When you consider the number of passwords we manage on a regular basis, (certainly the number of passwords we deal with when dealing with bitcoin services) one wonders if Bitcoin couldn't be our password in and of itself.
When logging in to Bitstamp, why couldn't I authenticate my identity by demonstrating that I control a certain private key? The sending of a single satoshi perhaps, without any fee, would be enough to show a webservice that I am who I say I am, and by not including any fee, the transaction would be broadcast, but likely never included in the blockchain thus not contribute to bloat.
The advantages being that I could open my Bitstamp account without ever needing to type on a keyboard, or even interact with the computer in such a way that could be logged. Indeed it might be impossible for an attacker to ever guess what my password would be, as it would appear as simply noise compared to all the transactions broadcast on the network.
Maybe this is something that could be useful for Mastercoin as well.
When logging in to Bitstamp, why couldn't I authenticate my identity by demonstrating that I control a certain private key? The sending of a single satoshi perhaps, without any fee, would be enough to show a webservice that I am who I say I am, and by not including any fee, the transaction would be broadcast, but likely never included in the blockchain thus not contribute to bloat.
The advantages being that I could open my Bitstamp account without ever needing to type on a keyboard, or even interact with the computer in such a way that could be logged. Indeed it might be impossible for an attacker to ever guess what my password would be, as it would appear as simply noise compared to all the transactions broadcast on the network.
Maybe this is something that could be useful for Mastercoin as well.
Indeed, I was thinking about this a few weeks ago. Demonstrating control of a private key is as simple as signing a message. No need to actually broadcast a transaction. The process would be something like:
1) Register for a site, providing a bitcoin-address/public-key that you wish to have serve as your identity/auth-creds for the site.
2) Sign a message showing control of that key, and provide signed message to the site.
3) To login in the future, site provides you with a message to sign. You sign it and provide the response.
4) Site verifies that you control the pub key that you said you control by looking at the signed message.
As you note, this could be done without having to type a password, ever. Of course, then if someone gets control of your device, you have a problem. So it could function like a lot of pw management tools; ie, you'd have a "wallet" that serves as a repository of IDs that you use for various services, with some PW or 2-factor protection on that wallet.
Seems like there are some interesting possibilities here.
Good point, I hadn't thought about just signing a message. I was thinking of situations where for example you might try to unlock a service without obviously interacting with it. The service could even be a physical safe for example. Perhaps you could have more then one private key, each doing something different, like revoking the other keys or transferring ownership, etc...
