24
Zero knowledge authentication
(lemm.ee)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 21 Mar 2025
24 points (100.0% liked)
Programming
21705 readers
53 users here now
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Rules
- Follow the programming.dev instance rules
- Keep content related to programming in some way
- If you're posting long videos try to add in some form of tldr for those who don't want to watch videos
Wormhole
Follow the wormhole through a path of communities [email protected]
founded 2 years ago
MODERATORS
I believe I understand what you want. "Zero" login. So when a user comes to your site or first boots up your app a private key gets generated locally. It will then do a handshake with the server, where that the server understands that these encrypted messages are from this user, this uniquely identifies the user, and also can be used for e2e.
Reference https://dev.to/spalladino/a-beginners-intro-to-coding-zero-knowledge-proofs-c56
I think he means something like challenge-response type of auth flow that while using user/pass, the password waa never sent to the server?
Similar to a diffie-hellman key exchange maybe? https://en.m.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
I believe this has been broken but that is the general gist.
DLP broken? Didn't heard of that.
Probably saw this in passing. It doesn't seem to indicate fully broken just this instance.
https://www.reddit.com/r/math/comments/wc4gkx/supersingular_isogeny_diffiehellman_broken/