>> (p.1)
    Author Topic: Bitcoin as a new password?  (Read 690 times)

    • crazy_rabbit (OP)
    Legendary
    *
    Offline Offline

    Activity: 1204
    Merit: 1002


    RUM AND CARROTS: A PIRATE LIFE FOR ME


    View Profile
    December 09, 2013, 07:15:58 PM
     #1
    When you consider the number of passwords we manage on a regular basis, (certainly the number of passwords we deal with when dealing with bitcoin services) one wonders if Bitcoin couldn't be our password in and of itself.

    When logging in to Bitstamp, why couldn't I authenticate my identity by demonstrating that I control a certain private key? The sending of a single satoshi perhaps, without any fee, would be enough to show a webservice that I am who I say I am, and by not including any fee, the transaction would be broadcast, but likely never included in the blockchain thus not contribute to bloat.

    The advantages being that I could open my Bitstamp account without ever needing to type on a keyboard, or even interact with the computer in such a way that could be logged. Indeed it might be impossible for an attacker to ever guess what my password would be, as it would appear as simply noise compared to all the transactions broadcast on the network.

    Maybe this is something that could be useful for Mastercoin as well.
    more or less retired.

  • Fab1anFab1an
    Newbie
    *
    Offline Offline

    Activity: 20
    Merit: 0


    View Profile
    December 09, 2013, 07:32:35 PM
     #2
    A new way of logging in is emerging, it might take a while before it catches on but it will come. It's called SQRL, more info:

    http://en.wikipedia.org/wiki/SQRL
    https://www.grc.com/sqrl/sqrl.htm

  • Melbustus
    Legendary
    *
    Offline Offline

    Activity: 1722
    Merit: 1004



    View Profile
    December 09, 2013, 07:48:51 PM
     #3
    Quote from: crazy_rabbit on December 09, 2013, 07:15:58 PM
    When you consider the number of passwords we manage on a regular basis, (certainly the number of passwords we deal with when dealing with bitcoin services) one wonders if Bitcoin couldn't be our password in and of itself.

    When logging in to Bitstamp, why couldn't I authenticate my identity by demonstrating that I control a certain private key? The sending of a single satoshi perhaps, without any fee, would be enough to show a webservice that I am who I say I am, and by not including any fee, the transaction would be broadcast, but likely never included in the blockchain thus not contribute to bloat.

    The advantages being that I could open my Bitstamp account without ever needing to type on a keyboard, or even interact with the computer in such a way that could be logged. Indeed it might be impossible for an attacker to ever guess what my password would be, as it would appear as simply noise compared to all the transactions broadcast on the network.

    Maybe this is something that could be useful for Mastercoin as well.


    Indeed, I was thinking about this a few weeks ago. Demonstrating control of a private key is as simple as signing a message. No need to actually broadcast a transaction. The process would be something like:
    1) Register for a site, providing a bitcoin-address/public-key that you wish to have serve as your identity/auth-creds for the site.
    2) Sign a message showing control of that key, and provide signed message to the site.
    3) To login in the future, site provides you with a message to sign. You sign it and provide the response.
    4) Site verifies that you control the pub key that you said you control by looking at the signed message.

    As you note, this could be done without having to type a password, ever. Of course, then if someone gets control of your device, you have a problem. So it could function like a lot of pw management tools; ie, you'd have a "wallet" that serves as a repository of IDs that you use for various services, with some PW or 2-factor protection on that wallet.

    Seems like there are some interesting possibilities here.

    Bitcoin is the first monetary system to credibly offer perfect information to all economic participants.

  • crazy_rabbit (OP)
    Legendary
    *
    Offline Offline

    Activity: 1204
    Merit: 1002


    RUM AND CARROTS: A PIRATE LIFE FOR ME


    View Profile
    December 09, 2013, 07:53:32 PM
     #4
    Quote from: Melbustus on December 09, 2013, 07:48:51 PM
    Quote from: crazy_rabbit on December 09, 2013, 07:15:58 PM
    When you consider the number of passwords we manage on a regular basis, (certainly the number of passwords we deal with when dealing with bitcoin services) one wonders if Bitcoin couldn't be our password in and of itself.

    When logging in to Bitstamp, why couldn't I authenticate my identity by demonstrating that I control a certain private key? The sending of a single satoshi perhaps, without any fee, would be enough to show a webservice that I am who I say I am, and by not including any fee, the transaction would be broadcast, but likely never included in the blockchain thus not contribute to bloat.

    The advantages being that I could open my Bitstamp account without ever needing to type on a keyboard, or even interact with the computer in such a way that could be logged. Indeed it might be impossible for an attacker to ever guess what my password would be, as it would appear as simply noise compared to all the transactions broadcast on the network.

    Maybe this is something that could be useful for Mastercoin as well.


    Indeed, I was thinking about this a few weeks ago. Demonstrating control of a private key is as simple as signing a message. No need to actually broadcast a transaction. The process would be something like:
    1) Register for a site, providing a bitcoin-address/public-key that you wish to have serve as your identity/auth-creds for the site.
    2) Sign a message showing control of that key, and provide signed message to the site.
    3) To login in the future, site provides you with a message to sign. You sign it and provide the response.
    4) Site verifies that you control the pub key that you said you control by looking at the signed message.

    As you note, this could be done without having to type a password, ever. Of course, then if someone gets control of your device, you have a problem. So it could function like a lot of pw management tools; ie, you'd have a "wallet" that serves as a repository of IDs that you use for various services, with some PW or 2-factor protection on that wallet.

    Seems like there are some interesting possibilities here.



    Good point, I hadn't thought about just signing a message. I was thinking of situations where for example you might try to unlock  a service without obviously interacting with it. The service could even be a physical safe for example. Perhaps you could have more then one private key, each doing something different, like revoking the other keys or transferring ownership, etc...
    more or less retired.
    Pages: [1]
      Print  
Page 1
Viewing Page: 1

IRLBTC™ © 2025 IRLBTC.com