Simple Distributed Auth

Ecosystem
1
  1. User registers with username and password
  2. System creates a hash of both and stores them with the username hash as the file name and the contents as the hashed password
  3. User submits name and password in a login form
  4. System hashes the username and retrieves the file and compares the contents to the hash of the submitted password. If a match logs user in or rejects.

Feedback please

2

That’s not really distributed. The user would need to submit their password to a trusted entity to verify it.

Distributed/decentralized auth systems usually use public key cryptography. Also see Decentralized Identity, IPFS and ION | IPFS Blog & News.

3

I wasn’t suggesting any trusted entity. When I say “store” I mean on IPFS

4

Who would check the password?

5

A script stored on IPFS.

I guess if the definition of “trusted” includes some javascript file stored on IPFS, then I understand your point. It’s not distributed in that way. Only that it’s not centralized.

I’m sure it’s more complicated. Just brainst

6

A script stored on IPFS.

Either:

  1. The user authenticating runs the script locally. In that case, the user can circumvent it (modify it to always “pass” authentication checks).
  2. Some other user (B) is verifying the authenticating user’s (A) password:
  3. If user A sends the password, user B learns user A’s password.
  4. Sending the hash isn’t sufficient because the hash is public knowledge (stored on IPFS).

Basically, the user would need some way to “prove” that they know the password without revealing it. There are ways to do this through interactive zero knowledge proofs, but it’s usually easier to use public key cryptography.