“Avtorayzer”: password-free decentralized authorization through OAuth 2.0 on the Emercoin blockchain
This week, HashCoins launched the open-source non-commercial project “ Avtorayzer ”, whose main task is to simplify the connection of emcSSL for site owners. Being an OAuth2 provider, Authorizer allows you to enable Emercoin blockchain password-free authorization for any site whose CMS supports this protocol.
You can see how this works in practice on the Cryptor.net crypto- development magazine sites and on the boobs site , where you can log in to comment on publications and make collections of your favorite mammary glands.
As our reality digitizes, authorization tools are becoming increasingly important. Good old passwords no longer roll: it is too easy to crack if it's simple - or forget if it's complicated. Even password managers do not solve all the problems, because we simply cannot control how they are treated on the other side - on the side of the actual services. And the constantly emerging news about the compromise of the accounts of a major service with millions of users does not add confidence in the future. Even hashed passwords can be picked up in the dictionary, if you wish.
')
In his article “ Under the Hood of Emercoin ”, the project’s lead developer Oleg Hovaiko cites several recent high-profile incidents at once:
EMCSSL - decentralized service-free access to Internet sites:
EmcSSL shifts the focus of the authentication process to the user. When generating a certificate, both a random number and a certain hash sum are generated, with which the user himself becomes the owner of his own personal data. The certificate consists of a public part and a private key, which is known only to the user.
With EmcSSL technology, access to the identifier is not controlled by anyone other than the user, the certificate is unique, because it is associated with a random number.
Like all good, but not recognized ideas, the EmcSSL problem was not reliability or elegance of the solution, but simplicity of implementation in real life. Imagine: hundreds of existing CMS - and for each need to do the integration? This is madness. Therefore, the decision to link EmcSSL with OAuth suggests itself: there all the integrations are already there.
Steps to connect the site:
Cloud mining HashFlare has already implemented it into its miner control panels.
EmcSSL certificate generation is free, and sending an entry about it to the Emercoin blockchain costs 0.2 emmercoin (approximately 2.5 rubles). The purpose of the collection is to protect against spam and uncontrolled automatic issuance of certificates that would overload the Emercoin blockchain.
HashCoins is working to make the process of issuing certificates completely free - that is, the company will undertake to send data to the blockchain and the corresponding costs. The user will need an Emercoin wallet, to which the generated certificate will be sent, after which he will fully come under the control of the user.
In case of loss of the physical media of the certificate (for example, theft of a laptop or phone), the user will be able to regain control of the certificate by restoring his Emercoin wallet from the backup and update the certificate on the blockchain, thereby canceling access for the old version and replacing it with a new .
For practical use, we recommend issuing certificates yourself . In this case, the user will have not only a certificate, but also a certificate template, which will allow him to reissue with the certificate name preserved. For the very first acquaintance, it is quite possible to use our certificate generator , just keep in mind that if you lose access to your certificate, you will not be able to restore it, because templates remain server side.
Now " Avtorayzer " almost ready. There is active testing, so if there is interest - you are welcome. We will help you to connect and configure.
HashFlare cloud mining supports Emercoin projects
You can see how this works in practice on the Cryptor.net crypto- development magazine sites and on the boobs site , where you can log in to comment on publications and make collections of your favorite mammary glands.
As our reality digitizes, authorization tools are becoming increasingly important. Good old passwords no longer roll: it is too easy to crack if it's simple - or forget if it's complicated. Even password managers do not solve all the problems, because we simply cannot control how they are treated on the other side - on the side of the actual services. And the constantly emerging news about the compromise of the accounts of a major service with millions of users does not add confidence in the future. Even hashed passwords can be picked up in the dictionary, if you wish.
')
In his article “ Under the Hood of Emercoin ”, the project’s lead developer Oleg Hovaiko cites several recent high-profile incidents at once:
Adultfriendfinder - 412 million accounts stolen .
OPM (US Public Service Base) - 22 million records stolen .
Well, and domestic hackers are also not lagging behind - Hacking “vkontakte” with compromised 171 million user accounts .
There is no longer possible to write off such incidents to the "exceptional special case", here the system is traced. Of course, we will not argue - each hacking was unique in its own way, but the result is the same - a massive compromise of user accounts, reputational losses of sites and organizations, and in some cases - significant financial losses both for users and for sites and their owners .
EMCSSL - decentralized service-free access to Internet sites:
- The password-free authorization principle guarantees protection against compromising a user account, as happens in numerous cases of hacking of various services, because in this case no data is stored on the service side.
- And the decentralization of EmcSSL makes the user certificate independent of the service that issued it - which distinguishes it from other methods of passwordless authorization - for example, “login via Facebook”, which only works as long as Facebook itself is working.
EmcSSL shifts the focus of the authentication process to the user. When generating a certificate, both a random number and a certain hash sum are generated, with which the user himself becomes the owner of his own personal data. The certificate consists of a public part and a private key, which is known only to the user.
With EmcSSL technology, access to the identifier is not controlled by anyone other than the user, the certificate is unique, because it is associated with a random number.
The user of the emcSSL system receives a kind of “pass-all-terrain vehicle”, which does not depend on anyone except the user. Not from the “site on the Internet,” not from the certifier, or from anyone else.
- writes Oleg Hovayko, the main developer of Emercoin
Like all good, but not recognized ideas, the EmcSSL problem was not reliability or elegance of the solution, but simplicity of implementation in real life. Imagine: hundreds of existing CMS - and for each need to do the integration? This is madness. Therefore, the decision to link EmcSSL with OAuth suggests itself: there all the integrations are already there.
Steps to connect the site:
- Creating a certificate. The certificate will allow you to log in to the Authorizer application page and add your site.
- Creating an application. It's simple. Specify the site name and RedirectURL (about it a little further)
- Setting up the module on your site. There are already ready modules for WordPress , Drupal and October. In the module settings you just need to specify Client Id and Secret. This data can be taken on the application page. RedirectURL depends on the selected CMS and is specified in the instructions for the modules.
Cloud mining HashFlare has already implemented it into its miner control panels.
EmcSSL certificate generation is free, and sending an entry about it to the Emercoin blockchain costs 0.2 emmercoin (approximately 2.5 rubles). The purpose of the collection is to protect against spam and uncontrolled automatic issuance of certificates that would overload the Emercoin blockchain.
HashCoins is working to make the process of issuing certificates completely free - that is, the company will undertake to send data to the blockchain and the corresponding costs. The user will need an Emercoin wallet, to which the generated certificate will be sent, after which he will fully come under the control of the user.
In case of loss of the physical media of the certificate (for example, theft of a laptop or phone), the user will be able to regain control of the certificate by restoring his Emercoin wallet from the backup and update the certificate on the blockchain, thereby canceling access for the old version and replacing it with a new .
For practical use, we recommend issuing certificates yourself . In this case, the user will have not only a certificate, but also a certificate template, which will allow him to reissue with the certificate name preserved. For the very first acquaintance, it is quite possible to use our certificate generator , just keep in mind that if you lose access to your certificate, you will not be able to restore it, because templates remain server side.
Now " Avtorayzer " almost ready. There is active testing, so if there is interest - you are welcome. We will help you to connect and configure.
HashFlare cloud mining supports Emercoin projects
Source: https://habr.com/ru/post/370225/
All Articles