ebon vigil
GlueCryptAuth is a prototype of a passwordless authentication system. It allows users to log in securely using mnemonic phrases and cryptographic signatures, without storing traditional passwords.
Frontend: JavaScript
Backend: TypeScript
Github:
https://github.com/Glueeeeed/GlueCryptAuth
Demo:
I’d really appreciate any feedback
ebon vigil
GlueCryptAuth - passwordless authentication system
GlueCryptAuth - Passwordless authentication system
mighty charm
I suggest using random symbols, letters uppercase and lowercase, and numbers. Instead of non random words. It won’t take a brute force that long to crack it unless it has a variety @ebon vigil
Otherwise really nice
ebon vigil
I suggest using random symbols, letters uppercase and lowercase, and numbers. In...
Mnemonic phrases compliant with the BIP-39 standard used in cryptocurrency wallets (e.g., Bitcoin) are used. They generate cryptographic keys with very high entropy (128-256 bits), which makes them resistant to brute force attacks.
These are not entirely random words.
For example, a 12-word phrase gives 2^128 possible combinations.
ebon vigil
Otherwise really nice
Thank you
mighty charm
For example, a 12-word phrase gives 2^128 possible combinations.
I just felt if we gather a list of words
Dictionaries or whatever
And brute force it
Using words
glossy knotBOT
const code = copyPaste('stackoverflow'); // @mighty charm learning as <@&1244333098284351518>!
mighty charm
Those passwords are not as safe
When I was learning web security
That was the easiest to get items like that
ebon vigil
Those passwords are not as safe
This does not change the fact that mnemonic phrases are very safe. Even if you used a dictionary containing all 2048 words from BIP-39, a brute force attack would be virtually impossible. It is not only the choice of words that matters, but also their order, for a 12-word phrase it is 2048^12 possible combinations, which makes guessing the correct sequence unfeasible. In addition, GlueCrypt uses 18 words (192 bits)
glossy knotBOT
// Copied from Stack Overflow by @ebon vigil (<@&1244333098284351518>)
ebon vigil
Breaking these phrases by brute force is almost impossible, the only thing that can jeopardize security is the way the user holds these phrases.
Remember that this system is not based on comparing hashes of passwords as in traditional systems, these phrases are used to reconstruct the cryptographic key pair again. If we were to compare these phrases to an ordinary even completely random password, either way it is more secure due to higher entropy.
mighty charm
Alright that makes a lot of sense
I’m just nervous with how fast these can be cracked if Microsoft’s super computer gets In bad hands
Guess we gotta make new ways
ebon vigil
I’m just nervous with how fast these can be cracked if Microsoft’s super compute...
I think we should not be afraid yet
mighty charm
Yes we got time lol