csonline2 / userless Goto Github PK

#userless This is an attempt at a user authentication service that knows nothing about the user; it revolves around an email and password, but the server knows neither, and cannot verify if a given email is a user, without the password as well. The service is very resistant to brute force, as it requires a valid signature of the current time in nanoseconds for login, so there must be one request for every password attempt. This code should be treated as a reference implementation of the crypto scheme described in the spec, and can't just be plugged in to your application without any work, but it also forms part of the Duo Market authentication system, with some minor additions.

In this implementation, the secret that the server provides on successful login is an encrypted 16 bytes of entropy, which is the counterpart to a bip39 mnemonic; this could be the key to a bitcoin wallet, although in the Duo Market case it is the key to your OpenBazaar identity, and unlocks your user database. This system is quite general; any data could be encrypted and stored as a secret, simply change the expected size validation on the server. Furthermore, you can adapt login to be the gateway to anything, instead of returning an encrypted secret it could give an authentication token, for example. This implementation uses couchDB for all of its storage, but this is easily replaced.

The whole system is designed such that an attacker with full database read access is essentially no better off; with read access, the attack strategy would be to try to brute force email:password combinations against all user identifiers, deriving public keys from them and checking against ones stored in the server. Even if an attacker knows a given email has an account with the server, they would not be able to know which identifier it is in the database.

One of the exciting elements of userless is that it still allows for two-factor authentication via email. The email is still not stored on the server, however, but instead should be provided on login. The way the crypto system is set up, the server can verify that the given email is a member of the requested account when it is provided the email and the hash of the email:password combination. Once this is verified, an email is sent. When the link in the email is clicked, the original login endpoint will return as usual. If you attempt to login without 2FA, the server will return a boolean, originally signed by the user's password-derived key, which proves that 2FA is enabled, at which point the client code automatically retries providing the email. This is to prevent a man in the middle pretending 2FA is enabled to force users to provide their emails.

This was designed and built by Jack Kleeman and Justin Drake of Duo Market, as part of a wider attempt at a totally zero knowledge product that lets you purchase on OpenBazaar from your browser.