Passwords are inefficient by design: frequently we hear news from Sony, Square
Enix, Adobe, and various others about passwords being compromised, databases
being copied and stolen. This story remains true in the Bitcoin space. In light
of the recent Bitcointalk forum breach echoes an increasing need for passwords
to become a thing of the past.
In celebration of the 5 year anniversary of the Bitcoin whitepaper, we are
delighted to introduce the Message Signing based authentication method.
In brief, the authentication work as follows:
Server provides a token for the client to sign.
client passes the signed message and the bitcoin address back to the server.
server validates the message and honors the alias (optional) and bitcoin
address as identification.
http://forums.bitcoingrant.org/
Above is a proof of concept forum that utilize this authentication method.
Following Kerckhoffs's principle, this forum only stores the signed message and
bitcoin address the users provide the first time they use the site, both are
public information. In addition, there is no database, everything is simply an
RSS feed. For the sake of usability we have included a redis for the sessions,
at the cost of additional exposure to potential risks: users no longer need to
sign a token every time they wish to post.
All source code will be available on github in the next few days.
We welcome any feedback or suggestions.
------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development
