Bitcoin Forum
December 11, 2017, 10:05:05 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Bitcoin adress login system  (Read 1289 times)
glub0x
Legendary
*
Offline Offline

Activity: 816



View Profile
January 24, 2013, 12:51:35 PM
 #1

Is there any project you know using bitcoin as a login system?
I never liked the login/password system as we keep saying "do not reuse your password twice" but then most of the ppl just keep doing it because you can't possibly have 20 account and remember 20 different passwords... And you can never be sure that your password is well stored among other problems...
The only thing that looks like a solution for me actualy is the "login with facebook" btn that you see sometimes. But still doesn't make me very happy.


So couldn't we use the bitcoin system? It would be much better to just always sign the same adress to proove you own it to log on? Or send a satoshi from a particular adress that the website send you back. If you keep using the same adress and with a well enough designed system you could have an history of all your login (and track thief). You would have no password to remember, eventually just your private key to avoid storing it on your computer...

Am i dreaming or reinventing the wheel?

The cost of mediation increases transaction costs, limiting the
minimum practical transaction size and cutting off the possibility for small casual transactions

Satoshi Nakamoto : https://bitcoin.org/bitcoin.pdf
1513029905
Hero Member
*
Offline Offline

Posts: 1513029905

View Profile Personal Message (Offline)

Ignore
1513029905
Reply with quote  #2

1513029905
Report to moderator
1513029905
Hero Member
*
Offline Offline

Posts: 1513029905

View Profile Personal Message (Offline)

Ignore
1513029905
Reply with quote  #2

1513029905
Report to moderator
1513029905
Hero Member
*
Offline Offline

Posts: 1513029905

View Profile Personal Message (Offline)

Ignore
1513029905
Reply with quote  #2

1513029905
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513029905
Hero Member
*
Offline Offline

Posts: 1513029905

View Profile Personal Message (Offline)

Ignore
1513029905
Reply with quote  #2

1513029905
Report to moderator
1513029905
Hero Member
*
Offline Offline

Posts: 1513029905

View Profile Personal Message (Offline)

Ignore
1513029905
Reply with quote  #2

1513029905
Report to moderator
1513029905
Hero Member
*
Offline Offline

Posts: 1513029905

View Profile Personal Message (Offline)

Ignore
1513029905
Reply with quote  #2

1513029905
Report to moderator
RaTTuS
Hero Member
*****
Offline Offline

Activity: 781


Bite me


View Profile
January 24, 2013, 12:57:41 PM
 #2

see https://lastpass.com/

In the Beginning there was CPU , then GPU , then FPGA then ASIC, what next I hear to ask ....

1RaTTuSEN7jJUDiW1EGogHwtek7g9BiEn
flipperfish
Sr. Member
****
Offline Offline

Activity: 338


Dolphie Selfie


View Profile
January 24, 2013, 01:11:19 PM
 #3


Lastpass allows authentication by bitcoin-address?
TTBit
Legendary
*
Offline Offline

Activity: 1136


View Profile
January 24, 2013, 01:30:28 PM
 #4


An idea I had for authentication is to provide a bitcoin address you own when signing up. To change your PW, you must send 20 BTC (or whatever threshold) to that address over the next hour. This would allow anyone access to your accounts, but at a price. Just set your own threshold when setting up the account.

good judgment comes from experience, and experience comes from bad judgment
RaTTuS
Hero Member
*****
Offline Offline

Activity: 781


Bite me


View Profile
January 24, 2013, 01:54:08 PM
 #5


Lastpass allows authentication by bitcoin-address?
no but will give you a different password for each login

In the Beginning there was CPU , then GPU , then FPGA then ASIC, what next I hear to ask ....

1RaTTuSEN7jJUDiW1EGogHwtek7g9BiEn
glub0x
Legendary
*
Offline Offline

Activity: 816



View Profile
January 24, 2013, 03:16:00 PM
 #6

might be another solution i should try but i never felt very happy with it too.
If loads of poeple use thoose kind of solutions, they'll get phished, give theire main pass and then it is the apocalypse...
Also, i don't trust lastpass.com.
Trustless systems looks very important to me.

The cost of mediation increases transaction costs, limiting the
minimum practical transaction size and cutting off the possibility for small casual transactions

Satoshi Nakamoto : https://bitcoin.org/bitcoin.pdf
Sukrim
Legendary
*
Offline Offline

Activity: 2212


View Profile
January 24, 2013, 03:32:04 PM
 #7


An idea I had for authentication is to provide a bitcoin address you own when signing up. To change your PW, you must send 20 BTC (or whatever threshold) to that address over the next hour. This would allow anyone access to your accounts, but at a price. Just set your own threshold when setting up the account.
So if I have few BTC to begin with (say 1 BTC) but value my account at 100 BTC, I have to buy 99 BTC just to change my PW?!

Suggestion:
Username = Bitcoin Address (or firstbits of an address)
To login, sign a statement provided by the website (e.g. "Login to service.com at timestamp 12345 from IP 123.123.123.123") with that address' private key and paste the signed statement in the password field.

https://bitfinex.com <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with this refcode: x5K9YtL3Zb
Mail me at Bitmessage: BM-BbiHiVv5qh858ULsyRDtpRrG9WjXN3xf
TTBit
Legendary
*
Offline Offline

Activity: 1136


View Profile
January 24, 2013, 03:40:02 PM
 #8


So if I have few BTC to begin with (say 1 BTC) but value my account at 100 BTC, I have to buy 99 BTC just to change my PW?!

Suggestion:
Username = Bitcoin Address (or firstbits of an address)
To login, sign a statement provided by the website (e.g. "Login to service.com at timestamp 12345 from IP 123.123.123.123") with that address' private key and paste the signed statement in the password field.

I was thinking for PW recovery. You can send the same 1 BTC to the address 100 times to satisfy the requirement. I'm not claiming it is very practical at the moment.

good judgment comes from experience, and experience comes from bad judgment
arsenische
Legendary
*
Offline Offline

Activity: 1155


View Profile
January 24, 2013, 03:44:12 PM
 #9

Update: oops, sorry, didn't notice previous message of Sukrim that had the same idea, striked out to prevent duplication.

I thought about following mechanism:

1. You enter your <bitcoin address> as login.
2. Website shows a message "I'm the owner of <bitcoin address>, want to login to <site url>. <timestamp>".
3. You sign this message with private key that corresponds to <bitcoin address>.
4. Website checks your signature and lets you in.

Probably all those steps could be automated. You just click the link on site, your bitcoin client asks you to select address which you want to use for authorization, you do so and you are logged in (if you use encrypted wallet, you would need to unlock it with your passphrase).

kjj
Legendary
*
Offline Offline

Activity: 1302



View Profile
January 24, 2013, 04:18:10 PM
 #10

The gribble IRC bot uses secure bitcoin authentication.  When you register, you provide a bitcoin address.  When you want to authenticate, the bot generates a random cookie and you have to sign it using the key associated with the registration address.  You send back the sigature, and it makes sure that it was signed with the right key.

It is the most secure system that I can think of.

p2pcoin: a USB/CD/PXE p2pool miner - 1N8ZXx2cuMzqBYSK72X4DAy1UdDbZQNPLf - todo
I routinely ignore posters with paid advertising in their sigs.  You should too.
glub0x
Legendary
*
Offline Offline

Activity: 816



View Profile
January 24, 2013, 04:27:54 PM
 #11

The gribble IRC bot uses secure bitcoin authentication.  When you register, you provide a bitcoin address.  When you want to authenticate, the bot generates a random cookie and you have to sign it using the key associated with the registration address.  You send back the sigature, and it makes sure that it was signed with the right key.

It is the most secure system that I can think of.
Looks nice, i'll try :p this kind of authentification should be link to a smartphone so it can be fast/handy/ doable everywhere.

The cost of mediation increases transaction costs, limiting the
minimum practical transaction size and cutting off the possibility for small casual transactions

Satoshi Nakamoto : https://bitcoin.org/bitcoin.pdf
theymos
Administrator
Legendary
*
Offline Offline

Activity: 2870


View Profile
January 24, 2013, 04:28:45 PM
 #12

Browsers can already do this sort of thing with TLS client authentication (though this system could be improved). Using Bitcoin for authentication is an unnecessary extra layer of complexity.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
kjj
Legendary
*
Offline Offline

Activity: 1302



View Profile
January 24, 2013, 05:30:27 PM
 #13

The gribble IRC bot uses secure bitcoin authentication.  When you register, you provide a bitcoin address.  When you want to authenticate, the bot generates a random cookie and you have to sign it using the key associated with the registration address.  You send back the sigature, and it makes sure that it was signed with the right key.

It is the most secure system that I can think of.
Looks nice, i'll try :p this kind of authentification should be link to a smartphone so it can be fast/handy/ doable everywhere.

The tricky part is passing the cookies back and forth.  The challenge cookie and the signature string both need to be somewhat long, longer than you'd want to type.

For a smart phone, you'd need some form of communication other than keyboards.  You could do it with QR codes, or NFC or something.  But I'm not aware of any systems commonly in place that could handle it.

p2pcoin: a USB/CD/PXE p2pool miner - 1N8ZXx2cuMzqBYSK72X4DAy1UdDbZQNPLf - todo
I routinely ignore posters with paid advertising in their sigs.  You should too.
Elwar
Legendary
*
Offline Offline

Activity: 2310


www.bitpools.com


View Profile WWW
January 24, 2013, 06:47:02 PM
 #14

I started working on a system where your login is tied to a Bitcoin address for verification.

You provide an empty address and you are not authenticated until there are BTC in the address.

It still requires a login and password. I could not figure out a good way to use BTC for that.

http://www.bitpools.com
Pool your bitcoins with others. Vote on solutions using the Bitcoin blockchain. Keep your bitcoins in your cold storage until you find a solution you like.
Links and Reviews of useful every day places to spend bitcoins: https://bitcointalk.org/index.php?topic=943143.0
MPOE-PR
Hero Member
*****
Offline Offline

Activity: 756



View Profile
January 24, 2013, 09:43:29 PM
 #15

The gribble IRC bot uses secure bitcoin authentication.  When you register, you provide a bitcoin address.  When you want to authenticate, the bot generates a random cookie and you have to sign it using the key associated with the registration address.  You send back the sigature, and it makes sure that it was signed with the right key.

It is the most secure system that I can think of.

Pretty much.

My Credentials  | THE BTC Stock Exchange | I have my very own anthology! | Use bitcointa.lk, it's like this one but better.
franky1
Legendary
*
Offline Offline

Activity: 1876



View Profile
January 24, 2013, 10:11:58 PM
 #16

my solution to 20 different random passwords is easy

have a random character word u can remember and the somewhere in the word you also put in something else. EG the websites address

eg:
1h9f6e0 49d8ve7 becomes 1h9f6e0bitcointalk49d8ve7
or
193yzso37dsw becomes 1B9I3TyCzOdIoN3T7AdLsKw

by the way my password looks nothing like this, its just an idea to have something that is not in the dictionary.

you can even make a VB.net webbrowser that reads the web address and auto spells your password for you to just copy and paste into it, thus avoiding google chrome addons and internet explorer extensions from listening into the webpage data transmissions. and bypassing keyloggers if u simply copy and paste.
if your smart enough you can even use the document.element code to directly put the passphrase into the webpage login box without the need of your passphrase going into the 'clipboard' which avoids any smart keyloggers which might also copy every text you copy and paste.

there are many ways to secure yourself and the best security is personal security. not relying on third party design or service to secure your system for you.

because if everyone started using the same security service hackers would direct their interest at that single service. but an individual style of security where no two people use the same method, will make hackers lives even harder.

I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Don't take any information given on this forum on face value. Please do your own due diligence & respect what is written here as both opinion & information gleaned from experience. If you wish to seek legal FACTUAL advice, then seek the guidance of a LEGAL specialist.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!