|
bytemaster (OP)
|
 |
October 24, 2013, 08:00:44 PM
Last edit: October 25, 2013, 12:17:37 AM by bytemaster |
|
If you missed the C3 conference and our presentation about Keyhotee, you may want to checkout this video where I explain how Keyhotee will change the way we do business on the internet and put an end to NSA spying and identity theft. http://www.youtube.com/watch?v=3pZaTdEtK-8Topics Covered: Keyhotee ID - Email and Website Login DomainShares - Domain Names and Certificate Authorities Keyhotee Mail - secure email, chat, VOIP, etc Keyhotee Wallet - Secure, multi-currency wallet without need for using Bitcoin addresses. Feedback appreciated. |
|
|
|
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
charleshoskinson
Legendary
 Offline
Activity: 1134
Merit: 1008
CEO of IOHK
|
|
October 24, 2013, 08:50:51 PM |
|
video does not exist
|
The revolution begins with the mind and ends with the heart. Knowledge for all, accessible to all and shared by all
|
|
|
|
|
becoin
Legendary
Offline
Activity: 3431
Merit: 1233
|
|
October 25, 2013, 09:57:22 AM |
|
It is a giant endeavor. I hope you really have the financial resource and manpower to make a steady progress.
|
|
|
|
|
|
virtualmaster
|
|
October 26, 2013, 08:01:43 AM |
|
If you missed the C3 conference and our presentation about Keyhotee, you may want to checkout this video where I explain how Keyhotee will change the way we do business on the internet and put an end to NSA spying and identity theft. http://www.youtube.com/watch?v=3pZaTdEtK-8Topics Covered: Keyhotee ID - Email and Website Login DomainShares - Domain Names and Certificate Authorities Keyhotee Mail - secure email, chat, VOIP, etc Keyhotee Wallet - Secure, multi-currency wallet without need for using Bitcoin addresses. Feedback appreciated. Hmmm. There is absolutely nothing on this site just only white pages with not a single character on the screen. http://invictus-innovations.com/keyhotee/, http://invictus-innovations.com/ and any sub-pages are showing in mozilla just blank pages but in the source code there is a lot of script. Simple but genial solution. If there is nothing then it is nothing to spy.  |
|
|
|
|
hivewallet
|
|
October 26, 2013, 08:43:57 PM |
|
Very interesting concept! In the "Keyhotee Mail" example, how does the user lookup/search feature look? You used Skype ID as an analogy, but is it really a matter of users having commonly searchable usernames?
|
|
|
|
|
bytemaster (OP)
|
|
October 26, 2013, 09:05:08 PM |
|
Very interesting concept! In the "Keyhotee Mail" example, how does the user lookup/search feature look? You used Skype ID as an analogy, but is it really a matter of users having commonly searchable usernames?
Yes, Users have human readable user names. |
|
|
|
|
Luckybit
|
|
October 26, 2013, 09:40:36 PM |
|
If you missed the C3 conference and our presentation about Keyhotee, you may want to checkout this video where I explain how Keyhotee will change the way we do business on the internet and put an end to NSA spying and identity theft. http://www.youtube.com/watch?v=3pZaTdEtK-8Topics Covered: Keyhotee ID - Email and Website Login DomainShares - Domain Names and Certificate Authorities Keyhotee Mail - secure email, chat, VOIP, etc Keyhotee Wallet - Secure, multi-currency wallet without need for using Bitcoin addresses. Feedback appreciated. I suggest you implement SQRL ASAP. It's better than a password by far and it's simple. Please avoid using passwords. On your phone, a SQRL app would contain a secret 256-bit blob of data. This would be your randomly generated secret code, which is never divulged to anybody else. The QR code itself would contain a URL, including the domain name of the site you're trying to connect to. When you scan the code, your app would create a public and private key pair from your master key and the domain name of the site, using an HMAC hashing function. Then, the app would communicate with the site directly, sending the public key as your identity (the equivalent of a username), and the encrypted QR code as your authentication (the equivalent of a password). Since your master code, the secret blob of data, never changes, the resulting public key wouldn't change either. That means the website would know it's you. And by encrypting the QR code of the site with your private key, the site can verify that you indeed possess the matching private key, without actually having it, thanks to the beauty of public key cryptography.  |
|
|
|
|
|
bytemaster (OP)
|
|
October 26, 2013, 10:03:31 PM |
|
If you missed the C3 conference and our presentation about Keyhotee, you may want to checkout this video where I explain how Keyhotee will change the way we do business on the internet and put an end to NSA spying and identity theft. http://www.youtube.com/watch?v=3pZaTdEtK-8Topics Covered: Keyhotee ID - Email and Website Login DomainShares - Domain Names and Certificate Authorities Keyhotee Mail - secure email, chat, VOIP, etc Keyhotee Wallet - Secure, multi-currency wallet without need for using Bitcoin addresses. Feedback appreciated. I suggest you implement SQRL ASAP. It's better than a password by far and it's simple. Please avoid using passwords. On your phone, a SQRL app would contain a secret 256-bit blob of data. This would be your randomly generated secret code, which is never divulged to anybody else. The QR code itself would contain a URL, including the domain name of the site you're trying to connect to. When you scan the code, your app would create a public and private key pair from your master key and the domain name of the site, using an HMAC hashing function. Then, the app would communicate with the site directly, sending the public key as your identity (the equivalent of a username), and the encrypted QR code as your authentication (the equivalent of a password). Since your master code, the secret blob of data, never changes, the resulting public key wouldn't change either. That means the website would know it's you. And by encrypting the QR code of the site with your private key, the site can verify that you indeed possess the matching private key, without actually having it, thanks to the beauty of public key cryptography. This looks like a good technical approach except for the user experience which is terrible. Here the user unlocks their 'wallet' once locally outside of a web browser and does not send a password over the wire. Given that a public / private key pair have already been established... the user simply logs in as "jack" and then signs a one-time challenge (with appropriate hashing) which can then be verified. So the only question that remains is how do you secure your LOCAL login which is like how do you secure your BITCOIN wallet. Do you secure it with this QR system? It seems foolish to put your master private keys on a cell phone that could be lost or stolen and certainly has backdoors. I think a cell phone makes a good 2-factor authentication device, but not a good primary authentication device. |
|
|
|
|
Luckybit
|
|
October 27, 2013, 07:51:32 AM |
|
If you missed the C3 conference and our presentation about Keyhotee, you may want to checkout this video where I explain how Keyhotee will change the way we do business on the internet and put an end to NSA spying and identity theft. http://www.youtube.com/watch?v=3pZaTdEtK-8Topics Covered: Keyhotee ID - Email and Website Login DomainShares - Domain Names and Certificate Authorities Keyhotee Mail - secure email, chat, VOIP, etc Keyhotee Wallet - Secure, multi-currency wallet without need for using Bitcoin addresses. Feedback appreciated. I suggest you implement SQRL ASAP. It's better than a password by far and it's simple. Please avoid using passwords. On your phone, a SQRL app would contain a secret 256-bit blob of data. This would be your randomly generated secret code, which is never divulged to anybody else. The QR code itself would contain a URL, including the domain name of the site you're trying to connect to. When you scan the code, your app would create a public and private key pair from your master key and the domain name of the site, using an HMAC hashing function. Then, the app would communicate with the site directly, sending the public key as your identity (the equivalent of a username), and the encrypted QR code as your authentication (the equivalent of a password). Since your master code, the secret blob of data, never changes, the resulting public key wouldn't change either. That means the website would know it's you. And by encrypting the QR code of the site with your private key, the site can verify that you indeed possess the matching private key, without actually having it, thanks to the beauty of public key cryptography. This looks like a good technical approach except for the user experience which is terrible. Here the user unlocks their 'wallet' once locally outside of a web browser and does not send a password over the wire. Given that a public / private key pair have already been established... the user simply logs in as "jack" and then signs a one-time challenge (with appropriate hashing) which can then be verified. So the only question that remains is how do you secure your LOCAL login which is like how do you secure your BITCOIN wallet. Do you secure it with this QR system? It seems foolish to put your master private keys on a cell phone that could be lost or stolen and certainly has backdoors. I think a cell phone makes a good 2-factor authentication device, but not a good primary authentication device. The reason I chose the smart phone solution is because it's convenient and easy so I think most people would use it. You're right that it could possibly have a backdoor and I hadn't considered that. The SQRL implementation probably should be modified in some way but I do think it's great if people don't have to remember any sort of password because that has security advantages too. There are scenarios where the person might not want to remember their password. There is also no way to type a password in. So upon reflecting on your suggestions I think the Trezor could act as a security key because it actually does secure the Bitcoin wallet in perhaps the safest and most thoughtful way. It uses multi-factor authentication which is good. The only problem I have with passwords is that they have to be typed in. If Trezor can handle that then they don't even have to be typed in anymore so it's worth contemplating. I'm not saying you should change how Keyhotee works, only offering some alternative ideas in an attempt to improve upon something I already consider to be pretty good. Here are some relevant threads and articles: https://bitcointalk.org/index.php?topic=310282.0http://www.reddit.com/r/Bitcoin/comments/1nkoju/bitcoin_core_dev_websites_do_not_need_passwords/ |
|
|
|
|
|
|
|
lzr1900
|
|
March 04, 2014, 06:34:55 AM
Last edit: March 09, 2014, 02:36:02 AM by lzr1900 |
|
Amazing.Keep moving guys!
|
|
|
|
|
|
xeroc
|
|
March 04, 2014, 11:49:55 AM |
|
I hope that chain will be launched soon .. gonna enjoy my founder id :-)
|
|
|
|
|
|
CLains
|
|
March 04, 2014, 03:05:49 PM |
|
Amazing.How's going?
Latest Version of Keyhotee Alpha for Windows and Linux here http://invictus.io/bin/keyhotee_0.5.6.ziphttp://invictus.io/bin/keyhotee_0.5.6.gzFor a daily update with detailed progress info about Keyhotee development, you can visit the github repo at the links below: https://github.com/InvictusInnovations/keyhotee/commitshttps://github.com/InvictusInnovations/keyhotee/issues?state=openhttps://github.com/InvictusInnovations/keyhotee/issues?state=closedDan Notestein is in charge of Keyhotee development atm as Daniel Larimer is working on Bitshares X. The new Keyhotee alpha release 0.5.6 is available here: http://invictus.io/bin/keyhotee_0.5.6.zipLinux release to follow tomorrow, assuming no major problem reports. This version fixes the "send to wrong contact" bug introduced in 0.5.5 that was causing emails to be lost, plus many other smaller bug fixes. One change you'll note if you create a new profile is that there's less info requested on profile creation. There's also a mail server icon that reports the status of your connection to the mail server (it's beside the bitshares "plug" that currently reports "disconnected" for alpha testers unless you're running a special build). There's a new feature for selecting a contact from your contact list and emailing it to other users for import into their contact list (new contact is sent as an attachment that can be selected for import by recipient). In another day or so, this will be updated to send multiple contacts. There's also an authorization feature that will ultimately be used for a couple of things (sharing transaction keys for increased privacy transactions, direct connect IM, etc), but this feature doesn't yet do much on the surface. Now that the hectic support activity from Keyhotee founder ids has settled down, I've been diving into the existing code for keyhotee ID mining. Getting that operational is the next major task for me. I have a rough idea of what needs to be done, but I'm still mapping out the details before I make major changes. |
|
|
|
|
|
Indemnified
|
|
March 08, 2014, 11:32:44 PM |
|
It is a giant endeavor. I hope you really have the financial resource and manpower to make a steady progress.
From what I've seen, Invictus.io has had one of the greatest crowdfunding successes of all time - and is actively seeking, funding in place, more highly skilled and motivated developers. Paradigm shifting events just ahead. |
|
|
|
|
|
RGBKey
|
|
March 08, 2014, 11:44:56 PM |
|
This is amazing. Please keep us updated and let us know when we can use this.
|
|
|
|
|
|
lzr1900
|
|
March 09, 2014, 02:36:53 AM |
|
Amazing.How's going?
Latest Version of Keyhotee Alpha for Windows and Linux here http://invictus.io/bin/keyhotee_0.5.6.ziphttp://invictus.io/bin/keyhotee_0.5.6.gzFor a daily update with detailed progress info about Keyhotee development, you can visit the github repo at the links below: https://github.com/InvictusInnovations/keyhotee/commitshttps://github.com/InvictusInnovations/keyhotee/issues?state=openhttps://github.com/InvictusInnovations/keyhotee/issues?state=closedDan Notestein is in charge of Keyhotee development atm as Daniel Larimer is working on Bitshares X. The new Keyhotee alpha release 0.5.6 is available here: http://invictus.io/bin/keyhotee_0.5.6.zipLinux release to follow tomorrow, assuming no major problem reports. This version fixes the "send to wrong contact" bug introduced in 0.5.5 that was causing emails to be lost, plus many other smaller bug fixes. One change you'll note if you create a new profile is that there's less info requested on profile creation. There's also a mail server icon that reports the status of your connection to the mail server (it's beside the bitshares "plug" that currently reports "disconnected" for alpha testers unless you're running a special build). There's a new feature for selecting a contact from your contact list and emailing it to other users for import into their contact list (new contact is sent as an attachment that can be selected for import by recipient). In another day or so, this will be updated to send multiple contacts. There's also an authorization feature that will ultimately be used for a couple of things (sharing transaction keys for increased privacy transactions, direct connect IM, etc), but this feature doesn't yet do much on the surface. Now that the hectic support activity from Keyhotee founder ids has settled down, I've been diving into the existing code for keyhotee ID mining. Getting that operational is the next major task for me. I have a rough idea of what needs to be done, but I'm still mapping out the details before I make major changes. Ha.Thanks for your quotes. |
|
|
|
|
|
|
SkynetInvasion
Newbie
Offline
Activity: 55
Merit: 0
|
|
September 18, 2018, 01:36:18 AM |
|
hi
i noticed you deleted you telegram account recently
why?
i am still waiting the letter and when it arrives how can i contact you?
please contact me at @AmbrogioOrfeu on telegram
|
|
|
|
|
|
