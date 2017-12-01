Blockchains Are Poised To End the Password Era (technologyreview.com) 38
schwit1 shares a report from MIT Technology Review: Blockchain technology can eliminate the need for companies and other organizations to maintain centralized repositories of identifying information, and users can gain permanent control over who can access their data (hence "self-sovereign"), says Drummond Reed, chief trust officer at Evernym, a startup that's developing a blockchain network specifically for managing digital identities. Self-sovereign identity systems rely on public-key cryptography, the same kind that blockchain networks use to validate transactions. Although it's been around for decades, the technology has thus far proved difficult to implement for consumer applications. But the popularity of cryptocurrencies has inspired fresh commercial interest in making it more user-friendly.
Public-key cryptography relies on pairs of keys, one public and one private, which are used to authenticate users and verify their encrypted transactions. Bitcoin users are represented on the blockchain by strings of characters called addresses, which are derived from their public keys. The "wallet" applications they use to hold and exchange digital coins are essentially management systems for their private keys. Just like a real wallet, they can also hold credentials that serve as proof of identification, says Reed. Using a smartphone or some other device, a person could use a wallet-like application to manage access to these credentials. But will regular consumers buy in? Technologists will need to create a form factor and user experience compelling enough to convince them to abandon their familiar usernames and passwords, says Meltem Demirors, development director at Digital Currency Group, an investment firm that funds blockchain companies. The task calls for reinforcements, she says: "The geeks are working on it right now, but we need the designers, we need the sociologists, and we need people who study ethics of technology to participate."
Public-key cryptography relies on pairs of keys, one public and one private, which are used to authenticate users and verify their encrypted transactions. Bitcoin users are represented on the blockchain by strings of characters called addresses, which are derived from their public keys. The "wallet" applications they use to hold and exchange digital coins are essentially management systems for their private keys. Just like a real wallet, they can also hold credentials that serve as proof of identification, says Reed. Using a smartphone or some other device, a person could use a wallet-like application to manage access to these credentials. But will regular consumers buy in? Technologists will need to create a form factor and user experience compelling enough to convince them to abandon their familiar usernames and passwords, says Meltem Demirors, development director at Digital Currency Group, an investment firm that funds blockchain companies. The task calls for reinforcements, she says: "The geeks are working on it right now, but we need the designers, we need the sociologists, and we need people who study ethics of technology to participate."
Re: (Score:2)
"The geeks are working on it right now, but we need the designers, we need the sociologists, and we need people who study ethics of technology to participate."
We literally need none of those people, they're just the buddies of the people who write stupid articles like this.
These are experts ... (Score:3)
... with, apparently, no experience:
... a startup that's developing a blockchain network specifically for managing digital identities.
Re: (Score:2)
Ad (Score:1)
See subject
Admin hell (Score:2)
Re: Um... that's exactly when Private Keys are bes (Score:2)
Otherwise what advantage does public and private keys for an individual offer over Kerberos NTLM authetication against a domain controller?
If you're talking about multiple servers on different domains, then you're actually talking about implementing a SSO configuration for multiple domains using pre-shared keys in place of pre-shared passwords.
Pre-shared keys require less typing, but are no
Re: Publish your PUBLIC key. Keep passwords local. (Score:2)
Sounds idiotic (Score:1)
Blockchain wallets have to be secured, else anyone can impersonate the user and do what they will with the contents. So what would a blockchain credential system be? An online password wallet, in effect, exactly as secure as the protection on the wallet... which is either going to be what you have (an app on your device) or what you know (a password).
Re: (Score:1)
It is idiotic, but since it uses “blockchain” in it that means they’ll easily score heaps of VC money to burn for years.
bottleneck vunerability? (Score:3)
If everyone uses one private/public key set for everything, then if that is compromised then the third party gets access to absolutely everything and can impersonate the user?
For those of us who use different usernames/emails/passwords from server to server that seems like a downgrade in security.
Tell me I'm wrong and I'm missing something. I've used PGP in the past and use keys for SSH logins but I've never used blockchain related stuff.
Re: bottleneck vunerability? (Score:2)
Re: bottleneck vunerability? (Score:2)
A downgrade in security most definitely, but it should have the same pros and cons of a password manager.
Re: (Score:2)
As an individual quite possibly as an organization not so much. Right now attackers go after the authentication/authorization server / infrastructure (very often AD but not always). Its the first and primary target because if they can compromise that odds are good some of the following become true:
1) They can authorize some existing account they have access to already
2) They can change the authentication information for an account they want access to
3) They can get the authentication information in bulk,
Re: bottleneck vunerability? (Score:2)
However, there will most likely be a window of opportunity before the "certificate" gets revoked, that is there is a window before the block chain is forked by a trusted authority, or otherwise before the integrity of the block chain is restored and the fraudulent access chain is no longer trusted
Re: (Score:2)
There is no third party that needs to be trusted.
Basically, you would open an account with your bank, and tell them that you have already registered id/PhantomHarlock. They would give you specs for a public key pair and a subidentifier. You'd create a private key to their requirements and publish the corresponding public key under the subidentifier they will be looking for.
When you go to log in, you type in your username and their system consults the global distributed database. It finds the subidentifie
LOL (Score:3)
users can gain permanent control over who can access their data
So yea that's definitely not going to happen.
Re: "CryptoCurrency" Buzzword gets VC money (Score:2)
Does the blockchain mindset or methodology provide a superior visualization or understanding of the beat use implementation of the solution?
Can people understand it better, so they can use it better?
Re: (Score:2)
Re: "CryptoCurrency" Buzzword gets VC money (Score:2)
Re: (Score:1)
But those don’t say blockchain in them so good luck getting a Silly-con Valley VC to take notice. This is all just a scam to score VC money from suckers.
What demented nonsense is this? (Score:2)
Of course, nothing like that is true or even desirable. This story is utter nonsense. Credentials (whether passwords, certificates or seeds for OTP mechnisms) are under company control so their servers can access them easily and so they can revoke them fast. The blockchain has absolutely no place here. Incidentally, when it comes to public identities, the blockchain is about as useful as the PGP server network, albeit more complicated and more expensive, i.e. useless. The one thing that makes these identiti