Bitcoin Forum
December 09, 2016, 07:24:01 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Public key as ID for market account system  (Read 989 times)
Nefario
Hero Member
*****
Offline Offline

Activity: 602


GLBSE Support support@glbse.com


View Profile WWW
January 24, 2011, 09:20:00 AM
 #1

In building the stock market application I want to use the public key from an RSA generated pair as the account owners id, so no username or password, just the public key.

If they wanted to use another keypair(for example the one they have is compromised) they can keep the same public key as an ID but the actuall public key used for authentication is a new one.

Is this a good idea? Or is it a better choice to use an email address as the users ID (remember the ID must be unique), this way a user can change the keypairs used for their account

How does bitcoin manage this? It can generate many keys (bitcoin addresses) for a single wallet, what is the id used in the wallet(that owns all those public keys?)?

PGP key id at pgp.mit.edu 0xA68F4B7C

To get help and support for GLBSE please email support@glbse.com
1481311441
Hero Member
*
Offline Offline

Posts: 1481311441

View Profile Personal Message (Offline)

Ignore
1481311441
Reply with quote  #2

1481311441
Report to moderator
1481311441
Hero Member
*
Offline Offline

Posts: 1481311441

View Profile Personal Message (Offline)

Ignore
1481311441
Reply with quote  #2

1481311441
Report to moderator
"Your bitcoin is secured in a way that is physically impossible for others to access, no matter for what reason, no matter how good the excuse, no matter a majority of miners, no matter what." -- gmaxwell
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481311441
Hero Member
*
Offline Offline

Posts: 1481311441

View Profile Personal Message (Offline)

Ignore
1481311441
Reply with quote  #2

1481311441
Report to moderator
davout
Legendary
*
Offline Offline

Activity: 1358


1davout


View Profile WWW
January 24, 2011, 09:29:19 AM
 #2

Nobody "owns" them, the keypair is in your keystore or it isn't.
As for the User ID you should stick with something unique, account number, random hash, whatever and use the key for authentication (but not for identification).

gene
Sr. Member
****
Offline Offline

Activity: 252


View Profile
January 27, 2011, 11:15:45 AM
 #3

I think that using ssh keys would be great. Let the user choose a username or automatically create a unique hash and authenticate against the ssh key.

This is far stronger than typical password/email authentication schemes. Of course, it could complement an enhanced scheme: perhaps give the user the option to allow key resetting via a PGP-encrypted mechanism. The user would have to upload a public PGP key and email, but would ensure that the mechanism would only be usable by whoever has the private PGP key.

Normal authentication via ssh key and PGP-protected credential resetting mechanism, in case of ssh key loss.

*processing payment* *error 404 : funds not found*
Do you want to complain on the forum just to fall for another scam a few days later?
| YES       |        YES |
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!