franzap's avatar
franzap fran@zapstore.dev 2 years ago
Disclaimer, I don't have idea what I'm talking about. I mean somehow use cryptography to derive passwords (into a specific encoding that satisfies typical password requirements) such that the experience is "like" LNURL-Auth In there, secret = hmac(private key, site.com) ; perhaps using those per-site secrets and derive from there.
lnurl-auth explained
 Any derivation metadata along with username etc, could more safely go to relays (still encrypted) as there would be no passwords. Logging in somewhere would require hmac signing with the nsec. Feel free to discard if this totally stupid lol
↑ Parent

Replies (1)

Jingles's avatar
Jingles _@jingles.dev 2 years ago
I think this could be a good idea. This means that, users just have to safe guard their secret key on their machine. A password is generated based on the secret key, the site, a passcode, a username. And there is nothing to sync to any relay. That’s sounds brilliant? That is a great difference to existing password managers too. I’ll explore with the codes, and give it some thoughts. Are there any down side to this solution? Mmm
1 replies ↓