topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Tuesday December 10, 2024, 11:49 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: BitShares Login - New cryptographically secure non-3rd party login system  (Read 2346 times)

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,291
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Everyone is familiar with sites that let you login with Google accounts, Facebook, Twitter, etc. That OAuth stuff.

This takes it to a new level where you can login without a 3rd party.

http://bytemaster.bi.../22/BitShares-Login/

There's a lot of cool stuff in there, but I'll only paste one nifty snippet:

The other property it is important to highlight is a unique characteristic of the ECDSA signature verification algorithm. In most asymmetric cryptosystems, a function V(K, S, T) takes the public key, signature, and signed text as parameters and returns a simple true/false value indicating whether the signature is valid or not. This is the behavior of RSA, for example. In ECDSA, however, a verification function takes only two parameters, S and T, and returns K. The signature is valid if the returned K matches the signer’s public key. This is a significant difference, as both the client and server in the above Login protocol use signatures to recover the other party’s public key, which they then look up on the blockchain to determine the other party’s identity. In other words, the signature verification is not used to determine if the signature is valid, but to determine the identity of the other party.

Ok, 2:

Thus, given the semantic security of ECDSA and ECDH, the worst attack a malicious party with full control over the communication medium could leverage is denial of service.

And there's a Simple Machines Forum plugin!

https://github.com/B.../Bitshares-SMF-Login

tl;dr - A login system where YOU control your information, and not a 3rd party like Facebook.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker