Blockchain as login system

[phillipsjk]

Another working demo is the Eligius mining pool. It is annoying because is conflates your identity with your payment address (which is supposed to be transient). When I was mining with Eligius, I could not use a cold-storage address for mining Bitcoin if I also wanted to receive namecoin.

Public-key cryptography has been around since the late 90's. The OpenPGP standard makes more sense for logging into websites.

Edit: These types of authentication mechanisms don't make use of the block-chain, BTW.

when registering with a website. user can give the website a bitcoin PUBLIC address.. then when logging in the website shows a random message. EG:

"The Lamb Walked Into The Slaughter House. Bar Ram You. Splat! 1204856948447585 08/07/2014"

the user then signs the message using their bitcoin client of the bitcoin address they submitted at registration. and then types in their username and the signed message. the website then verifies the signed message to the bitcoin public address to authorize logins.

The authentication message should be plain-language, and never random. Random authentication messages open the door for Man-in-the-Middle attacks.
For example facebook might use:

Code:

Log john_doe87@hotmail.com into facebook Fri Jul 11 05:19:25 MDT 2014

[1715207960]

1715207960

[micaman]

Really cool idea, loved it.
But once set, you would not be able to change/reset a password, right?

[franky1]

Another working demo is the Eligius mining pool. It is annoying because is conflates your identity with your payment address (which is supposed to be transient). When I was mining with Eligius, I could not use a cold-storage address for mining Bitcoin if I also wanted to receive namecoin.

Public-key cryptography has been around since the late 90's. The OpenPGP standard makes more sense for logging into websites.

Edit: These types of authentication mechanisms don't make use of the block-chain, BTW.

when registering with a website. user can give the website a bitcoin PUBLIC address.. then when logging in the website shows a random message. EG:

"The Lamb Walked Into The Slaughter House. Bar Ram You. Splat! 1204856948447585 08/07/2014"

the user then signs the message using their bitcoin client of the bitcoin address they submitted at registration. and then types in their username and the signed message. the website then verifies the signed message to the bitcoin public address to authorize logins.

The authentication message should be plain-language, and never random. Random authentication messages open the door for Man-in-the-Middle attacks.
For example facebook might use:

Code:

Log john_doe87@hotmail.com into facebook Fri Jul 11 05:19:25 MDT 2014

1. openPGP has been around longer i agree, but that involves people downloading an extra program to sign a message, bitcoiners already have a program and is VERY easy to use as its already there. plus it doesnt need all the registration of keys with other services and all crap that goes with getting a PGP key.. bitcoin signaturs ar just there.. but all in all the theory is the same for the using part after registrations, just less userfriendly for noobs wen it comes to openpgp

2. your example of a message is the same as mine. they are both random, the difference is that because i added a nonce rather then just a time that changes every second. it makes it harder to guess the message

3. man in the middle attack is actually easier to achieve in your example then mine. imagine a phishing website that knew the message to display was a fixed template "log <email> into <service> <day><month><time><timezonecode><year>" that is pretty easy for a phishing site to replicate. but imagine if the message was complete random, not so easy to replicate on a copied template now is it. not impossible just slightly more code a phishing site would need to add. so lets not make it easy for scrript kiddies to just copy and paste front end code of websites to phish info.

Really cool idea, loved it.
But once set, you would not be able to change/reset a password, right?

if you always have a wallet, you always have a way to log in, so there wouldn't (shouldnt) be any reason to say "i forgot my log-in details". who in bitcoinland would not back their wallet up. thus losing the ability to log-in wont be a problem (if they employ standard bitcoin security backups). then once logged in, the website can easily allow users to change their registered bitcoin address, just like services allow users to change emails, username, home addresses, telepone numbers, profile picture, etc.

[phillipsjk]

1. openPGP has been around longer i agree, but that involves people downloading an extra program to sign a message, bitcoiners already have a program and is VERY easy to use as its already there. plus it doesnt need all the registration of keys with other services and all crap that goes with getting a PGP key.. bitcoin signaturs ar just there.. but all in all the theory is the same for the using part after registrations, just less userfriendly for noobs wen it comes to openpgp

Bitcoin users are still rare. Registering your keys with OpenPGP keyservers is optional.

2. your example of a message is the same as mine. they are both random, the difference is that because i added a nonce rather then just a time that changes every second. it makes it harder to guess the message

3. man in the middle attack is actually easier to achieve in your example then mine. imagine a phishing website that knew the message to display was a fixed template "log <email> into <service> <day><month><time><timezonecode><year>" that is pretty easy for a phishing site to replicate. but imagine if the message was complete random, not so easy to replicate on a copied template now is it. not impossible just slightly more code a phishing site would need to add. so lets not make it easy for scrript kiddies to just copy and paste front end code of websites to phish info.

I can easily generate <random wordx10> <Random decimal number><date>.
Unless you are claiming the user will somehow recognize the challenge passphrase. If that is what you are relying on, you are not talking about a random message at all. I know banks use challenge images and phrases to "authenticate" their website, but that appears to be mainly "security theatre": designed to make naive users trust online banking. The real "security" is the reversibility of the transactions.

The technology is not quite there yet, but the website can authenticate itself to you using OpenPgp as well.

Code:

I , pool5.facebook.com am using the IP address: 10.0.2.34 on Fri Jul 11 11:59:46 MDT 2014

(edited to include date)

Really cool idea, loved it.
But once set, you would not be able to change/reset a password, right?

OpenPGP supports this, but it is complicated to set up. It is called key revocation. To set that up, you need a secure master key that will not get lost/destroyed (preferably stored offline in multiple locations), much like Bitcoin "cold storage". Essentially, the master key is your "real" identity, but your would use sub-keys for your day-to-day signing. Each device you use should probably have it's own sub-key.

[franky1]

Bitcoin users are still rare. Registering your keys with OpenPGP keyservers is optional.

hello... we are talking about the bitcoin community here, if they are using a bitcoin website, they would use the bitcoin login system..........
... i wont waffle into details but i think you missed the point that we are talking about bitcoin services here.

I can easily generate <random wordx10> <Random decimal number><date>.
Unless you are claiming the user will somehow recognize the challenge passphrase. If that is what you are relying on, you are not talking about a random message at all. I know banks use challenge images and phrases to "authenticate" their website, but that appears to be mainly "security theatre": designed to make naive users trust online banking. The real "security" is the reversibility of the transactions.

say im a phishing scammer..
most phishing sites are a template to gather usernames and then use those at a later date
i can easily make up a template site that makes up random words yea, i can get a user to sign those random words yes.. but in no way can i then use that random signature on the true website later because the true website would not have generated those random words..
see my point about it requiring more code for script kiddies to do then just use a fixd template....
a phishing website would have to try to accept a users email/username, forward it to the true website, get the true websites random message, relay it on the phishing site to the user, user replies with signed true message, pastes it into phishing site and phishing site has to relay that to true site.. thus not making phishing as easy as pie. randomness is better

The technology is not quite there yet, but the website can authenticate itself to you using OpenPgp as well.
"I , pool5.facebook.com am using the IP address: 10.0.2.34"

Really cool idea, loved it.
But once set, you would not be able to change/reset a password, right?

OpenPGP supports this, but it is complicated to set up. It is called key revocation. To set that up, you need a secure master key that will not get lost/destroyed (preferably stored offline in multiple locations), much like Bitcoin "cold storage". Essentially, the master key is your "real" identity, but your would use sub-keys for your day-to-day signing. Each device you use should probably have it's own sub-key.

complicated needing master keys, blah blah... yes complicated and time consuming.. yet bitcoin signing is simple..... what are you not understanding. same security, same theory, but bitcoin is just simple and not requiring downloads of extra programs or setting up of keys

ok ok we get it openpgp is your lover and life partner.. we understand. but bitcoin has the same principles that are available to utilise now. bitcoin users can already sign messages without needing to download programs or use complicated features.. so why push for complex features and templates (security breaches) instead of simplicity and randomness... you seem to be missing a few points

[phillipsjk]

say im a phishing scammer..
most phishing sites are a template to gather usernames and then use those at a later date
i can easily make up a template site that makes up random words yea, i can get a user to sign those random words yes.. but in no way can i then use that random signature on the true website later because the true website would not have generated those random words..

The phishing website can't replay my example later because of the included date. It should be possible to make the time-out explicit.

The problem with the random challenge is that the user does not know what they are signing: they may think they are signing into one website, while they are really signing into another. It may not even be a sign-in: the signature may be authorizing a large movement of funds. For example, a raw transaction script will look like noise to most Bitcoin users.

Really cool idea, loved it.
But once set, you would not be able to change/reset a password, right?

OpenPGP supports this, but it is complicated to set up. It is called key revocation. To set that up, you need a secure master key that will not get lost/destroyed (preferably stored offline in multiple locations), much like Bitcoin "cold storage". Essentially, the master key is your "real" identity, but your would use sub-keys for your day-to-day signing. Each device you use should probably have it's own sub-key.

complicated needing master keys, blah blah... yes complicated and time consuming.. yet bitcoin signing is simple..... what are you not understanding. same security, same theory, but bitcoin is just simple and not requiring downloads of extra programs or setting up of keys

ok ok we get it openpgp is your lover and life partner.. we understand. but bitcoin has the same principles that are available to utilise now. bitcoin users can already sign messages without needing to download programs or use complicated features.. so why push for complex features and templates (security breaches) instead of simplicity and randomness... you seem to be missing a few points

Contrary to my example above, OpenPGP is not ideal for authenticating websites (distinct from authenticating users). X.509 is used for that: the only problem being that the the CA system is broken. As you have pointed out, the OpenPGP alternative: the "Web of trust" has proven to be confusing to many users. You essentially advocate that the same pseudonym be used every time. This does not prevent a Man-in-the-middle attack on the initial connection.

My point about key revocation is that OpenPGP supports authentication mechanisms that Bitcoin addresses do not. Bitcoin addresses don't support key revocation because addresses are supposed to be single-use. You are advocating not allowing users to change their key since we know people will take care of it. It is a given that users will either loose their keys or have them compromised. OpenPGP can be easier to use. It is not new and exciting, so it appears few people focus on it.

I myself have backed-up my Bitcoin keys in more than one geographic location (something I have not yet done with my OpenPGP keys). However, when I used Eligius, I had to create a new wallet just for being able to use message signing. The software I was using (Sx tools and Multibit) did not support signing arbitrary messages with my existing keys. I found that Eligus's set-up has a glaring weakness as well: mining shares are not signed by the miner (Edit: the block templates are not signed by the pool either). That means that a man-in-the middle can claim an arbitrary portion of your shares. OpenPGP with sub-keys can safely handle that by allowing me to give my mining machine a less-trusted, revocable key. If Bitcoin addresses are used, you need to keep the private key for your mining income in the miner's memory 24/7.

[franky1]

i read alot of blah..

ok yet again..

bitcoins are NOT suppose to be use once. as this is how people get donations, by putting one address on a page and receive multiple donations. the only purpose Luke-Jr is strongly advocating single use is more to do with adding data bloat to transactions so that he gets a fat fee when his pool mines transaction.. yes if your a paranoid person that wants to do illegal stuff, fine use single addresses. but it is not an absolutely needed rule for everyone to use..

secondly have you ever used a website that once logged in, you go to your profile and you change your profile picture, change your email, home address, etc... there is nothing stopping a service allowing people to change their bitcoin address in the same way..

just like changing your password it will ask you to validate new address change by asking you to sign message of old address then it would accept the new address.

its just that simple...

[Peter R]

The problem with the random challenge is that the user does not know what they are signing: they may think they are signing into one website, while they are really signing into another. It may not even be a sign-in: the signature may be authorizing a large movement of funds. For example, a raw transaction script will look like noise to most Bitcoin users.

This is why bitcoin-signed messages are prepended with a fixed-string prior to signing.  The fixed string is the byte '0x18' appended with "Bitcoin Signed Message:\n".  You can confidently sign any piece of data using the bitcoin-signed message protocol without risk of being tricked into signing a bitcoin transaction.  

Here is the original thread: https://bitcointalk.org/?topic=6428.0

The other point about a man in the middle sending you a nonce from a different site is a valid concern.  But this can be eliminated with two-way authentication (you authenticate the site prior to signing the nonce).  

[franky1]

The problem with the random challenge is that the user does not know what they are signing: they may think they are signing into one website, while they are really signing into another. It may not even be a sign-in: the signature may be authorizing a large movement of funds. For example, a raw transaction script will look like noise to most Bitcoin users.

This is why bitcoin-signed messages are prepended with a fixed-string prior to signing.  The fixed string is the byte '0x18' appended with "Bitcoin Signed Message:\n".  You can confidently sign any piece of data using the bitcoin-signed message protocol without risk of being tricked into signing a bitcoin transaction.  

Here is the original thread: https://bitcointalk.org/?topic=6428.0

The other point about a man in the middle sending you a nonce from a different site is a valid concern.  But this can be eliminated with two-way authentication (you authenticate the site prior to signing the nonce).  

good idea.. the site also having an address that you verify.. hmmm

imaginging the feasibility..

website signs a message using their privkey, you verify it. then you sign that message using your privkey for them to verify... nice anti phishing measure

[phillipsjk]

i read alot of blah..

ok yet again..

bitcoins are NOT suppose to be use once. as this is how people get donations, by putting one address on a page and receive multiple donations. the only purpose Luke-Jr is strongly advocating single use is more to do with adding data bloat to transactions so that he gets a fat fee when his pool mines transaction.. yes if your a paranoid person that wants to do illegal stuff, fine use single addresses. but it is not an absolutely needed rule for everyone to use..

Again, address re-use does not avoid block-chain bloat.

Because I use the slightly risky sx tools, transaction construction details are not hidden from me. 10 inputs to 1 transaction will take the same amount of space: no matter if 1 or 10 addresses are used.

secondly have you ever used a website that once logged in, you go to your profile and you change your profile picture, change your email, home address, etc... there is nothing stopping a service allowing people to change their bitcoin address in the same way..

just like changing your password it will ask you to validate new address change by asking you to sign message of old address then it would accept the new address.

its just that simple...

Yes, key rotation is important. A Naive implementation will use the public key hash (address) as a universal identifier. This breaks if you want to change your address, because such identifiers must: exist, be unique, and not change over time. As far as I know, Eligius does not allow you to change your address.

[Peter R]

The problem with the random challenge is that the user does not know what they are signing: they may think they are signing into one website, while they are really signing into another. It may not even be a sign-in: the signature may be authorizing a large movement of funds. For example, a raw transaction script will look like noise to most Bitcoin users.

This is why bitcoin-signed messages are prepended with a fixed-string prior to signing.  The fixed string is the byte '0x18' appended with "Bitcoin Signed Message:\n".  You can confidently sign any piece of data using the bitcoin-signed message protocol without risk of being tricked into signing a bitcoin transaction.  

Here is the original thread: https://bitcointalk.org/?topic=6428.0

The other point about a man in the middle sending you a nonce from a different site is a valid concern.  But this can be eliminated with two-way authentication (you authenticate the site prior to signing the nonce).  

good idea.. the site also having an address that you verify.. hmmm

imaginging the feasibility..

website signs a message using their privkey, you verify it. then you sign that message using your privkey for them to verify... nice anti phishing measure

https://bitcointalk.org/index.php?topic=557037.0

^^I haven't read through this thread in detail myself, but EricKennedy is actively working on such login systems (I'm not sure of the implementation details).  He calls it BitID.

[franky1]

Again, address re-use does not avoid block-chain bloat.

Because I use the slightly risky sx tools, transaction construction details are not hidden from me. 10 inputs to 1 transaction will take the same amount of space: no matter if 1 or 10 addresses are used.

say i received.. 100 transactions of 0.01btc.. to 1franky1blahblahblah.
now for me to send the total of that to someone else. my transaction out would be

from: 1franky1blahblahblah
signature: skgdkf;djgsdkfj;sdkf;df;dlfk;adlkfg;dkfjg;dlkfgj;dsfk
value: 1btc
to: 1whomeverwantsitblahblah blah

now say each of those 100 transactions came to my 100 different addresses.. now for me to send out 1btc total that is then 100 signatures, 100 from addresses.. meaning im now above the limit of sending a free tx and have to pay a fee!!!

Yes, key rotation is important. A Naive implementation will use the public key hash (address) as a universal identifier. This breaks if you want to change your address, because such identifiers must: exist, be unique, and not change over time. As far as I know, Eligius does not allow you to change your address.

quite funny how you mention that eligius (aka luke jr) allows its users to receive fresh mined coins to a single address that oes not change but tells other people they have to bloat their transactions up and pay fee's by changing addresses per receipt of a coin.. that is a very funny point you made.

the reason eligius doesnt change keys is to ensure the person that registered it gets th reward and that a hacker doesnt change the address to his own destination. its got nothing to do with key weakness..

if a login system has tight and secure way to verify the change is done by the actual user you can chage anything, username, passwords, email addresses, avatars, etc.. but eligius didnt want to add such secure coding, just a basic add address registration script and that is it.

but any service can add a "edit profile" script and have it able to change anything it likes. so if one day i wanted to change my known public address to  a service that uses bitcoin signature logins. i simply log-in as usual. go to profile, edit bitcoin address. it will prompt me to type in new address twice to be sure of spelling. then (like the old days of changing password) it would ask me to verify old address to be sure i am who i am before accepting the change.

to add to it, it may also ask to verify new address as a way to ensure i input the new address properly, by signing a message with the new address aswell as the old address.

im failing to see what your problems are

[franky1]

https://bitcointalk.org/index.php?topic=557037.0

^^I haven't read through this thread in detail myself, but EricKennedy is actively working on such login systems (I'm not sure of the implementation details).  He calls it BitID.

kind of the idea. but i prefer that each service runs decentralised. where i can hav the freedom to make an address and label it "bitcoin talk login" and have another address for an exchange i use and label it "exchange login" then i can be in full control of my #passwords# in MY WALET rather then using a service that is much like google login or facebook login where they control it..

im not saying bitID is bad in any way.. but if needing to log-in using a third party then you might aswell just use facebook or google..

i prefer to reply on third parties as least as possible.

just look at the guy today that lost over 1000 btc because of drop box storing his password (third party security i am not into which is why registering a key with a pgp server is also third party, i prefer to keep my security "in-house")

[phillipsjk]

say i received.. 100 transactions of 0.01btc.. to 1franky1blahblahblah.
now for me to send the total of that to someone else. my transaction out would be

from: 1franky1blahblahblah
signature: skgdkf;djgsdkfj;sdkf;df;dlfk;adlkfg;dkfjg;dlkfgj;dsfk
value: 1btc
to: 1whomeverwantsitblahblah blah

now say each of those 100 transactions came to my 100 different addresses.. now for me to send out 1btc total that is then 100 signatures, 100 from addresses.. meaning im now above the limit of sending a free tx and have to pay a fee!!!

That would make sense if Bitcoin addresses actually held balances: they don't. (Mastercoin uses a balance-based approach).

Instead, Bitcoin works by spending "coins" that have a specified value. You can only spend whole coins at once (whose value can be any number of satoshies). Bitcoin transactions have a series of inputs and outputs.

your example would look more like:

Code:

james@torchlight:~/coinjoin$ sx newkey > frank1.key
james@torchlight:~/coinjoin$ sx mktx frank_example.tx \
> --input 91c803a7f077a62c6470da3c18d46ed7bd9bf3b4f159ddcd701e8bc030b2e15d:0 \
> --input a5e8bc122fbcd97b03dd11c5c72888d3da1f38fc1875351cd7f4e1b723551cf3:3 \
> --input 3fa191bc482c5b0b03678247dc80f84674efcbf60844ac68384e171c5c74275a:0 \
> --input 60335716ed30901a0d4b2897f2f5e30c4421401882acb5b72296e6e1c3abe0bd:1 \
> --input b3cc34a0c46279e22358dee8ee9d64a0c42a438232d9fefb604f2ee99d562f83:1 \
> --input 564488909406dd53ae11ab96d42cd5a0874503c68c373dfab2d4bd8bb654b3b9:2 \
> --input 0d0763ab8abcd2ce8d31303b731911dd753efa04d95a796440eedcddb3450876:0 \
> --input 4a48400c44fc098c6853f3beef5195e17c9dd66f9ddc24c966de4b13e3bee824:0 \
> --input 7ee1446ee92faf924f178d18168c8ef109528ab2d6e218ca1ed9c1524ea0970f:1 \
> --input 09e9ce7afde753baf97611a97e283e9983c36ad9b49ac4f906941eec551ad4a7:1 \
> --output  3M8XGFBKwkf7miBzpkU3x2DoWwAVrD1mhk:100000000
Added input 91c803a7f077a62c6470da3c18d46ed7bd9bf3b4f159ddcd701e8bc030b2e15d:0
Added input a5e8bc122fbcd97b03dd11c5c72888d3da1f38fc1875351cd7f4e1b723551cf3:3
Added input 3fa191bc482c5b0b03678247dc80f84674efcbf60844ac68384e171c5c74275a:0
Added input 60335716ed30901a0d4b2897f2f5e30c4421401882acb5b72296e6e1c3abe0bd:1
Added input b3cc34a0c46279e22358dee8ee9d64a0c42a438232d9fefb604f2ee99d562f83:1
Added input 564488909406dd53ae11ab96d42cd5a0874503c68c373dfab2d4bd8bb654b3b9:2
Added input 0d0763ab8abcd2ce8d31303b731911dd753efa04d95a796440eedcddb3450876:0
Added input 4a48400c44fc098c6853f3beef5195e17c9dd66f9ddc24c966de4b13e3bee824:0
Added input 7ee1446ee92faf924f178d18168c8ef109528ab2d6e218ca1ed9c1524ea0970f:1
Added input 09e9ce7afde753baf97611a97e283e9983c36ad9b49ac4f906941eec551ad4a7:1
Added output sending 100000000 Satoshis to 3M8XGFBKwkf7miBzpkU3x2DoWwAVrD1mhk.
james@torchlight:~/coinjoin$ sx showtx frank_example.tx 
hash: 6dcfc9c6983b6bf00fa75f898320c9d7798bf3c129f275be2a70bb3a2e2d653e
version: 1
locktime: 0
Input:
  previous output: 91c803a7f077a62c6470da3c18d46ed7bd9bf3b4f159ddcd701e8bc030b2e15d:0
  script: 
  sequence: 4294967295
Input:
  previous output: a5e8bc122fbcd97b03dd11c5c72888d3da1f38fc1875351cd7f4e1b723551cf3:3
  script: 
  sequence: 4294967295
Input:
  previous output: 3fa191bc482c5b0b03678247dc80f84674efcbf60844ac68384e171c5c74275a:0
  script: 
  sequence: 4294967295
Input:
  previous output: 60335716ed30901a0d4b2897f2f5e30c4421401882acb5b72296e6e1c3abe0bd:1
  script: 
  sequence: 4294967295
Input:
  previous output: b3cc34a0c46279e22358dee8ee9d64a0c42a438232d9fefb604f2ee99d562f83:1
  script: 
  sequence: 4294967295
Input:
  previous output: 564488909406dd53ae11ab96d42cd5a0874503c68c373dfab2d4bd8bb654b3b9:2
  script: 
  sequence: 4294967295
Input:
  previous output: 0d0763ab8abcd2ce8d31303b731911dd753efa04d95a796440eedcddb3450876:0
  script: 
  sequence: 4294967295
Input:
  previous output: 4a48400c44fc098c6853f3beef5195e17c9dd66f9ddc24c966de4b13e3bee824:0
  script: 
  sequence: 4294967295
Input:
  previous output: 7ee1446ee92faf924f178d18168c8ef109528ab2d6e218ca1ed9c1524ea0970f:1
  script: 
  sequence: 4294967295
Input:
  previous output: 09e9ce7afde753baf97611a97e283e9983c36ad9b49ac4f906941eec551ad4a7:1
  script: 
  sequence: 4294967295
Output:
  value: 100000000
  script: hash160 [ d53d47ccd1579b93c284e9caf3c81f3f41787169 ] equal
  address: 3M8XGFBKwkf7miBzpkU3x2DoWwAVrD1mhk

The above example uses only 10 inputs. (signatures omitted for my sanity)
The signature size my vary a little bit with different addresses, but it should average out.


Here is a real example that appears to be mining  income: fc09ac2c27d82bccd55eccb9244a56060a7c5c983eb5906b3e08b36e8fffa176
There are only 7+2 addresses present, yet the transaction is still over 5kB due to the large number of inputs.

Second example 6 inputs, 2 outputs, all using different addresses (1kB): a74c774777510783e438a3ede0c4e83de29c2d73f0e77b73bf0c1a922fea9102

[laurentmt]

kind of the idea. but i prefer that each service runs decentralised. where i can hav the freedom to make an address and label it "bitcoin talk login" and have another address for an exchange i use and label it "exchange login" then i can be in full control of my #passwords# in MY WALET rather then using a service that is much like google login or facebook login where they control it..

im not saying bitID is bad in any way.. but if needing to log-in using a third party then you might aswell just use facebook or google..

i prefer to reply on third parties as least as possible.

just look at the guy today that lost over 1000 btc because of drop box storing his password (third party security i am not into which is why registering a key with a pgp server is also third party, i prefer to keep my security "in-house")

So you should really like BitId since it does not rely on any third party to log-in and is completely decentralized ! The keypairs used for auth are generated and managed by user's wallet. If not already done, you should try Dark Wallet alpha5 (integrates BitId and is really fast to install) and test it against this demo website

Imho, in the future, BitID could be extended in order to propose authentication using more centralized identity systems (like SINs) for people who want to authenticate with a unique identity, whatever the website. But in its core, BitId will always provide the decentralized option and the possibility to anonymously log-in to a website. I guess this is one of the reasons why dark wallet has integrated BitId

[fullintegrity]

Hi all, new poster and miner here, have had ok luck, (yeah i see diff level) on other pools, but want to spread it out so to speak.
2 questions:
Is it ok to use Eligius and mine to my blockchain public address?
I am still massively confused about the signing messages part of eligius.
Normally i have been just mining and not had to do the sign messages part, since mining to other btc addys seems to be fine....

Thanks for any help you got.
 

[franky1]

So you should really like BitId since it does not rely on any third party to log-in and is completely decentralized !

my initial understanding months ago was that bitID was going to be a service on a website (much like these password storage services and others like blockchain.info offers address tagging, google and facebook, identity logins).. but to my astonishment i learnt today that bitID is absolutely the method of using an address i own as the log-in..

brilliant. laurentmt you are correct, i do like it. and i think the link you provided is the great example of the idea in working order. all it needs to satisfy philipsjk, is a profile page (username needed) where people can change the bitcoin address associated to the username.

that way people can type in a username and then sign the "challenge string" without needing to also paste a message and address. but to me this working idea is better then usernames and passwords which are fixed everytime.

so thank you for posting the working demo laurenmt.

separate subject:
one step closer to the next idea that should come soon.. where mobile apps dont connect to web services to store bitcoin privkeys or use web services to form transactions.. but a simple mobile app that from the phone can sign a raw transaction. and then send the signed bitcoin transaction to all the pools/service relays (PUSHTX portals) thus not needing online webwallets.(hardware and litewallet applications)

2014 the year of the multisig, and single signature applications

[laurentmt]

my initial understanding months ago was that bitID was going to be a service on a website (much like these password storage services and others like blockchain.info offers address tagging, google and facebook, identity logins).. but to my astonishment i learnt today that bitID is absolutely the method of using an address i own as the log-in..

BitId has got some press coverage a few months ago. It was nice but there was some misunderstandings about the protocol : BitId is not centralized, BitId is not a startup and is in fact very open: everybody is welcome to contribute ideas or code and to shape what the protocol will be.

brilliant. laurentmt you are correct, i do like it. and i think the link you provided is the great example of the idea in working order. all it needs to satisfy philipsjk, is a profile page (username needed) where people can change the bitcoin address associated to the username.

To my knowledge, it was not implemented in demo apps but it's for sure doable.
There's also a few improvements which have been discussed / proposed (github & forum thread) but which have not been implemented for now:
- decentralized management of personal data and transfer to websites, when desired.
- integration of BitId with the payment protocol,
- ...

[phillipsjk]

brilliant. laurentmt you are correct, i do like it. and i think the link you provided is the great example of the idea in working order. all it needs to satisfy philipsjk, is a profile page (username needed) where people can change the bitcoin address associated to the username.

To my knowledge, it was not implemented in demo apps but it's for sure doable.
There's also a few improvements which have been discussed / proposed (github & forum thread) but which have not been implemented for now:
- decentralized management of personal data and transfer to websites, when desired.
- integration of BitId with the payment protocol,
- ...

I don't think changing addresses the way franky1 describes is doable for a specific technical reason.
Primary database keys must:

• Exist
• Be unique
• Not change over time

That is why Eligius does not let you change your payment address: it is being used as a database key. Assigning  the proceeds of one address to another also opens them up to fraud.

Of course, the website user can just generate a random 256bit number for the user to save, but if lost, they would have to regenerate their account anyway. (Essentially the same thing as using a Bitcoin address I guess Edit: there is one notable enhancement: the key recovery probably works more like a Hierarchical deterministic wallet)