woah - i like it - Nice to see all in progress ...

[JustHayden]

Is Keyhotee forked from PTS? And if so, how can you use your PTS to credit your id if you have to mine them aka different private keys...

Keyhotee is an application for secure interaction with people and DACs.  It does not have a tradable currency itself, but it will have a wallet for managing other currencies.  Its underlying block chain is for storing free Keyhotee IDs where just a little proof-of-work mining in the  background secures your free ID for a year.  As a user, you don't even have to think about this.  As long as you run Keyhotee about a day per year, your free ID is renewed.  If you get hit by a bus, your free ID name (not your associated private information) becomes available for someone else to claim after one year of no use.  IDs are not transferrable so there is no motivation to reserve names you don't plan to use.  Keyhotee Founder IDs, however, never expire.

How secure will this wallet be? It has to be the most top notch secure wallet you can have. If I were you guys I'd pay a few high end hackers to expose these security breaches (if there are any). Because one hack can completely destroy Keyhotees reputation, and fail.

[Sy]

Thanks for clearing that up

[Stan]

Is Keyhotee forked from PTS? And if so, how can you use your PTS to credit your id if you have to mine them aka different private keys...

Keyhotee is an application for secure interaction with people and DACs.  It does not have a tradable currency itself, but it will have a wallet for managing other currencies.  Its underlying block chain is for storing free Keyhotee IDs where just a little proof-of-work mining in the  background secures your free ID for a year.  As a user, you don't even have to think about this.  As long as you run Keyhotee about a day per year, your free ID is renewed.  If you get hit by a bus, your free ID name (not your associated private information) becomes available for someone else to claim after one year of no use.  IDs are not transferrable so there is no motivation to reserve names you don't plan to use.  Keyhotee Founder IDs, however, never expire.

[lib]

Thank you guys for the great work!
So excited about the coming holidays!

[Sy]

Is Keyhotee forked from PTS? And if so, how can you use your PTS to credit your id if you have to mine them aka different private keys...

[devilfish]

Good work guys, can't wait!

[fav]

looks really good!

[bytemaster]

[bytemaster]

The sad thing is that it doesn't look new and different compared to regular email.

But compare it to:

[bytemaster]

Is that all there is at the moment? Is there an ID page that shows your reputation and other things too yet?

Looks really good so far though, I can't wait to see what more keyhotee can become.

IDs are being mined and you can add contacts by name and communicate with them.  There is a lot of polish left to do in the GUI as most of the work is under the hood.

[JustHayden]

Is that all there is at the moment? Is there an ID page that shows your reputation and other things too yet?

Looks really good so far though, I can't wait to see what more keyhotee can become.

[bytemaster]