public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: bitcoingrant@gmx.com
To: bitcoin-development@lists.sourceforge.net
Subject: [Bitcoin-development] Message Signing based authentication
Date: Sat, 02 Nov 2013 01:01:43 -0400	[thread overview]
Message-ID: <20131102050144.5850@gmx.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 1415 bytes --]

Passwords are inefficient by design: frequently we hear news from Sony, Square Enix, Adobe, and various others about passwords being compromised, databases being copied and stolen. This story remains true in the Bitcoin space. In light of the recent Bitcointalk forum breach echoes an increasing need for passwords to become a thing of the past.
In celebration of the 5 year anniversary of the Bitcoin whitepaper, we are delighted to introduce the Message Signing based authentication method.
In brief, the authentication work as follows:
Server provides a token for the client to sign.
client passes the signed message and the bitcoin address back to the server.
server validates the message and honors the alias (optional) and bitcoin address as identification.
http://forums.bitcoingrant.org/
Above is a proof of concept forum that utilize this authentication method. Following Kerckhoffs's principle, this forum only stores the signed message and bitcoin address the users provide the first time they use the site, both are public information. In addition, there is no database, everything is simply an RSS feed. For the sake of usability we have included a redis for the sessions, at the cost of additional exposure to potential risks: users no longer need to sign a token every time they wish to post.
All source code will be available on github in the next few days. 
We welcome any feedback or suggestions.

[-- Attachment #2: Type: text/html, Size: 4824 bytes --]

             reply	other threads:[~2013-11-02  5:01 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-11-02  5:01 bitcoingrant [this message]
2013-11-02  5:54 ` [Bitcoin-development] Message Signing based authentication Luke-Jr
2013-11-02 13:02 ` Mike Hearn
2013-11-02 13:16   ` Melvin Carvalho
2013-11-02 13:19   ` Hannu Kotipalo
2013-11-02 16:26     ` Mike Hearn
2013-11-02 16:26       ` Mike Hearn
2013-11-02 16:52       ` Melvin Carvalho
2013-11-02 17:08         ` Jeff Garzik
2013-11-02 17:16           ` Hannu Kotipalo
2013-11-02 21:14 ` Johnathan Corgan
2013-11-02 21:51   ` Mark Friedenbach
2013-11-03  0:29     ` Allen Piscitello
2013-11-03  0:33       ` Luke-Jr
2013-11-03  1:19         ` Allen Piscitello
2013-11-03  1:27           ` Luke-Jr
2013-11-03  1:36             ` Allen Piscitello
2013-11-03  6:23   ` Timo Hanke
2013-11-06  3:38   ` Melvin Carvalho
2013-11-02 21:57 ` slush
2013-11-06  3:01   ` Melvin Carvalho
2013-11-06  6:41     ` slush
2013-12-06 10:44       ` Melvin Carvalho

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20131102050144.5850@gmx.com \
    --to=bitcoingrant@gmx.com \
    --cc=bitcoin-development@lists.sourceforge.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox