That’s not really distributed. The user would need to submit their password to a trusted entity to verify it.
Distributed/decentralized auth systems usually use public key cryptography. Also see Decentralized Identity, IPFS and ION | IPFS Blog & News.
I wasn’t suggesting any trusted entity. When I say “store” I mean on IPFS
Who would check the password?
A script stored on IPFS.
I guess if the definition of “trusted” includes some javascript file stored on IPFS, then I understand your point. It’s not distributed in that way. Only that it’s not centralized.
I’m sure it’s more complicated. Just brainst
A script stored on IPFS.
Either:
- The user authenticating runs the script locally. In that case, the user can circumvent it (modify it to always “pass” authentication checks).
- Some other user (B) is verifying the authenticating user’s (A) password:
- If user A sends the password, user B learns user A’s password.
- Sending the hash isn’t sufficient because the hash is public knowledge (stored on IPFS).
Basically, the user would need some way to “prove” that they know the password without revealing it. There are ways to do this through interactive zero knowledge proofs, but it’s usually easier to use public key cryptography.