[cryptography] Please critique my proposal for a login system for decentralized web apps

Vladimir Sedach vsedach at gmail.com
Thu Jan 5 14:43:31 EST 2012


I've been thinking about how a mostly decentralized web application
(such as Facebook) would work like.

Assumptions so far:
1. You have your own computer, which has your private key
2. You and your friends share public keys
3. Your and your friends' computers all run an application that copies
around data (messages, cat pictures, etc.) and signs it with private
keys to prove authenticity

Now what happens when you are away from your computer? If there's some
way to use a web browser to log into the application running on your
computer, that's fine (Opera Unite has done this for some time, for

What happens when your computer is not running? One of your friends'
computers is running the same application, and has a copy of the data
you've shared (dealing with your private data is a whole different
problem; the Tahoe-LAFS people seem to me to be engineering a workable

More assumptions:
4. You want to use the same password to log in as your local computer
5. You trust your friends enough to think they won't try to crack your
password, but knowing human nature, not enough not to be tempted by a
cleartext password lying around

What I think would work as the login mechanism:

If you take your password, assign each of your friends a unique salt
[thinking about it more, a single "outside" salt might do], and give
them the salt and the PBKDF2 (or whatever) digest of the salt and
password, you can do the password checking in any browser with
JavaScript by having their machine send the salt to the browser, the
browser computing the PBKDF2 digest and sending it back to their
machine, and their machine verifying the digest.

If a friend's machine is compromised (or your friend decides to send
fake messages on your behalf), you can use your private key to
repudiate fake messages signed on your behalf, unfriend the
compromised friend, and change your password and push the new hashes
out to your remaining trusted friends, when you get back to your

My knowledge of cryptography is fairly rudimentary, so I'm asking for
input on the feasibility of this scheme (Manuel Simonyi referred me to
this list). Any feedback is warmly appreciated.

Thank you,
Vladimir Sedach

More information about the cryptography mailing list