Signed messages login. Your opiion guys.

[lophie]

I am working on a small VPN service that accept Bitcoin (Almost done. Wish me luck guys). Anyway I just had an idea that will minimize the amount of information I would be requiring like emails and it is just got me interested so I though I would ask you guys about your opinion.

The idea is the following:

          - Customer selects a VPN subscription
          - Customer pays with Bitcoin
          - Record added in the database of a Bitcoin address paying for subscription
            (As soon as the tx has a certain amount of confirmations the account is automatically activated)


Now the login to the service using the client:

          - The client asks for a server address from the main server
          - The server replies with a vpn server address and a random string (periodically changing one)
          - The client login with the Bitcoin addresss as the username and the password is the signature of a signed message with the random string as the message body.


Do you think this is a sound idea?

[1715130912]

1715130912

[1715130912]

1715130912

[kjj]

There is no From: address in bitcoin.  Never has been, never will be.  Have them get an address from their wallet, submit it on the order form.  In your database, attach their chosen address to a payment address that you create.  Once the payment comes in, ignore where it came from.

After that, the challenge/response using bitcoin signatures scheme on a random cookie is very secure.  You just need to get the signing address out of band.

[CIYAM]

I think it's a great idea but *how* is the message signing exactly going to take place (i.e. are you expecting that they have bitcoind running in order to use your VPN)?

[lophie]

@kjj
I am confused a bit  . isn't the input for a tx is to be considered as the "from"? for multiple inputs to the same address and tx I could just save the first one in a record.

@
No need for a "full node" Electrum can do signing just fine.

[CIYAM]

No need for a "full node" Electrum can do signing just fine.

Hmm... so as I don't *have* Electrum it would be that either I have to start using it *or* run bitcoind in order to use your VPN... I would find that to be a little limiting (especially if I was using a laptop on holidays for example).

[Zeilap]

No need for a "full node" Electrum can do signing just fine.

Hmm... so as I don't *have* Electrum it would be that either I have to start using it *or* run bitcoind in order to use your VPN... I would find that to be a little limiting (especially if I was using a laptop on holidays for example).

http://brainwallet.org/#sign

[CIYAM]

http://brainwallet.org/#sign

I am familiar with brainwallet but how is that going to be useful/practical for "signing in" to a VPN?

[DannyHamilton]

- snip -
isn't the input for a tx is to be considered as the "from"? for multiple inputs to the same address and tx I could just save the first one in a record.

Not if I send the bitcoins from my mtGox wallet.  Or from one of the "change" addresses in my Bitcoin-Qt wallet (in which case the client doesn't provide a way to sign messages). Or if I used a mixing service or blockchain.info's shared-send service.  Or if I sent the bitcoins from my BitFloor wallet. Or my Coinbase wallet.

What happens when the previous output requires multi-sig?

EDIT: As of 2013-04-17 BitFloor has ceased all operations.

[Zeilap]

http://brainwallet.org/#sign

I am familiar with brainwallet but how is that going to be useful/practical for "signing in" to a VPN?

Save a local copy?

[lophie]

- snip -
isn't the input for a tx is to be considered as the "from"? for multiple inputs to the same address and tx I could just save the first one in a record.

Not if I send the bitcoins from my mtGox wallet.  Or from one of the "change" addresses in my Bitcoin-Qt wallet (in which case the client doesn't provide a way to sign messages). Or if I used a mixing service or blockchain.info's shared-send service.  Or if I sent the bitcoins from my BitFloor wallet. Or my Coinbase wallet.

What happens when the previous output requires multi-sig?

All valid problems which a warning could solve. Besides most id not all services warn the users from paying Bitcoins using a withdrawal request.

[lophie]

No need for a "full node" Electrum can do signing just fine.

Hmm... so as I don't *have* Electrum it would be that either I have to start using it *or* run bitcoind in order to use your VPN... I would find that to be a little limiting (especially if I was using a laptop on holidays for example).

ah yes of course! and it also means each user connected to my servers got a hot wallet on their machines. definitely a problem....

[lophie]

Thank you guys for showing me the errors of my way 

[lophie]

If you want to use a signed message login, just use GPG keys.

But the idea to to exchange "less" information -_-!

[gweedo]

If you want to use a signed message login, just use GPG keys.

But the idea to to exchange "less" information -_-!

But if your exchanging GPG keys then it is encrypted and you can in turn send more information just for you and the costumer.

[kjj]

@kjj
I am confused a bit  . isn't the input for a tx is to be considered as the "from"? for multiple inputs to the same address and tx I could just save the first one in a record.

There still is no concept of a from: address in the bitcoin system.  People show up here nearly every day hoping to pretend that there is, but there isn't.  A quick search should reveal dozens, if not hundreds, of threads on that subject.

What is so hard about asking the user for an address that they know that they can use for signing?  Surely you already have to collect some information from the user, what is wrong with also collecting a bit of text at the same time?

[CIYAM]

Although gweedo and myself do not agree on the simplicity of GPG (I think it is just too much for an average user) I do think that it is a more suitable tool than Bitcoin is for this particular job (as I think trying to use Bitcoin to accomplish this would actually end up being even harder).

The use of ECDSA for logging in is interesting idea (i.e. I like it) but I don't think that it will take off via Bitcoin as being the software to do it (i.e. it wasn't *designed* for this purpose at all and in fact the ability to sign messages was really an afterthought).