Author

Topic: Introducing Keyhotee - Next Generation Identity, DNS, Messaging, and Wallet (Read 4026 times)

newbie
Activity: 55
Merit: 0
hi
i noticed you deleted you telegram account recently
why?
i am still waiting the letter and when it arrives how can i contact you?
please contact me at @AmbrogioOrfeu on telegram
hero member
Activity: 547
Merit: 502
New version 0.7.0 available.

https://bitsharestalk.org/index.php?topic=1433.0

Start testing and making suggestions to get bitcoin 2.0 infrastructure off the ground.
sr. member
Activity: 448
Merit: 250
Amazing.How's going?

Latest Version of Keyhotee Alpha for Windows and Linux here
http://invictus.io/bin/keyhotee_0.5.6.zip
http://invictus.io/bin/keyhotee_0.5.6.gz

For a daily update with detailed progress info about Keyhotee development, you can visit the github repo at the links below:
https://github.com/InvictusInnovations/keyhotee/commits
https://github.com/InvictusInnovations/keyhotee/issues?state=open
https://github.com/InvictusInnovations/keyhotee/issues?state=closed

Dan Notestein is in charge of Keyhotee development atm as Daniel Larimer is working on Bitshares X.

The new Keyhotee alpha release 0.5.6 is available here: http://invictus.io/bin/keyhotee_0.5.6.zip
Linux release to follow tomorrow, assuming no major problem reports.

This version fixes the "send to wrong contact" bug introduced in 0.5.5 that was causing emails to be lost, plus many other smaller bug fixes.

One change you'll note if you create a new profile is that there's less info requested on profile creation. There's also a mail server icon that reports the status of your connection to the mail server (it's beside the bitshares "plug" that currently reports "disconnected" for alpha testers unless you're running a special build). 

There's a new feature for selecting a contact from your contact list and emailing it to other users for import into their contact list (new contact is sent as an attachment that can be selected for import by recipient). In another day or so, this will be updated to send multiple contacts. There's also an authorization feature that will ultimately be used for a couple of things (sharing transaction keys for increased privacy transactions, direct connect IM, etc), but this feature doesn't yet do much on the surface.

Now that the hectic support activity from Keyhotee founder ids has settled down, I've been diving into the existing code for keyhotee ID mining. Getting that operational is the next major task for me. I have a rough idea of what needs to be done, but I'm still mapping out the details before I make major changes.
Ha.Thanks for your quotes.
hero member
Activity: 854
Merit: 658
rgbkey.github.io/pgp.txt
This is amazing. Please keep us updated and let us know when we can use this.
full member
Activity: 216
Merit: 100
It is a giant endeavor. I hope you really have the financial resource and manpower to make a steady progress.

From what I've seen, Invictus.io has had one of the greatest crowdfunding
successes of all time - and is actively seeking, funding in place, more highly skilled and motivated developers. Paradigm shifting events just ahead.
sr. member
Activity: 256
Merit: 250
Amazing.How's going?

Latest Version of Keyhotee Alpha for Windows and Linux here
http://invictus.io/bin/keyhotee_0.5.6.zip
http://invictus.io/bin/keyhotee_0.5.6.gz

For a daily update with detailed progress info about Keyhotee development, you can visit the github repo at the links below:
https://github.com/InvictusInnovations/keyhotee/commits
https://github.com/InvictusInnovations/keyhotee/issues?state=open
https://github.com/InvictusInnovations/keyhotee/issues?state=closed

Dan Notestein is in charge of Keyhotee development atm as Daniel Larimer is working on Bitshares X.

The new Keyhotee alpha release 0.5.6 is available here: http://invictus.io/bin/keyhotee_0.5.6.zip
Linux release to follow tomorrow, assuming no major problem reports.

This version fixes the "send to wrong contact" bug introduced in 0.5.5 that was causing emails to be lost, plus many other smaller bug fixes.

One change you'll note if you create a new profile is that there's less info requested on profile creation. There's also a mail server icon that reports the status of your connection to the mail server (it's beside the bitshares "plug" that currently reports "disconnected" for alpha testers unless you're running a special build). 

There's a new feature for selecting a contact from your contact list and emailing it to other users for import into their contact list (new contact is sent as an attachment that can be selected for import by recipient). In another day or so, this will be updated to send multiple contacts. There's also an authorization feature that will ultimately be used for a couple of things (sharing transaction keys for increased privacy transactions, direct connect IM, etc), but this feature doesn't yet do much on the surface.

Now that the hectic support activity from Keyhotee founder ids has settled down, I've been diving into the existing code for keyhotee ID mining. Getting that operational is the next major task for me. I have a rough idea of what needs to be done, but I'm still mapping out the details before I make major changes.
sr. member
Activity: 345
Merit: 250
I hope that chain will be launched soon .. gonna enjoy my founder id :-)
sr. member
Activity: 448
Merit: 250
Amazing.Keep moving guys!
sr. member
Activity: 256
Merit: 250
It is a giant endeavor. I hope you really have the financial resource and manpower to make a steady progress.

They certainly do now!

Alpha testing is in progress: http://invictus.io/keyhotee.php





Keyhotee forum: https://bitsharestalk.org/index.php?board=2.0
hero member
Activity: 714
Merit: 510
If you missed the C3 conference and our presentation about Keyhotee, you may want to checkout this video where I explain how Keyhotee will change the way we do business on the internet and put an end to NSA spying and identity theft.  

http://www.youtube.com/watch?v=3pZaTdEtK-8

Topics Covered:

Keyhotee ID       -  Email and Website Login
DomainShares    - Domain Names and Certificate Authorities
Keyhotee Mail     - secure email, chat, VOIP, etc
Keyhotee Wallet  - Secure, multi-currency wallet without need for using Bitcoin addresses.  

Feedback appreciated.

I suggest you implement SQRL ASAP. It's better than a password by far and it's simple. Please avoid using passwords.

Quote
On your phone, a SQRL app would contain a secret 256-bit blob of data. This would be your randomly generated secret code, which is never divulged to anybody else. The QR code itself would contain a URL, including the domain name of the site you're trying to connect to. When you scan the code, your app would create a public and private key pair from your master key and the domain name of the site, using an HMAC hashing function. Then, the app would communicate with the site directly, sending the public key as your identity (the equivalent of a username), and the encrypted QR code as your authentication (the equivalent of a password). Since your master code, the secret blob of data, never changes, the resulting public key wouldn't change either. That means the website would know it's you. And by encrypting the QR code of the site with your private key, the site can verify that you indeed possess the matching private key, without actually having it, thanks to the beauty of public key cryptography.

http://www.techrepublic.com/blog/it-security/sqrl-a-new-method-of-authentication-with-qr-codes/
https://www.grc.com/sqrl/sqrl.htm

This looks like a good technical approach except for the user experience which is terrible.    Here the user unlocks their 'wallet' once locally outside of a web browser and does not send a password over the wire.   Given that a public / private key pair have already been established... the user simply logs in as "jack" and then signs a one-time challenge (with appropriate hashing) which can then be verified.

So the only question that remains is how do you secure your LOCAL login which is like how do you secure your BITCOIN wallet.   Do you secure it with this QR system?   It seems foolish to put your master private keys on a cell phone that could be lost or stolen and certainly has backdoors.   I think a cell phone makes a good 2-factor authentication device, but not a good primary authentication device.

The reason I chose the smart phone solution is because it's convenient and easy so I think most people would use it. You're right that it could possibly have a backdoor and I hadn't considered that. The SQRL implementation probably should be modified in some way but I do think it's great if people don't have to remember any sort of password because that has security advantages too.

There are scenarios where the person might not want to remember their password. There is also no way to type a password in. So upon reflecting on your suggestions I think the Trezor could act as a security key because it actually does secure the Bitcoin wallet in perhaps the safest and most thoughtful way. It uses multi-factor authentication which is good.

The only problem I have with passwords is that they have to be typed in. If Trezor can handle that then they don't even have to be typed in anymore so it's worth contemplating. I'm not saying you should change how Keyhotee works, only offering some alternative ideas in an attempt to improve upon something I already consider to be pretty good.

Here are some relevant threads and articles:
https://bitcointalksearch.org/topic/sqrl-revolutionizes-web-site-login-and-authentication-310282
http://www.reddit.com/r/Bitcoin/comments/1nkoju/bitcoin_core_dev_websites_do_not_need_passwords/
hero member
Activity: 770
Merit: 566
fractally
If you missed the C3 conference and our presentation about Keyhotee, you may want to checkout this video where I explain how Keyhotee will change the way we do business on the internet and put an end to NSA spying and identity theft.  

http://www.youtube.com/watch?v=3pZaTdEtK-8

Topics Covered:

Keyhotee ID       -  Email and Website Login
DomainShares    - Domain Names and Certificate Authorities
Keyhotee Mail     - secure email, chat, VOIP, etc
Keyhotee Wallet  - Secure, multi-currency wallet without need for using Bitcoin addresses.  

Feedback appreciated.

I suggest you implement SQRL ASAP. It's better than a password by far and it's simple. Please avoid using passwords.

Quote
On your phone, a SQRL app would contain a secret 256-bit blob of data. This would be your randomly generated secret code, which is never divulged to anybody else. The QR code itself would contain a URL, including the domain name of the site you're trying to connect to. When you scan the code, your app would create a public and private key pair from your master key and the domain name of the site, using an HMAC hashing function. Then, the app would communicate with the site directly, sending the public key as your identity (the equivalent of a username), and the encrypted QR code as your authentication (the equivalent of a password). Since your master code, the secret blob of data, never changes, the resulting public key wouldn't change either. That means the website would know it's you. And by encrypting the QR code of the site with your private key, the site can verify that you indeed possess the matching private key, without actually having it, thanks to the beauty of public key cryptography.

http://www.techrepublic.com/blog/it-security/sqrl-a-new-method-of-authentication-with-qr-codes/
https://www.grc.com/sqrl/sqrl.htm

This looks like a good technical approach except for the user experience which is terrible.    Here the user unlocks their 'wallet' once locally outside of a web browser and does not send a password over the wire.   Given that a public / private key pair have already been established... the user simply logs in as "jack" and then signs a one-time challenge (with appropriate hashing) which can then be verified.

So the only question that remains is how do you secure your LOCAL login which is like how do you secure your BITCOIN wallet.   Do you secure it with this QR system?   It seems foolish to put your master private keys on a cell phone that could be lost or stolen and certainly has backdoors.   I think a cell phone makes a good 2-factor authentication device, but not a good primary authentication device.
hero member
Activity: 714
Merit: 510
If you missed the C3 conference and our presentation about Keyhotee, you may want to checkout this video where I explain how Keyhotee will change the way we do business on the internet and put an end to NSA spying and identity theft.  

http://www.youtube.com/watch?v=3pZaTdEtK-8

Topics Covered:

Keyhotee ID       -  Email and Website Login
DomainShares    - Domain Names and Certificate Authorities
Keyhotee Mail     - secure email, chat, VOIP, etc
Keyhotee Wallet  - Secure, multi-currency wallet without need for using Bitcoin addresses.  

Feedback appreciated.

I suggest you implement SQRL ASAP. It's better than a password by far and it's simple. Please avoid using passwords.

Quote
On your phone, a SQRL app would contain a secret 256-bit blob of data. This would be your randomly generated secret code, which is never divulged to anybody else. The QR code itself would contain a URL, including the domain name of the site you're trying to connect to. When you scan the code, your app would create a public and private key pair from your master key and the domain name of the site, using an HMAC hashing function. Then, the app would communicate with the site directly, sending the public key as your identity (the equivalent of a username), and the encrypted QR code as your authentication (the equivalent of a password). Since your master code, the secret blob of data, never changes, the resulting public key wouldn't change either. That means the website would know it's you. And by encrypting the QR code of the site with your private key, the site can verify that you indeed possess the matching private key, without actually having it, thanks to the beauty of public key cryptography.

http://www.techrepublic.com/blog/it-security/sqrl-a-new-method-of-authentication-with-qr-codes/
https://www.grc.com/sqrl/sqrl.htm
hero member
Activity: 770
Merit: 566
fractally
Very interesting concept! In the "Keyhotee Mail" example, how does the user lookup/search feature look? You used Skype ID as an analogy, but is it really a matter of users having commonly searchable usernames?

Yes, Users have human readable user names.
sr. member
Activity: 378
Merit: 325
hivewallet.com
Very interesting concept! In the "Keyhotee Mail" example, how does the user lookup/search feature look? You used Skype ID as an analogy, but is it really a matter of users having commonly searchable usernames?
hero member
Activity: 504
Merit: 500
If you missed the C3 conference and our presentation about Keyhotee, you may want to checkout this video where I explain how Keyhotee will change the way we do business on the internet and put an end to NSA spying and identity theft.  

http://www.youtube.com/watch?v=3pZaTdEtK-8

Topics Covered:

Keyhotee ID       -  Email and Website Login
DomainShares    - Domain Names and Certificate Authorities
Keyhotee Mail     - secure email, chat, VOIP, etc
Keyhotee Wallet  - Secure, multi-currency wallet without need for using Bitcoin addresses.  

Feedback appreciated.
Hmmm.
There is absolutely nothing on this site just only white pages with not a single character on the screen.
http://invictus-innovations.com/keyhotee/, http://invictus-innovations.com/ and any sub-pages are showing in mozilla just blank pages but in the source code there is a lot of script.
Simple but genial solution. If there is nothing then it is nothing to spy.  Grin Grin Grin
legendary
Activity: 3431
Merit: 1233
It is a giant endeavor. I hope you really have the financial resource and manpower to make a steady progress.
hero member
Activity: 770
Merit: 566
fractally
legendary
Activity: 1134
Merit: 1008
CEO of IOHK
video does not exist
hero member
Activity: 770
Merit: 566
fractally
If you missed the C3 conference and our presentation about Keyhotee, you may want to checkout this video where I explain how Keyhotee will change the way we do business on the internet and put an end to NSA spying and identity theft.  

http://www.youtube.com/watch?v=3pZaTdEtK-8

Topics Covered:

Keyhotee ID       -  Email and Website Login
DomainShares    - Domain Names and Certificate Authorities
Keyhotee Mail     - secure email, chat, VOIP, etc
Keyhotee Wallet  - Secure, multi-currency wallet without need for using Bitcoin addresses.  

Feedback appreciated.
Jump to: