On Wed, Nov 15, 2017 at 3:06 PM, Gareth Nelson <gar...@garethnelson.com> wrote: > Use key-based authentication? >
Okay, but that doesn't fit the requirement. I want something iteratively password free. AFAIK, somewhere along the line in key-based authentication you need to enter a password to unlock the key. The context of this email is a password-free SSH. (blank passwords do not count as password-free) What I want to find is a crypto mechanism that allows the use of no passwords, but with the same guarantees of key-based authentication. So my thoughts are that to start with something similar to Diffie Hellman operating at the network layer, you could generate keys when you wanted to communicate after an initial round of set up. You wouldn't establish faith in the security of the connection until proof was given that you are talking to the right host, and you could get higher or lower levels of proof. Something functioning like the Sieve of Eratosthenes. For example. you just use one known fact from the network layer. a beacon. ntp even. Each communication point in the network, remember this is a recursive solver, would have different ping time to the beacon over a large number of pings, or to be able to express the confidence that this host is who it says it is. Each node has a complete and different view. In this way you could "push" Diffie-Hellman to the network layer. I think it's similar in flavour to a blockchain, but it would eliminate the need to use passwords when speaking the protocol and establish some sort of reality to host mapping. Remember we can never actually verify anything in the internet due to MITM. We can just increase our probability of success while decreasing the attack surface for dictionaries. What do you think? Cheers, James > On Wed, Nov 15, 2017 at 2:38 PM, James <jamex1...@gmail.com> wrote: >> >> On Wed, Nov 15, 2017 at 10:42 AM, Raul Miller <rauldmil...@gmail.com> >> wrote: >> > Assumption is invalid. Flaws are widely documented (e.g. fixed >> > supply). Probably wrong list, also. >> > >> >> Ok a little more on topic then. SSH. >> >> How would you secure SSH without a password, iteratively password - free? >> a blank password does not count as password-free. >> >> My motivation is turn the internet upside down. >> >> Does any current crypto mechanism come to mind? >> >> A possible example is the use of Diffie-Hellman at the network layer >> to identify hosts. I think that would be password-free. >> >> >> > Thanks, >> > >> > -- >> > Raul >> > >> >> Thanks, >> James >> >> >> >> > On Wed, Nov 15, 2017 at 8:46 AM, James <jamex1...@gmail.com> wrote: >> >> While a little off topic it is security related so I hope you don't >> >> mind. >> >> >> >> This is the misc list, right? >> >> >> >> Assumption 1. >> >> bitcoin is a secure protocol without flaws. >> >> >> >> quote from >> >> https://github.com/bitcoinbook/bitcoinbook/blob/second_edition/ch01.asciidoc >> >> >> >> With these keys they can sign transactions to unlock the value and >> >> spend it by transferring it to a new owner. Keys are often stored in a >> >> digital wallet on each user’s computer or smartphone. Possession of >> >> the key that can sign a transaction is the only prerequisite to >> >> spending bitcoin, putting the control entirely in the hands of each >> >> user. >> >> >> >> >> >> Is the security of a bitcoin wallet ultimately determined by it's >> >> password? >> >> The way I see it If an attacker had access to my computer, the only >> >> thing protecting access to the wallet would be a password or some >> >> iteration of a password scheme, if not mine than a centralized server >> >> of trust somewhere, but eventually someone has a password that is used >> >> to, unlock a bitcoin. Is that correct reasoning or are there >> >> alternatives? >> >> >> >> Thanks, >> >> James >> >> >> >
