Secure Your NXT

From Nxt Wiki
Jump to: navigation, search

1 The Importance of Passphrases

Unlike most other crypto-currencies and traditional tokens of value, an NXT account is secured only by a single passphrase which can be thought of as a very secure password. We call this a "Brain Wallet". The passphrase is the only identifier needed in order to transact using NXT and in order to Forge NXT blocks. There are no additional wallet files of any sort.

And unlike traditional web sites which limit the number of login attempts and do not disclose the authentication algorithm, the open source and free NXT client allows an unlimited number of login attempts which can be executed very quickly, at rates reaching billions of login attempts per second. Considering this, and unlike traditional passwords, your passphrase has to be very long and complex. The NXT client registration script is known to generate very secure passphrases. We recommend that you use it. Alternatively, you can choose a passphrase with at least 35 truly random characters.

Losing your passphrase means losing your funds, there is no way to recover your passphrase. It is YOUR responsibility. If you cannot accept this, better don't use NXT.

1.1 Mitigating Risks of NXT loss

Let's analyze the various risks and how to mitigate them. The main risks are:

  • Losing your passphrase
  • Letting someone steal your passphrase
  • Accidentally sending your NXT to an account with an unknown passphrase

If you are one of those guys who always mess up things online and need customer support, you will have to exercise extra care to not to lose your NXT one way or the other.

1.2 Best Ways to remember your Passphrase

If you lose your passphrase there is no way to recover it. The chance of forgetting your passphrase is much higher than getting your password stolen.

The best way not to forget your passphrase is to store it somewhere safe, preferably in more than one secure place or backing up your secure storage somewhere safe.

You have to accept that there are risks no matter where you store your passphrase.

  • If you store it on your hard drive - the drive might crash
  • If you store it in a password manager - the passwords file might get corrupted or deleted
  • If you print it on paper - the paper might get burned or lost
  • If you store it in your brain - you might forget it

Therefore, by using more than one storage method, you lower the risk.

1.3 Keep Your Passphrase Safe

Eventually you have to use your passphrase on your local workstation to sign transactions, and you might even need to send it to your remote node for forging, bundling, shuffling, account monitoring etc.

So you have to store it securely, preferably in more than one place, and at least one of these places needs to be easily accessible.

Again there is no 100% security, but there are best practices:

  • Don't share your passphrase with anyone
  • Don't store your passphrase unencrypted on a remote node or your local workstation
  • Always use the official NXT wallet
  • Take special care when connecting to remote nodes
  • Do not leave your passphrase printed on paper next to your computer
  • Split your NXT to several accounts, use the smaller balances for daily operations and only access the higher balance accounts when necessary

Using a password manager, that allows you to store multiple passwords encrypted under a single database password, can be secure and convenient. A free, open source option is Keepass.

There are also a options for offline usage, e.g. Offline_Transaction_Signing or NXT Bridge.

2 Increase NXT transfers security with Public Keys

For security reasons, it is important to announce the public key of your new accounts.

Also keep in mind to

  • Always use the official client and make sure the recipient account for your transfers have a public key.
  • Use only "NXT-" addresses and avoid using numeric addresses.

3 Use the Phasing Feature to Emulate Multisig Accounts

NOTE: this guide supplements the video tutorial, produced by Roberto Capodieci, that can be found at:

3.1 Introduction

Nxt offers Account Control: an account can be controlled by other accounts, making any transaction go through an approval process by the controlling accounts. Beside many other possibilities, this allows to emulate the concept of MultiSignature well known in Bitcoin and other blockchains.

Account Control for phased transactions.

Any Nxt Blockchain account can be restricted to sending only phased transactions, subject to a specific voting model. This is achieved by the account submitting a setPhasingOnly transaction using the setPhasingOnlyControl API. The getPhasingOnlyControl API can be used to retrieve the status of an account phasing control, and getAllPhasingOnlyControls can be used to get all the accounts subject to phasing control along with their respective restrictions. Once set, the phasing only account control can only be disabled or changed with another setPhasingOnly transaction, itself subject to the currently set phasing restrictions. Note that by-transaction and by-hash voting models are not allowed for phasing control. Setting the voting model to none is used to disable the control. To prevent deadlocks due to cyclic account control restrictions, approval transactions themselves (PhasingVoteCasting) are not subject to phasing only account control. When setting phasing account control, a maximum fees total can be specified, limiting the total fees for currently pending phased transactions of the controlled account, and limits can be placed on the minimum and maximum phasing durations allowed. Transactions of accounts subject to phasing account control with restriction on maximum fees are throttled at one transaction per account per block.

While this is not technically a multisignature as per cryptographic definition, the way Nxt handles Account Control offers the full pool of users in the blockchain many more opportunities to decide how a transaction is authorised and by whom. This tutorial has been limited to the emulation of a MultiSig account in the Nxt Blockchain, and had no intention to go into other details. For more info check the Nxt Wiki: Watch the tutorial video here:

3.2 Step by step guide

Note also that all the operations illustrated below can be executed also via API.

3.2.1 Setting up the controlled account

Open the wallet UI, and log in with the account you want to be controlled (the account from where the funds will leave when a MultiSignature approves it). Make sure the account has a few coins of balance as setting up the account control requires a fee, Step 1

Open a special dialog window and choose the Account Control tab Click on the account balance to open the dialog to set the Account Control

Step 1 Step 2

Open the Account Control Mandatory Approval Setup

In this dialog go to the third tab “Account Control” and click on it. If the account has no Account Control set up already, you should see the link “Setup Mandatory Approval”. Click on it to open the setting dialog to set up Account Control.

Multisig s2.jpg Step 3

Choose the second control option out of the 5 available

In this tab you can start adding the list of the accounts that are authorised to sign for a transaction to be approved.

Multisig s3.jpg Step 4

Copy all the account IDs and paste them into the list

To copy an account ID simply click on the copy icon in the account, and paste the account ID in an email or wherever necessary to make it available to the person setting up the Account control.

Multisig s4.jpg Step 5

Set the account list and quorum for transactions approval

List as many account IDs as you need and chose how many approvals are necessary to authorise a transaction. For example, if you have 10 authorised accounts to sign, you can chose that only 6 are necessary to approve the transaction

Multisig s5a.jpg

Click on “+ Add Account” to list more accounts,

Multisig s5b.jpg

and set the number of minimum account approvals to approve the transaction in “number of accounts”

Multisig s5c.jpg Step 6

Choose when the transaction will be executed

In the “Minimum and maximum phasing duration” fields you can set, in blocks (1 block equals 1 minute circa) the starting and ending time of the window when the transaction will be executed. For example, following the image above, the transactions set by the controlled accounts will be executed (if the necessary amount of approvals is reached) between 15 to 30 minutes after the submission. This means that if all the necessary approvals (co-signatures) are achieved in 5 minutes after the transaction has been submitted, the transaction will be executed anyways after 15 minutes. If past 15 minutes not enough approvals have been submitted, the transaction keep waiting until 30 minutes from its submission to execute. If within this window of time the quorum of approval is reached, then the transaction will be executed immediately, else it will fail and not be executed. The “Max pending transactions fees” is the maximum amount of fees, per block, that the controlled account can spend (for example to issue new transactions that will need to be approved). It is important to leave at least 2, as controlled accounts transactions cost 2 in fees, but not a too high amount either, as someone with the secret phrase of that account could abuse it spending all the funds in fees.

Multisig s6.jpg Step 7

Submit the form

In the main control panel check that the controlled Account settings are submitted and registered in the blockchain (this is, there is at least 1 or more confirmations)

Multisig s7.jpg

3.2.2 Sending a transaction from the controlled account

When sending a transaction from the controlled account, a warning appears.

Multisig s8.jpg

Send the transaction as usual

Once sent, the transaction appears in the main dashboard, showing how many approvals have already been received. Mouse over the icon to get details on the finish height and status of the transaction

Multisig s9.jpg

3.2.3 Approving a Transaction (cosigning the MultiSig)

Once that the controlled account sends a transaction, the controller accounts (the accounts to co-sign the MultiSig transaction) will receive an “Approval Request” notice.

Multisig s10.jpg

Step 1:

Clicking on the approval request notification will open a page with all the transactions that need approval. The cosigning account holder can verify that all is ok, and press on the “approve” button on the right.

Multisig s11.jpg

Step 2: confirming the approval

A dialog will open requesting to approve the transaction and offering additional options.

Multisig s12.jpg

3.2.4 Verifying that the transaction went through

Both sender (controlled account) and recipient can see the status of the approval.

Multisig s13.jpg

3.2.5 Addendum

Two more items that deserve attention: changing account control and using the API to manage Account Control.

Freeing an account from being “controlled”

This seems quite obvious, but better make it clear: in order to remove or edit the way an account is controlled, the approval of the controlling accounts is necessary.

All you saw above, but via API

Multisig s14.jpg

The API requests to set and manage Account Control are available at the /test URL of the node address being used. From LocalHost, for example, to check the status of the account control of an account, simply use: http://localhost:7876/nxt?requestType=getPhasingOnlyControl&account=[ACCOUNTID]