Bitcoin Forum
December 10, 2016, 08:55:57 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: an idea for easy two-factor authentication (Attn: Mt.Gox)  (Read 3687 times)
vectorvictor
Newbie
*
Offline Offline

Activity: 28


View Profile
July 04, 2011, 06:49:31 PM
 #1


Attention:  Mt.Gox, TradeHill, MyBitCoin, and all other bitcoin services!

Here is an idea for an easy way to add optional 2-factor authentication to logins.

Two-factor authentication is a more secure way of allowing access to a user account.  It uses two separate channels to ensure that the user is who they say they are.  Typically, it uses something they know (like a password), and something they have (like an RSA key fob).  The problem with key fobs is that you have to pay for the third-party hardware gadget, and distribute them to users, which gets complicated.

The simple alternative I'm suggesting is this: allow the user an option to use 2-factor authentication based on a 260-character "passcard" that the user provides, which is then used at login to issue a challenge-response PIN identification.

 https://secure.wikimedia.org/wikipedia/en/wiki/Two-factor_authentication
 https://secure.wikimedia.org/wikipedia/en/wiki/Challenge_response

Here's how it works.

(1) To set up my 2-factor login, I send you a string of 260 symbols, to be interpreted as a passcard with 10 rows (0-9) and 26 columns (A-Z).  You store that safely, like you do (hopefully) with passwords.  This passcard information is communicated only once, when I'm setting up the 2-factor login (much like setting a password).

(2) Now each time I login, you include a request for a 4-digit PIN, starting at a particular row and column (generated randomly).  For example:

Code:
  User ID:   ____________________
  Password:  ____________________
  PIN at 4V: ____

The key point here is that a hacker (say, hypothetically, in Hong Kong) won't have access to my passcard, and can't login as if they were me, even if they've cracked my password.  [Added bonus: kills bots dead.  No need for annoying CAPTCHAs if they've opted for 2-factor login.]

For my part, I can create my 260-symbol passcard in whatever way I want.  For example, I can use the Python code below to convert a strong passphrase into a passcard block (maybe on a different computer, just to be extra safe).  Now I can print out the passcard, put it in my wallet, and erase all traces of its creation.  If I ever lose the card, I can easily re-create it from the passphrase.  (Python uses the Mersenne Twister RNG algorithm, so it will always generate the same sequence from the given seed).

Or, if using that piece of paper is too cumbersome for me, I might decide to have a .jpg image of the passcard on my phone, or whatever other reference method I'm comfortable with.  [Or, if I'm not too concerned about someone gaining full access to my computer, I could even have it on my desktop, or have a password manager that answers the challenge-response PIN for me.]

Code:
Python code and example:

# Victor's two-factor authentication passcard generator
# (c) copyright: Victor Egan, 1EWD8L6ujFQMDiDn8Se9SP9A4yaxwpbRks

from random import randint, seed

symbols = '23456789abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ@#$%&*<>+{}[]()/?'

def generate_passcard (passphrase, symbols):
    """Generate the 260-character passcard block for the given passphrase"""
    passcard = ''
    seed(passphrase)
    for i in range(260):
        s = symbols[randint(0, len(symbols) - 1)]
        passcard += s
    return passcard

def print_passcard (passcard):
    """Print the given 260-character passcard"""
    print '\nPasscard block:', passcard
    print
    print '  ABCDEFGHIJKLMNOPQRSTUVWXYZ'
    print '----------------------------'
    cardlist = list(passcard)
    for i in range(10):
        line = ''
        for j in range(26):
            line += cardlist.pop(0)
        print i, line
    print
    return



Code:
Note: this is not a very good passphrase, it's just being used as an example.

>>> passphrase = "Roger Roger, you have clearance Clarence, what's your vector Victor?"
>>> passcard = generate_passcard(passphrase, symbols)
>>> print_passcard(passcard)

Passcard block: sL#tyHqrY4b+mw+VU[VAr[GpQHKaVz3eza3m4#zWJfPBXU)yw[W7Bj]V%s48GSLP?+2YeN4eJa)fWPg?PAGQByWhTgXWkc#b*VaV>/9a9W*u$#TR&A9zq(xPzVN2tfxpk8sz#kE+CN+GbyDqm&Y#Y%a6RTx<Ezs8#)7+frvy})sUZkrFxBH+KH9k4EU9u>v5?gqP{yYMZaZB?<K%>+/&Lb8r8Lj}h*DcBVk(?738Nru(/>XsBB2pw>errsEzXKAdRMcd

  ABCDEFGHIJKLMNOPQRSTUVWXYZ
----------------------------
0 sL#tyHqrY4b+mw+VU[VAr[GpQH
1 KaVz3eza3m4#zWJfPBXU)yw[W7
2 Bj]V%s48GSLP?+2YeN4eJa)fWP
3 g?PAGQByWhTgXWkc#b*VaV>/9a
4 9W*u$#TR&A9zq(xPzVN2tfxpk8
5 sz#kE+CN+GbyDqm&Y#Y%a6RTx<
6 Ezs8#)7+frvy})sUZkrFxBH+KH
7 9k4EU9u>v5?gqP{yYMZaZB?<K%
8 >+/&Lb8r8Lj}h*DcBVk(?738Nr
9 u(/>XsBB2pw>errsEzXKAdRMcd


Code:
  Example login:

  User ID:   vectorvictor
  Password:  ****************
  PIN at 8Y: ****    Nr>+


People: If you want to use this code to create a passcard, go ahead.

Businesses: If you want to use this code to help your users create their passcard, please ask me for permission first.  Regardless, do allow them to submit *any* block of 260 symbols that they choose.

Note: I do not suggest using a card like this for all of your passwords, because it is a single point of failure, and only provides a relatively small number of possible passwords.  (It would be better than reusing the same weak passwords, however).  As a second channel for authentication, it seems okay.

For some more fun facts on password cracking (and on the Mt.Gox hack in particular) see my previous post:
http://forum.bitcoin.org/index.php?topic=24727.msg314393#msg314393

Disclaimer:  I'm a math and algorithms guy, but I don't know very much about computer security or cryptography.  This whole idea might be horribly broken.  If it is, then please explain why, so that we can come up with something better.

penny for my thoughts:  1EWD8L6ujFQMDiDn8Se9SP9A4yaxwpbRks
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481360157
Hero Member
*
Offline Offline

Posts: 1481360157

View Profile Personal Message (Offline)

Ignore
1481360157
Reply with quote  #2

1481360157
Report to moderator
1481360157
Hero Member
*
Offline Offline

Posts: 1481360157

View Profile Personal Message (Offline)

Ignore
1481360157
Reply with quote  #2

1481360157
Report to moderator
Jered Kenna (TradeHill)
Sr. Member
****
Offline Offline

Activity: 420



View Profile WWW
July 04, 2011, 07:53:31 PM
 #2

This is what I love about the community. People working together to make it a better place.
I'm not one of the coders so I can't say how well we could implement this in to our site.
We will be announcing our 2 factor authentication soon though. We've been evaluating and testing it for a while.
We don't want to release anything that isn't ready to go and well tested.

moneyandtech.com
@moneyandtech @jeredkenna
vectorvictor
Newbie
*
Offline Offline

Activity: 28


View Profile
July 04, 2011, 08:08:20 PM
 #3

This is what I love about the community. People working together to make it a better place.
I'm not one of the coders so I can't say how well we could implement this in to our site.
We will be announcing our 2 factor authentication soon though. We've been evaluating and testing it for a while.
We don't want to release anything that isn't ready to go and well tested.


Thanks for the quick response.  Glad to hear that it is already on your radar.

If you're thinking of using a smartphone app, or something like that, then I encourage you to consider having more than one option for 2-factor authentication.

I haven't seen something like my method offered before.  It's dirt simple, doesn't require any special equipment or technology, and is completely under the user's control.  Implementing it would not be very different from handling passwords now.


penny for my thoughts:  1EWD8L6ujFQMDiDn8Se9SP9A4yaxwpbRks
Jered Kenna (TradeHill)
Sr. Member
****
Offline Offline

Activity: 420



View Profile WWW
July 04, 2011, 08:14:42 PM
 #4

This is what I love about the community. People working together to make it a better place.
I'm not one of the coders so I can't say how well we could implement this in to our site.
We will be announcing our 2 factor authentication soon though. We've been evaluating and testing it for a while.
We don't want to release anything that isn't ready to go and well tested.


Thanks for the quick response.  Glad to hear that it is already on your radar.

If you're thinking of using a smartphone app, or something like that, then I encourage you to consider having more than one option for 2-factor authentication.

I haven't seen something like my method offered before.  It's dirt simple, doesn't require any special equipment or technology, and is completely under the user's control.  Implementing it would not be very different from handling passwords now.



Our solution has a few ways to authenticate but yours would be a lot cheaper if we can implement it. Naturally that's a plus. We're not opposed to paying a lot of money for security if needed but if we can be nearly as secure without spending five figures it would be an easy choice. We're concerned with ease of use and simplicity for the average user.

I'll promise that we will look in to it and will have a 2 factor authentication ASAP but not being a coder I can't promise anything more than that at this point.
-Jered

moneyandtech.com
@moneyandtech @jeredkenna
vectorvictor
Newbie
*
Offline Offline

Activity: 28


View Profile
July 04, 2011, 08:54:55 PM
 #5

We're concerned with ease of use and simplicity for the average user.

Well, those who opt for 2-factor logins generally aren't average users, by definition.

But it is very easy to use in any case -- much easier than conventional methods, like Google's.

They just copy-n-paste their 260-symbol block into a password field.  Or, if they prefer, they can let you generate a passcard block and send it to them (maybe with a nice colourful image, or pdf).  The fact that the system is uncomplicated makes it easier to design a clean, elegant UI.

Regardless, thanks again for discussing it with your team.

penny for my thoughts:  1EWD8L6ujFQMDiDn8Se9SP9A4yaxwpbRks
willphase
Hero Member
*****
Offline Offline

Activity: 770


View Profile
July 04, 2011, 11:43:02 PM
 #6

Quote
(1) To set up my 2-factor login, I send you a string of 260 symbols, to be interpreted as a passcard with 10 rows (0-9) and 26 columns (A-Z). 

relies on sending the one time pad to the user, which evil eavesdropper could intercept and use to login from that point on.

this is the problem with a shared secret, and why public key cryptography, which allows a shared secret to be securely exchanged between two parties without an eavesdropper being able to determine it, is used nowadays.

The more secure cryptographic equivalent of your idea is to issue the user a client certificate, and for them to store this client certificate in a secure password protected certificate store.  I think one exchange is doing this already.

Will

ShaggyB (BitCoinWorldMarket)
Jr. Member
*
Offline Offline

Activity: 33


View Profile WWW
July 05, 2011, 03:16:49 AM
 #7

What a brilliant idea. The only flaw I can see here is if the passcard, (which would need to be stored in a db somewhere) were compromised along with user login information.


Finally a major marketplace to shop with Bitcoin! Over 10,000 products.    www.BitCoinWorldMarket.com
vectorvictor
Newbie
*
Offline Offline

Activity: 28


View Profile
July 05, 2011, 04:40:14 AM
 #8

What a brilliant idea. The only flaw I can see here is if the passcard, (which would need to be stored in a db somewhere) were compromised along with user login information.


Yes, if the site is storing the information insecurely, like MD5, then the user is still hooped.


penny for my thoughts:  1EWD8L6ujFQMDiDn8Se9SP9A4yaxwpbRks
vectorvictor
Newbie
*
Offline Offline

Activity: 28


View Profile
July 05, 2011, 05:00:58 AM
 #9

Quote
(1) To set up my 2-factor login, I send you a string of 260 symbols, to be interpreted as a passcard with 10 rows (0-9) and 26 columns (A-Z). 

relies on sending the one time pad to the user, which evil eavesdropper could intercept and use to login from that point on.

this is the problem with a shared secret, and why public key cryptography, which allows a shared secret to be securely exchanged between two parties without an eavesdropper being able to determine it, is used nowadays.

The more secure cryptographic equivalent of your idea is to issue the user a client certificate, and for them to store this client certificate in a secure password protected certificate store.  I think one exchange is doing this already.

Will

True, this does not provide a 100% secure alternative.  It is a quick-n-dirty alternative that provides a little less than 100% of the value, in exchange for a lot of practical benefits.

Maybe it shouldn't be called 2-factor authentication, to avoid any possible confusion.  Maybe it should just be called something generic, like "extra password protection", with no theoretical guarantees. (*)

I do think the benefits are significant though, since almost all break-in attempts will occur afterwards.  The fact that some 15-year old h4ckzorz in Minsk can't be taking pot-shots at your account password seems to be worth something...

(*) "In theory, there's no difference between theory and practice.  In practice, there is."




penny for my thoughts:  1EWD8L6ujFQMDiDn8Se9SP9A4yaxwpbRks
legion050
Jr. Member
*
Offline Offline

Activity: 51



View Profile
July 05, 2011, 07:03:43 AM
 #10

http://www.duosecurity.com/

2 factor auth services.
GeniuSxBoY
Hero Member
*****
Offline Offline

Activity: 546



View Profile
July 05, 2011, 07:30:22 AM
 #11

Sorry, but this idea has the same vulnerabilities as the rest.
error
Hero Member
*****
Offline Offline

Activity: 574



View Profile
July 05, 2011, 07:34:13 AM
 #12

http://www.duosecurity.com/

2 factor auth services.

Nice find. I snapped that up for my own use. Smiley

15UFyv6kfWgq83Pp3yhXPr8rknv9m6581W
cloud9
Member
**
Offline Offline

Activity: 70


View Profile
July 05, 2011, 07:42:19 AM
 #13

Wouldn't the easiest two factor login for Bitcoin not just be to make use of Bitcoin's intrinsic cryptographic values:

On registration you give a bitcoin sending login address you own to the service provider, for example 13Ycm33vMGUo2HCu87pXZtqNapx8Cjjhb1.  To confirm that it is actually you attempting to login, the service provider gives a four digit random number , for example 5783 (wxyz with w=5,x=7,y=8 & z=3)- and he confirms your identity on 0/ confirmations when you've sent 0.015783 (0.01wxyz) to the service provider's associated address for your account FROM your bitcoin login sending address (registered for login purposes and on file with the service provider), ie. 13Ycm33vMGUo2HCu87pXZtqNapx8Cjjhb1 .  The service provider confirms from the blockchain that you did sent 0.015783 (0.01wxyz) from your address on file with the service provider, ie. 13Ycm33vMGUo2HCu87pXZtqNapx8Cjjhb1 , and allows you access (because as the owner of 13Ycm33vMGUo2HCu87pXZtqNapx8Cjjhb1 only you should be able to actually spend from this address).

Please note that both transfers for login purposes can be sent without transfer fees as they exceed 0.01 btc minimum.

It seems like Bitcoin after all has some other useful uses than just a medium of exchange!


Disclaimer:  Postings of Cloud9 are only individual views of opinion and/or musings and/or hypothesisses.  On a non-authoritative, peer-to-peer public forum, you do not need permission from Cloud9 to derive your own conclusions or opinions, so please do.  Calculations and assumptions to be verified.
error
Hero Member
*****
Offline Offline

Activity: 574



View Profile
July 05, 2011, 07:45:53 AM
 #14

Wouldn't the easiest two factor login for Bitcoin not just be to:

On registration you give a bitcoin sending login address you own to the service provider, for example 13Ycm33vMGUo2HCu87pXZtqNapx8Cjjhb1.  To confirm that it is actually you attempting to login, the service provider gives a four digit random number , for example 5783 - and he confirms your identity on 0/ confirmations when you've sent 0.15783 to the service provider's associated address for your account FROM your bitcoin login sending address (registered for login purposes and on file with the service provider), ie. 13Ycm33vMGUo2HCu87pXZtqNapx8Cjjhb1 .  The service provider confirms from the blockchain that you did sent 0.15783 from your address on file with the service provider, ie. 13Ycm33vMGUo2HCu87pXZtqNapx8Cjjhb1 , and allows you access (because as the owner of 13Ycm33vMGUo2HCu87pXZtqNapx8Cjjhb1 only you should be able to actually spend from this address).

Please note that both transfers for login purposes can be sent without transfer fees as they exceed 0.1 btc minimum.

There's no real way right now to send coins from a specific address. Not to mention that the address might not have any coins anyway.

15UFyv6kfWgq83Pp3yhXPr8rknv9m6581W
kseistrup
Hero Member
*****
Offline Offline

Activity: 565


Unselfish actions pay back better


View Profile WWW
July 05, 2011, 07:46:51 AM
 #15


Please note that both transfers for login purposes can be sent without transfer fees as they exceed 0.1 btc minimum.

That would be BTC 0.01, right?

Cheers,

Klaus Alexander Seistrup
http://about.me/kseistrup
lebuen
Member
**
Offline Offline

Activity: 106


View Profile
July 05, 2011, 07:48:16 AM
 #16

http://www.duosecurity.com/

2 factor auth services.
"Looks" nice, but you'd always have to rely on this third-party. A really secure alternative would be this: https://www.privacyfoundation.de/crypto_stick/crypto_stick_english/ (or generally any other smartcard-based authentication). Major drawback: relatively large one-time cost (49€ for the crypto stick, even more for smartcard + reader).
cloud9
Member
**
Offline Offline

Activity: 70


View Profile
July 05, 2011, 07:48:36 AM
 #17

Wouldn't the easiest two factor login for Bitcoin not just be to:

On registration you give a bitcoin sending login address you own to the service provider, for example 13Ycm33vMGUo2HCu87pXZtqNapx8Cjjhb1.  To confirm that it is actually you attempting to login, the service provider gives a four digit random number , for example 5783 (wxyz, w=5, x=7, y=8, & z=3) - and he confirms your identity on 0/ confirmations when you've sent 0.015783 (0.01wxyz) to the service provider's associated address for your account FROM your bitcoin login sending address (registered for login purposes and on file with the service provider), ie. 13Ycm33vMGUo2HCu87pXZtqNapx8Cjjhb1 .  The service provider confirms from the blockchain that you did sent 0.015783 (0.01wxyz) from your address on file with the service provider, ie. 13Ycm33vMGUo2HCu87pXZtqNapx8Cjjhb1 , and allows you access (because as the owner of 13Ycm33vMGUo2HCu87pXZtqNapx8Cjjhb1 only you should be able to actually spend from this address).

Please note that both transfers for login purposes can be sent without transfer fees as they exceed 0.01 btc minimum.

There's no real way right now to send coins from a specific address.

There is - you just spend all your coins in your wallet to a certain address in your wallet that you own and it consolidates into the destination address and empties all other addresses.  You can also have a dedicated wallet.dat just for this purpose if you do not want to mess up your other keys.

Disclaimer:  Postings of Cloud9 are only individual views of opinion and/or musings and/or hypothesisses.  On a non-authoritative, peer-to-peer public forum, you do not need permission from Cloud9 to derive your own conclusions or opinions, so please do.  Calculations and assumptions to be verified.
error
Hero Member
*****
Offline Offline

Activity: 574



View Profile
July 05, 2011, 07:50:16 AM
 #18

Wouldn't the easiest two factor login for Bitcoin not just be to:

On registration you give a bitcoin sending login address you own to the service provider, for example 13Ycm33vMGUo2HCu87pXZtqNapx8Cjjhb1.  To confirm that it is actually you attempting to login, the service provider gives a four digit random number , for example 5783 - and he confirms your identity on 0/ confirmations when you've sent 0.15783 to the service provider's associated address for your account FROM your bitcoin login sending address (registered for login purposes and on file with the service provider), ie. 13Ycm33vMGUo2HCu87pXZtqNapx8Cjjhb1 .  The service provider confirms from the blockchain that you did sent 0.15783 from your address on file with the service provider, ie. 13Ycm33vMGUo2HCu87pXZtqNapx8Cjjhb1 , and allows you access (because as the owner of 13Ycm33vMGUo2HCu87pXZtqNapx8Cjjhb1 only you should be able to actually spend from this address).

Please note that both transfers for login purposes can be sent without transfer fees as they exceed 0.1 btc minimum.

There's no real way right now to send coins from a specific address.

There is - you just spend all your coins in your wallet to a certain address in your wallet that you own and it consolidates into the destination address and empties all other addresses.

OK, then you either have to wait to spend any more bitcoins, or pay a transaction fee. Or wait hours for it to be confirmed. As an authentication method, this certainly doesn't seem workable.

15UFyv6kfWgq83Pp3yhXPr8rknv9m6581W
cloud9
Member
**
Offline Offline

Activity: 70


View Profile
July 05, 2011, 07:51:10 AM
 #19


Please note that both transfers for login purposes can be sent without transfer fees as they exceed 0.1 btc minimum.

That would be BTC 0.01, right?

Cheers,

I'll correct, thanks!

Disclaimer:  Postings of Cloud9 are only individual views of opinion and/or musings and/or hypothesisses.  On a non-authoritative, peer-to-peer public forum, you do not need permission from Cloud9 to derive your own conclusions or opinions, so please do.  Calculations and assumptions to be verified.
cloud9
Member
**
Offline Offline

Activity: 70


View Profile
July 05, 2011, 07:59:30 AM
 #20

The cost in bitcoins of the 0.01wxyz btc login pin 0/? confirmation scheme would be zero as the 0.01wxyz btc gets transferred to the owner's own account at the service provider anyway (the owner of the bitcoins being the service user attempting to login by transferring the random agreed number of bitcoins).

But regardless, at worst 0.019999 btc = ~0.29US$ at present, and 0.010000 btc = ~0.15US$.

This number of bitcoins can however be transferred back to any address the owner likes as it has remained his property - it is just temporarily used to verify ownership of an address on file with the service provider (and thus verifying account ownership - whether anonymously or not).

Disclaimer:  Postings of Cloud9 are only individual views of opinion and/or musings and/or hypothesisses.  On a non-authoritative, peer-to-peer public forum, you do not need permission from Cloud9 to derive your own conclusions or opinions, so please do.  Calculations and assumptions to be verified.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!