Pages:
Author

Topic: Keyless encryption and passwordless authentication - page 3. (Read 2887 times)

full member
Activity: 224
Merit: 120
If we were to use your proposed way of authentication there will be problems, though I agree the problem with that is how much user can it handle because based on what you said there will be a lot of variable to make an identifier, for example if they were to use 500k variable to make an identifier wouldn't it make it difficult for normal computers to process, imagine that 500 and the combination is unique, and there are 500 thousand users then wouldn't that overload a computer. The best solution right now would be to create an insurance in case there is a stolen fund or marking the funds stolen so they can't be used, that is much better because they discourage people to steal.
---------------------------------
Passwordless authentication is a continuous process of verifying each data packet, without exception or compromise, in both directions, over a cryptographically closed communication channel.
If the data packet you are sending is 256 bits (the minimum possible), then Keyless Encryption must identify that data packet by its level "its" - "someone else's".
If the data packet is "its own" then it is sent by the user who installed this communication channel, which in turn means that the authentication of the sender of the packet took place.
How many options are there in the 256-bit code? I think more than 500.
The data packet itself, which will be authenticated, is a variable numeric identifier. Variable - because every next data packet, no matter what information in it is encrypted, the same or no encrypted information (in keyless encryption technology there is an important point - encrypting silence) - must have a completely different, unique code, one of 256, in order to be identified as "your" - "someone else's".
 In addition, this way of transmitting information does not require a digital signature, all information will be verified through a verification of the subsequent packets of data - by default.
The trick is that if the information decrypted in the previous packet was decrypted incorrectly even by 1 bit - all the next packets will be formed incorrectly, which means - will not be recognized, which means - will not be decrypted, everything, or the end of the communication session, if the channel is noisy, or resumption of transmission from the last successfully received, decrypted and identified data packet, this already solves the transmission protocol.

Thus, we get, together with passwordless authentication, an immediate complete verification of all sent information, without a digital signature.

This is the main advantage of keyless encryption technology.
The key is every single event, and the encrypted information, and erroneous packets, and repeated packets and much more that allows:
1. or instantly identify the packet (approximately 25% probability);
2. No matter how a packet is identified instantly or not, unambiguously identify it by taking the following data packets, with accuracy, with verification, to one bit.

So there is no problem with a large number of clients.
sr. member
Activity: 1624
Merit: 315
Leading Crypto Sports Betting & Casino Platform
If we were to use your proposed way of authentication there will be problems, though I agree the problem with that is how much user can it handle because based on what you said there will be a lot of variable to make an identifier, for example if they were to use 500k variable to make an identifier wouldn't it make it difficult for normal computers to process, imagine that 500 and the combination is unique, and there are 500 thousand users then wouldn't that overload a computer. The best solution right now would be to create an insurance in case there is a stolen fund or marking the funds stolen so they can't be used, that is much better because they discourage people to steal.
full member
Activity: 224
Merit: 120
whether TOXIC token is planning to do a token sale in exchange (IEO) I think it's a good idea to maintain investor confidence
---------------------------------
I know these guys, they think rightly that the time of keys and passwords is a rudiment from the past and whoever cuts it off first will win the total fraud associated with stealing passwords and keys.
I can only help them with the technology itself, I have developed a theoretical basis for keyless encryption and passwordless authentication (not by your biometric waste...), who is interested in sending out publicly understandable material.
But I myself, not involved in this project, cannot answer the question of what and how to do it. I am sure that if the future is not in this project, there will be others like this, which will spare us the fear of stealing our identification data. That just doesn't make any sense.
full member
Activity: 224
Merit: 120
I dont think that we should change all auth to biological. Sometimes just password is enough
----------------
This does not suggest changing the password authentication to biological.
As practice has shown, biological is even more vulnerable than password authentication.

Most fingerprint sensors can be tricked with a textile adhesive impression.

Cisco Talos has conducted a study on how to circumvent biometric fingerprint-based authentication systems. The researchers achieved success in almost 80% of cases.

In the course of the study, the researchers took the victim's fingerprints from the surface she touched, printed the mold for casting with a 3D printer, filled it with inexpensive fabric adhesive (the researchers specifically took inexpensive materials for the experiment to see what "success" the attacker can achieve even with minimal resources) and cast a cast of the print.

Specialists applied the cast prints to various sensors of fingerprints, including optical, capacitive and ultrasonic, in order to identify the most reliable of them. As it turned out, there was no particular difference between these sensors in terms of security. However, more researchers have managed to hack gadgets with ultrasonic sensors. They are the latest type of transducers and are usually built into the device display.

With the help of casting specialists were able to unlock almost all the smartphones taken for the experiment. As for laptops, they were able to unlock 95% of MacBook Pro.

As for password authentication, this method also proved to be completely untenable. Passwords are being stolen and sold on a massive scale. In one minute the world spends almost $3 million to maintain these outdated security systems.

I am offering passwordless authentication based on keyless encryption, not an old compote on new ideas.

And another feature is silence encryption. It completely closes the communication channel from surveillance and analysis.
jr. member
Activity: 129
Merit: 1
I dont think that we should change all auth to biological. Sometimes just password is enough
full member
Activity: 842
Merit: 100
whether TOXIC token is planning to do a token sale in exchange (IEO) I think it's a good idea to maintain investor confidence
full member
Activity: 224
Merit: 120
I'm really sorry. I can not understand what you're trying to say. This is a completely new way of thinking about encryption.

I had implied that the initial chess board is fixed in it's starting position, and any updates to the pieces could be followed by an eavesdropper using the same keyless encryption scheme you proposed.

I'm not even talking about a man-in-the-middle attack.
-----------------------
A listening device is a 100% effect, no matter how it is encrypted, it is important to always remember that you will be overheard until the encryption is complete, the keys you press on your computer are scanned, the screen and the on-screen keyboard are scanned.
This is all understandable.
And this is not a cryptographic task.
Cryptography is about making your own, closed channel between clients.
What is the main vulnerability of modern cryptography, regardless of the complexity of the encryption system?
It's in the keys.
Nobody works to break into the encryption system itself, always stealing keys. Always exploiting this particular vulnerability.
What do the crime stats show?
The theft is growing. And the worst part about stealing your key is you don't know it.
What's the danger?
Because you keep encrypting your secrets, which are now available to the cheater. Perhaps all your secrets of the past are now available. There are bad consequences for you.

What does keyless encryption technology offer?
It prevents a cheater from stealing and exploiting your keys... due to their complete absence.
Or in other words, there's a huge number of them, one unique key for just one data packet. The next packet of data is a new one. What would it take to know a new one, like Eve, a third party?
Nothing special, the whole history of information exchange between clients (between Alice and Bob) with an accuracy of one bit.
Think, and read carefully - not from the beginning of this communication session or from the beginning of this calendar year, or any other "beginning", but from the first bit in the channel and to the last one that was sent to the channel, its exact (miles, miles second) time, its exact decryption, everything, absolutely all the settings of the encryption system for each bit of information (!!!), but it's not enough - every single error in the history of information exchange between Alice and Bob! It is necessary to know not only all the errors (even errors of noise origin), but also their exact time and their exact sequence in the flow of information - in the history of information exchange!
But this is not all.
Imagine that Alice and Bob are communicating by voice in their closed communication channel. It happens, people say "on the phone".
A scammer needs to know every single pause between the words of the speakers, their exact duration, the exact time of arrival and end!
I can tell you right away that there are no pauses in the communication channel - there are no pauses completely, on the physical level. Attack by a person in the middle of no information about the pauses in the conversation between Alice and Eve - will not give.
Also, the observer Eva will not receive information about who is passing the information to whom.
She won't get any information about who's transmitting the information or how much.
She won't receive information about whether or not the information was transmitted at all.
Wait.
And here we get interesting methods of protection against "man in the middle" attack - we just are silent, Bob and Alice are silent, and in the channel of communication the information exchange continues evenly, the flow of information from Alice to Bob is exactly the same as from Bob to Alice, and absolutely does not change when they stop talking and start talking.
Ironically, it's a fact.
It's a real closed channel, without the possibility of any analysis of the volume, fact, and direction of information transfer in it.
Why is it so complicated?
Because otherwise such an encryption system won't work.
It's a new encryption built on an ever-changing continuum of virtual space and time. The space isn't complex, but it's dynamic, without static states. That's why downtime isn't possible.     

What's the attack in the middle? In this concept, it is meaningless and useless.
full member
Activity: 224
Merit: 120
In the world where hackers and such exists, I don't think keyless and passwordless authentication is possible yet. I'm not even satisfied with how fingerprint and face detection work yet especially if it involves a huge amount of money. I can't even think of a good security measure to counter those hackers, honestly. Even if there's a lot of security measures involve they are still able to hack accounts in just a few clicks.


With the world of cryptocurrency, many people have much money on their digital wallets; for the safety of the users, the developers make a hashing of the passwords before the passwords are not encrypted; it was just a verification for the user's authenticity for having good security. They make the passwords harder and not prone to hacking they use the hashing to make a different text, numbers, and symbols combined together, and this is the essential thing today if you want to develop a website and system. But the hackers are ethical too, so the developers make another way of encryption this is the two-way authentication that sends the code to their users and verifies by the computer.
I do not really think that this can happen because when I've started here passwords are really important because it makes your wallet really secured and to avoid also from hacking. Maybe because of technology is keep on innovating this can happen but I can say that password is still important to every wallet, it makes your money secured.
To me, it doesn't make sense. Yet. I just don't understand how you can identify someone without knowing at least one detail about them. 2FA (time based) works on a secret and the current time, changing every 30 seconds.

Encryption, works on a key, whether that's a shared secret key, or a public/private keypair.

Yes, the only problem with that is when they steal your 2fa privkey at the time of creation, or when your device time isn't exactly in sync, or when the user loses the privkey (because GA was in the stolen phone, etc)...

To me 2fa is not an excuse to replace a solid good randomized password made with a decent password manager (not online sites, free open source software) that also uses a very good password running in a secure OS unlikely to have random malware of the week sniffing.

Passwordless solutions have always been defeated at some point, they are way too dangerous. You can do a "one time", and then go asymmetric like with SSH you add public server keys to your client and never input login passwords again, but only if your OS is secured.

And very likely some of the passwordless proposals include fingerprinting you to the point of uniqueness. What happens when THAT info falls into the wrong hands? Same as with KYC/AML.
Indeed, using 2FA authenticator really makes your money safe so even if it is not convenient I will still support a project or wallet that has this kind of stuff to make my money safe. I will not risks my own money supporting a wallet that has no encryption and authentication. It can make hackers easy to hack your wallet account. But we cannot say that this is not possible, maybe in the future, they can produce a wallet like that but there must be security information that is needed like making other stuff other than authentication.
-------------------------
The modern protection system is a modern protocol, a set of instructions on the technologies underlying these protocols.
The main technology underlying the security systems is cryptography.
Cryptography, any system, is built on the methods of using the key, which is used as the instruction needed to configure individual (for this key) encryption algorithms.
Therefore, any protocol based on modern cryptography will always ask you for the key, password, biometric identifiers, which are essentially the same password, password-constant, it cannot be changed.

As soon as you build a system that has a weak link in its foundation - a password or key, so prepare yourself immediately for the fact that scammers will not break you in the forehead, they will look for access to keys and passwords.

Modern cyber crime research, their statistics, reports from companies dealing with this issue, even a Microsoft report - all this clearly shows that keys and passwords are almost always stolen.

Any security system, the most sophisticated and modern, even postquantum ones, if based on passwords or keys, will have a vulnerability in this very weakest link - the key (password).

Only keyless encryption systems will allow to build more reliable security systems.

So, on this subject, today the press writes:
 "Last month, ThreatFabric discovered the first ever malware to steal two factor authentication codes generated by Google Authenticator. The researchers named the malware Cerberus. Cerberus is a hybrid of the banking trojan and remote access trojan (RAT) for Android devices. After infecting the device with the bank trojan functions, the malware steals bank data. If the victim's account is protected with Google Authenticator's two-factor authentication mechanism, Cerberus acts as a RAT and provides its operators with remote access to the device. Attackers open the Google Authenticator, generate a one-time code, take a screenshot, and then access the victim account. According to researchers at Nightwatch Cybersecurity, Google could have fixed the problem back in 2014, after a GitHub user wrote about it, but didn't do so. The problem remained unsolved in 2017, when Nightwatch Cybersecurity reported it to the company, and remains so today.

What's next?
full member
Activity: 224
Merit: 120
full member
Activity: 224
Merit: 120
Password less authentication ?
Okay so what do you think would be used instead of a password ?
Fingerprint ?
Face lock ?
Voice recognition ?
The authenticator by Google?
----
Except the last one , I do believe each and everyone of them comes with a fault , come on one can actually do something to a person to connect with the device .. unfortunately us traders hold most in our mobile phones and I do think not just passwords , but everything at once all the things that I listed are not enough too  Smiley you can never be more secure .
------------------
Authentication without a password does not mean that you do not have a password.
I take it it it's not clear, what's the difference and what's new with this technology?

What's new here is that you only use a password once when you register on a site (like a site).
Password, of any complexity - for a site always looks different for you, it looks like a digital code. And the numerical code - by appearance of which it is impossible to find out your password.
This is a so-called one-way cryptographic function, which makes from your alphanumeric password - a hash, a numeric identifier by which your device will be recognized, not you.
Regardless of whether you enter the password manually, or if the password is written in a program (e.g. in a browser) and the browser enters it itself, the server will identify you as "the device that provided your numeric identifier. Dot.
No identification is made.
Proof:
- If a fraudster enters your password, the server will be more than happy to identify you.

So, password technology is dangerous. And above all it is dangerous because you have a permanent digital identifier, which is produced by a one-way function from your "password" is always the same. A scammer does not need to guess your password, it is enough to have this numeric identifier.

For this reason, all biometric identifiers are a form of password, but they are even more insecure than a password, because they are very easy to forge.

Some banks, even refuse to serve customers, to
that prove themselves not by a password, but by biometrics.

These are all technologies based on your permanent digital identifiers, no matter how they are obtained.

They are stolen, tampered with, guessed (passwords) and cheated by the server.

The idea of passwordless authentication is based on your ever-changing numeric identifier. But not as primitive as Google did - every 30 seconds, and at another higher level - at the level of every packet of data, at the level of keyless encryption technology.
   
You don't enter your password a second time. If you want, you can confirm yourself with an additional password or your biometric data.
But this is additional, not basic confirmation.  In this variant, if steal your password - then nothing at the swindler will not work.  Because the server before entering the password, identifies you in the face of your device, as its user.

And one more thing.

If your password or your numeric identifier is stolen - it is not the fact that you immediately find out about it, it can be done remotely.

But if I steal your device, you will immediately notice it and take action.
Moreover, you cannot steal your device remotely.
It's a fact.
hero member
Activity: 1890
Merit: 831
Password less authentication ?
Okay so what do you think would be used instead of a password ?
Fingerprint ?
Face lock ?
Voice recognition ?
The authenticator by Google?
----
Except the last one , I do believe each and everyone of them comes with a fault , come on one can actually do something to a person to connect with the device .. unfortunately us traders hold most in our mobile phones and I do think not just passwords , but everything at once all the things that I listed are not enough too  Smiley you can never be more secure .
full member
Activity: 1442
Merit: 153
★Bitvest.io★ Play Plinko or Invest!
In the world where hackers and such exists, I don't think keyless and passwordless authentication is possible yet. I'm not even satisfied with how fingerprint and face detection work yet especially if it involves a huge amount of money. I can't even think of a good security measure to counter those hackers, honestly. Even if there's a lot of security measures involve they are still able to hack accounts in just a few clicks.


With the world of cryptocurrency, many people have much money on their digital wallets; for the safety of the users, the developers make a hashing of the passwords before the passwords are not encrypted; it was just a verification for the user's authenticity for having good security. They make the passwords harder and not prone to hacking they use the hashing to make a different text, numbers, and symbols combined together, and this is the essential thing today if you want to develop a website and system. But the hackers are ethical too, so the developers make another way of encryption this is the two-way authentication that sends the code to their users and verifies by the computer.
I do not really think that this can happen because when I've started here passwords are really important because it makes your wallet really secured and to avoid also from hacking. Maybe because of technology is keep on innovating this can happen but I can say that password is still important to every wallet, it makes your money secured.
To me, it doesn't make sense. Yet. I just don't understand how you can identify someone without knowing at least one detail about them. 2FA (time based) works on a secret and the current time, changing every 30 seconds.

Encryption, works on a key, whether that's a shared secret key, or a public/private keypair.

Yes, the only problem with that is when they steal your 2fa privkey at the time of creation, or when your device time isn't exactly in sync, or when the user loses the privkey (because GA was in the stolen phone, etc)...

To me 2fa is not an excuse to replace a solid good randomized password made with a decent password manager (not online sites, free open source software) that also uses a very good password running in a secure OS unlikely to have random malware of the week sniffing.

Passwordless solutions have always been defeated at some point, they are way too dangerous. You can do a "one time", and then go asymmetric like with SSH you add public server keys to your client and never input login passwords again, but only if your OS is secured.

And very likely some of the passwordless proposals include fingerprinting you to the point of uniqueness. What happens when THAT info falls into the wrong hands? Same as with KYC/AML.
Indeed, using 2FA authenticator really makes your money safe so even if it is not convenient I will still support a project or wallet that has this kind of stuff to make my money safe. I will not risks my own money supporting a wallet that has no encryption and authentication. It can make hackers easy to hack your wallet account. But we cannot say that this is not possible, maybe in the future, they can produce a wallet like that but there must be security information that is needed like making other stuff other than authentication.
full member
Activity: 224
Merit: 120
To me, it doesn't make sense. Yet. I just don't understand how you can identify someone without knowing at least one detail about them. 2FA (time based) works on a secret and the current time, changing every 30 seconds.

Encryption, works on a key, whether that's a shared secret key, or a public/private keypair.
э
-Yes, you're right, to identify someone, that someone must have a personal ID.
The idea of keyless encryption, and the idea of passwordless authentication does not violate this principle, the principle of having a personal identifier that allocates one of all.
On the contrary, this idea - has received unexpected development from the point of view of logic, from the point of view of the theoretical concept on which all this technology is built.
If in a conventional system, a password authentication system, you have the same password until you change it yourself, you have the same identifier, a digital identifier that can be stolen at any time and used on your behalf.
Option with a 30-second change of Google's incremental entry to your password (cryptographic salt and hashing amount) - I don't discuss it because the idea is diluted by the time factor, but not fundamentally changed.
We propose a radical change to the idea of password authentication (which automatically means using keyless encryption, I'll explain why this is the case later), which is in this protocol:
1. The client registers, designates himself and gets his digital ID;
2. gets its first authentication, and therefore authorization (obtaining the rights of its account);
3. Connects a keyless encryption technology that changes the encryption key for each packet of data, which is completely similar to the lack of a key, in fact, only the encryption scheme always changes, the word key is from the old concepts of encryption, but so far familiar to our hearing; 
----------------------------
Important - the encryption scheme changes for each new packet of data, not for the time. For each and every one of them, both sent and received. For 1 data packet, for example, for every 256 bits of information encrypted in the packet. The law of changing each bit is different and has 256 values. If you like the word key, it means the key for every single bit. This is a complete analogy to the Vernam cipher. The encryption process, in the most recent round 8, uses disposable binary tape. And it's not the main encryption round, it's an auxiliary one. The basic elements of vector-geometric, keyless encryption technology are completely different, see the diagram above in my posts.
------------------------------
4. now your identifier has floated, it has started its infinite digital voyage, it is now a variable, a variable for every packet of sent data. The server doesn't know in advance what it's going to be. And you don't know ahead of it. Forward, it means forward to the normal human reaction time, like the next second. All that your encryption system and the symmetric encryption system on the server know is how to form a new data packet. For this reason - stealing the encryption scheme (there is no key, you can't steal the key) that is used to encrypt the current data packet - doesn't make sense, because the cheater will never have time to use it until he processes it - the encryption scheme changes many thousands of times.

This is the root of the idea of passwordless authentication - in a constantly, continuously changing, variable identifier. 
full member
Activity: 224
Merit: 120
An interesting question, what modes is the geometric model of keyless encryption capable of supporting without violating the declared principles of encryption?
The normal encryption mode without the key function is possible.
But...
The key information encryption mode is possible.
I specifically use the word "key information" instead of "key".
Well, here's the thing.
Let's say that users decided to use the key for their next encryption session.
Okay, no problem.
Unlike key encryption systems where there are clear requirements for the key (for example, clear length of the key), in a keyless encryption system, such requirements are completely absent.
In the literal sense of these words.
Except one: both users should have the same key. That's all.

Let me give you an example of what can be a key:
1. One character, one digit.
This is completely enough for the system to go into a completely new, unpredictable state (because of the time of the event, remember, we have a full space-time continuum, a discrete structure), and the quality of encryption does not degrade or change, absolutely not how. Is it interesting?
Think about it, the location of the elements has changed, the initial coordinate point has changed, the temporal correspondence of the elementary part of the encrypted information (e.g. byte of information) is its own, new, and all the other rounds of encryption are also completely new. This is the new Logical Time Tunnel. It's a new encryption scheme.
What's the danger of such short key information, such a key? Guessing to the attackers.
Really, it's not enough for him to guess the key, he needs it:
1) Know when to log it in;
2) Don't miss the first and all subsequent communication sessions between the parties he attacks;
3) Moreover, do not skip any packet of information from each communication session;
4) Moreover, do not miss a single byte of any data packet.
Whoa!
How and why is that?
Because if one bit of one data packet is accidentally modified by the communication noise, and that modified bit (in the data packet) is received by the user, but not by the attacker (Eva), then the symmetry between the user's system and Eva's system is lost!
Why?
Because the user will request a repeat of the wrong data packet, but Eva will not.
So the natural noise in the channel - improves the security of the closed channel Alice-Bob and removes the third party from the channel (Eva) in case she could not find out about one modified bit in one single data packet.
Eva's challenge is enormous, even with Alice-Bob's shared key compromised.

Next, let's continue with the examples of "key information".
 2. Any text, any length, in any language.
3. Photo, image, drawing.
4. Symbols, hieroglyphs, special characters in any quantity and any sequence.
5. Any digital code, any binary code.
6. Audio file.
7. Other, which is information.

For these reasons, the term "key" here is not very accurate, the term "key information" is more appropriate.

The key mode has at least two more encryption modes, and then this.

There is also an encryption mode and a mode for transmitting (or receiving) large amounts of information.
Data verification mode.
Mode of two-way primary verification at the beginning of the next communication session.
And others.

 Functioning in any mode, defines the special configuration of system, the certain adjustment of its algorithms, with deep feedback between the accepted "conditionally true" information and the transferred (new and precisely true) information. Such logic, after some time, allows to be completely assured that all transferred and accepted information not only is not modified, but also has been correctly deciphered by both participants of an information exchange.

Disinformation of the user about which would not become known, in this system of encryption - it is not possible.
This unique feature of keyless technology, can be used for instant control of absolute integrity of any volume of traffic in the network, in a point-to-point section.
full member
Activity: 224
Merit: 120
Here's another, another example, confirming the failure of modern security systems based on key and password cryptographic protocols.
Obviously, for modern cryptography, including post quantum cryptography, the fact of having a key will level out any cryptography. Fraudsters always scream the keys, not crack the encryption.
We study the news carefully:
-
Officers of the Cyber Police Department of the National Police of Ukraine identified a 25-year-old local resident who had broken into and emptied crypt currency wallets.
Crypt wallets, not any others!
According to the press service of the Cyberpolice, the man was a participant in closed forums where he bought logins and passwords from crypt wallets. In addition, he purchased and modified malware to gain unauthorized access to protected logical systems of protection of Internet resources. With its help, the attacker gained access to accounts on crypt-currency exchanges and withdrew funds.

This is the price for key protection systems - a paradise for scammers, and a fiction for users.

Here's a confirmation:

- During the search of the residence of the case, a laptop, a mobile phone and a computer were seized. A preliminary inspection of the equipment revealed that it contained malware and confidential data related to electronic payment systems, e-mail passwords and keys to cryptocurrency wallets.

Clearly, keyless encryption systems and passwordless authentication, if created, would be more secure than today's.
full member
Activity: 224
Merit: 120
To me, it doesn't make sense. Yet. I just don't understand how you can identify someone without knowing at least one detail about them. 2FA (time based) works on a secret and the current time, changing every 30 seconds.

Encryption, works on a key, whether that's a shared secret key, or a public/private keypair.

Yes, the only problem with that is when they steal your 2fa privkey at the time of creation, or when your device time isn't exactly in sync, or when the user loses the privkey (because GA was in the stolen phone, etc)...

To me 2fa is not an excuse to replace a solid good randomized password made with a decent password manager (not online sites, free open source software) that also uses a very good password running in a secure OS unlikely to have random malware of the week sniffing.

Passwordless solutions have always been defeated at some point, they are way too dangerous. You can do a "one time", and then go asymmetric like with SSH you add public server keys to your client and never input login passwords again, but only if your OS is secured.

And very likely some of the passwordless proposals include fingerprinting you to the point of uniqueness. What happens when THAT info falls into the wrong hands? Same as with KYC/AML.
The idea of an innovative way to secure and get a hold of your stuff is astounding, let alone variable keys. But I don't think the general public is ready to accept it just yet. Most of the people are fond of using password and keys that itself provides enough security to fend off unwanted people, it's just that the system supporting the program is the one that fails which let in unwanted people from the chart.
--------------
The idea of working without a password or encryption without a key requires no getting used to, no fingerprints, no biometric identifiers.
So there is no need to get used to this technology.
You need to get used to complex passwords, new passwords for each new service.
Here everything is simplified for the user, but complicated for a cheater.

Moreover, the user gets 100% rid of phishing, stealing passwords and keys.
Only your device can be stolen.
But loss of the device is always visible, and loss of keys, passwords, personal information is not visible at all.

Access to you or your data happens regardless of your desire or your importance.
This is fully automatic data collection. It is a program that collects everything and everyone.
It's done by both the government and the crooks.
But the government doesn't want scammers to know more than the government. That's the reason why news like this happens:
On January 14th, the FBI seized the domain WeLeakInfo.com for providing users with paid access to data leaked to the network by hacking. The operation was conducted jointly with the National Crime Agency (NCA), the Netherlands National Police Corps, the German Federal Criminal Police Office (Bundeskriminalamt) and the Police Service of Northern Ireland.

"The Web site gave users access to a search engine to view confidential information illegally obtained from more than 10,000 data leaks, including more than 12 billion indexed records, including names, email addresses, logins, phone numbers and passwords," the U.S. Department of Justice reported.

The subscription price ranged from $2 to $75, giving users unlimited access to search engines and data for a limited period of time.

Here's the price of your logins and passwords and more today: from $2 to $75. And this is not the highest price, there is cheaper.

This is reality, open your eyes, 12 billion records, this is all humanity!

This is the true state of affairs when using key and password based technologies. This is not the end.
It's just beginning...



So most likely its through finger print or face recognition or something. Well its possible to happen but of course we need to consider the security features and possible system lockdown. We must consider some backup plans and procedures to retrieve data and security measures.
-----------------------
It is not recommended to use any system by fingerprint.
Numerous studies have shown that this is the easiest barrier for a burglar.
The laziest ones make a "master fingerprint". This is the equivalent of a "master key" to door locks.
Statistics have shown that the "master fingerprint" opens 65% of all devices on which there is a lock by fingerprint.
Similarly, but not always exactly so, any system whose security is based on other biometric identifiers is very easy to crack.
All this was invented by marketing, use it for your health...

As for backup, it's protection against breaking your device, not against a cheater who went out hunting. And it's not just scammers who hunt your data, but governments and corporations as well. It's automatic.

On the contrary, in terms of security, the more copies, the easier it is to steal.

It's all a cat-and-mouse game. You need radical, global, new solutions.

What we've built for us and offered to use is, in most cases, a cleverly disguised trap.

And yes, I know that I'm in the absolute minority, with these views.



As for our keyless encryption technology and at the same time, in fact, it performs the task of passwordless authentication, your usual passwords, keys, biometric identifiers - can successfully complement this encryption system, or even better - to fill with its content information part of the channel. There are no contradictions or prohibitions here.
Instead of filling the encrypted data packets with false information, the system will fill those data packets with information about your identifiers, any, in any combination.

But, unlike normal, password authentication, your identifiers will play a secondary role.  The primary role will be the data packet itself, the order in which it is formed, encrypted and transmitted. If it is properly formed, identified by the host in the current Logical Time Tunnel, then the transmitting party is already 100% identified. This confidence is given by the encryption itself, without compromise, without analysis, without vulnerability because there is no key.

What to do with the mismatch of secondary identification features, if this has happened, are passwords, biometric identifiers, decides the algorithm of system operation. There are many options, request a repeat, do not accept this data, send data for verification (the user has mixed up his password), refuse authentication - we do not care.
The keyless encryption system has successfully encrypted and decrypted any information that was given to it. Without a key, without compromises, over a closed communication channel.
The fact of identification of its data packet, combined with the fact that it was correctly decrypted, provided 100% primary and basic identification of its interlocutor.

Thus, fears that the password or keys were stolen have no basis in this concept of encryption and information transfer.

Similarly, fears of weak interference immunity of the system have the opposite sign, the system is so interference-resistant that leaves neither misinformation nor any modifications - no chance.
 
Conclusion. The very fact of successful operation, a closed communication channel organized by 2 (or more) users, would not have been possible in principle if the function of infiltration of interference into this communication channel had been possible.

Such communication channel either works and works only absolutely reliably, no modification is able to break it, or does not work at all, the middle between these modes is not possible on the principal level of keyless coding technology.
These are logical, quantum, black and white system states.
There is no gap between them.



Let us explain again what we mean when we talk about repeating a previously transmitted data packet.

This is a keyless system, so note that this and all other repetitions are never transmitted to the channel by the same cipher code to which the previously modified data packet, the one that is now being repeated, was transmitted.
Moreover, this is also not possible because of the relationship between the cipher code and the data packet counters.
The reason why repeated data packets differ from the original data packets is their processing in the new Logical Time Tunnel. All Logical Time Tunnels have strong feedback to the hash code of all past system events, i.e. it is some kind of derivative.
There is also a bitwise addition of the new code's XOR with a new disposable binary ribbon (a full analog of the "disposable notepad" to obtain the Vernam cipher) of the same length as the data packet.
Therefore, regardless of whether a new data packet is formed or the old one is repeated, the keyless encryption system is forced to do its job, always doing the same thing, always the same as with a completely new data packet, so it is of high quality.



So, we have described that no package of information, or in any of the modes of operation, is equally encoded. For this purpose, a temporary virtual space has been created, which is always changing, always unpredictable in advance as it is, the variants of building this space infinite set.
This gives an important factor for encryption - unpredictability, multivariance, dependence on the processed information in its unit of time, in its moment of time, the so-called Logical Tunnel of Time.

The proposed technology of verification and passwordless authentication is possible only with its original paired system, only with the one which processed the same information and at the same time, and as we remember, in which even all the pauses, their time and their exact duration coincided - the same for both systems. It is an absolutely reliable system of infinite information ratchet, clinging to both information and time indicators of its existence.
In contrast to the double ratchet - the "mechanism" for creating new keys, based on the old ones, our technology creates a whole environment for understanding everything that happens, not just key information, the independent definition of all the rules transforming and configuring the entire system.
Our technique is therefore similar to the ratchet idea, but differs in that it works continuously, literally for every bit of information, infinitely long. It is probably the only possible variant of symmetric functioning of two encryption systems and the possibility of implementing the most keyless encryption technology in principle.   
It becomes clear why such a system is not afraid of interference, targeted attacks, or errors of randomly unknown origin. All these phenomena - direct the settings of both systems in different directions by definition, all that remains is to draw conclusions and take measures, to return the system to the moment when both systems had a symmetric setting, or in other words, the same Logical Tunnel of Time.   




An interesting question, what modes is the geometric model of keyless encryption capable of supporting without violating the declared principles of encryption?
The normal encryption mode without the key function is possible.
But...
The key information encryption mode is possible.
I specifically use the word "key information" instead of "key".
Well, here's the thing.
Let's say that users decided to use the key for their next encryption session.
Okay, no problem.
Unlike key encryption systems where there are clear requirements for the key (for example, clear length of the key), in a keyless encryption system, such requirements are completely absent.
In the literal sense of these words.
Except one: both users should have the same key. That's all.

Let me give you an example of what can be a key:
1. One character, one digit.
This is completely enough for the system to go into a completely new, unpredictable state (because of the time of the event, remember, we have a full space-time continuum, a discrete structure), and the quality of encryption does not degrade or change, absolutely not how. Is it interesting?
Think about it, the location of the elements has changed, the initial coordinate point has changed, the temporal correspondence of the elementary part of the encrypted information (e.g. byte of information) is its own, new, and all the other rounds of encryption are also completely new. This is the new Logical Time Tunnel. It's a new encryption scheme.
What's the danger of such short key information, such a key? Guessing to the attackers.
Really, it's not enough for him to guess the key, he needs it:
1) Know when to log it in;
2) Don't miss the first and all subsequent communication sessions between the parties he attacks;
3) Moreover, do not skip any packet of information from each communication session;
4) Moreover, do not miss a single byte of any data packet.
Whoa!
How and why is that?
Because if one bit of one data packet is accidentally modified by the communication noise, and that modified bit (in the data packet) is received by the user, but not by the attacker (Eva), then the symmetry between the user's system and Eva's system is lost!
Why?
Because the user will request a repeat of the wrong data packet, but Eva will not.
So the natural noise in the channel - improves the security of the closed channel Alice-Bob and removes the third party from the channel (Eva) in case she could not find out about one modified bit in one single data packet.
Eva's challenge is enormous, even with Alice-Bob's shared key compromised.

Next, let's continue with the examples of "key information".
 2. Any text, any length, in any language.
3. Photo, image, drawing.
4. Symbols, hieroglyphs, special characters in any quantity and any sequence.
5. Any digital code, any binary code.
6. Audio file.
7. Other, which is information.

For these reasons, the term "key" here is not very accurate, the term "key information" is more appropriate.

The key mode has at least two more encryption modes, and then this.

There is also an encryption mode and a mode for transmitting (or receiving) large amounts of information.
Data verification mode.
Mode of two-way primary verification at the beginning of the next communication session.
And others.

 Functioning in any mode, defines the special configuration of system, the certain adjustment of its algorithms, with deep feedback between the accepted "conditionally true" information and the transferred (new and precisely true) information. Such logic, after some time, allows to be completely assured that all transferred and accepted information not only is not modified, but also has been correctly deciphered by both participants of an information exchange.

Disinformation of the user about which would not become known, in this system of encryption - it is not possible.
This unique feature of keyless technology, can be used for instant control of absolute integrity of any volume of traffic in the network, in a point-to-point section.



So most likely its through finger print or face recognition or something. Well its possible to happen but of course we need to consider the security features and possible system lockdown. We must consider some backup plans and procedures to retrieve data and security measures.
--------------
The problem with biometric identifiers is that they become a common computer numerical code.
To some extent it's unique, plus it doesn't need to be remembered, but it's just a code that, like passwords, is stolen by a cheater and successfully used.
Another, the main problem with all biometric identifiers is that it's easy to forge:
- your fingerprint is easy to find and scan;
- your face is even easier to find;
- even your DNA is not a big problem, we leave our biological traces everywhere and everywhere.

So, biometric IDs are not a solution to password authentication problems, but a marketing move by device sellers.

The real solution to all password and biometric authentication problems is passwordless authentication, which is based on variable digital identifiers.
Simple, reliable and elegant.




In the world where hackers and such exists, I don't think keyless and passwordless authentication is possible yet. I'm not even satisfied with how fingerprint and face detection work yet especially if it involves a huge amount of money. I can't even think of a good security measure to counter those hackers, honestly. Even if there's a lot of security measures involve they are still able to hack accounts in just a few clicks.
In a world where hackers exist, only authentication without a password is possible because they have nothing to steal.
Passwordless authentication is not free access to an open door. It is a technology that changes the lock on the door all the time, quickly, no matter what you want or do. At the same time, you change the key, it is the password.
In modern technology, you have the same lock and key to your door. Always the same, you have to keep the key (password) secret. Because anyone who has your key can go through your door, open your lock.
 Hackers always, exclusively and unambiguously hunt and steal your keys (passwords), they do not hit your head at your door. Their target is the key to your door. In other words, they need your digital identifier (biometric identifiers are converted into your digital permanent identifiers) because it is permanent.
Our idea is that you would have a variable identifier instead of a constant identifier. It would be produced as a chain of linked blocks in a blockchain, in a scheme:
1. Your usual digital identifier (password).
2. If you use it only once, it will be converted to a new numeric identifier, just as if you had changed your first password to a new one. But it's not you doing it, it's the program. It does it unpredictably randomly to an outside observer.
3. As soon as you use a second numeric identifier only once, it automatically changes to the new one.
4. And so on.

In this authentication scheme, the hacker has nothing to steal, no password, but he does.

Moreover, there is no place for phishing in such scheme (if you expand it in more detail), because verification takes place in two directions at once: the client identifies the server, and the server identifies the client.
And phishing is the most common attack vector for stealing your password and other things.



In the world where hackers and such exists, I don't think keyless and passwordless authentication is possible yet. I'm not even satisfied with how fingerprint and face detection work yet especially if it involves a huge amount of money. I can't even think of a good security measure to counter those hackers, honestly. Even if there's a lot of security measures involve they are still able to hack accounts in just a few clicks.
That's the confirmation of my words.
Today I have read the statistics on password attacks, it is alleged that almost 2 million users were attacked by password thieves in 2019.
And there is an increase in this type of crime.
Last year, the number of users in the world who were attacked by password theft programs increased by 72%.

Such programs are able to extract information directly from browsers, including account credentials, stored payment card data and content of forms for autofill.

These facts stubbornly lead us to conclude that password technologies are outdated.
We need a new foundation for 21st century security systems.
Password, this technology of the last century, as well as biometric identifiers, does not provide us with security.
The future only lies in passwordless technologies based on keyless encryption methods.
sr. member
Activity: 756
Merit: 251
So most likely its through finger print or face recognition or something. Well its possible to happen but of course we need to consider the security features and possible system lockdown. We must consider some backup plans and procedures to retrieve data and security measures.
sr. member
Activity: 1498
Merit: 374
Leading Crypto Sports Betting & Casino Platform
To me, it doesn't make sense. Yet. I just don't understand how you can identify someone without knowing at least one detail about them. 2FA (time based) works on a secret and the current time, changing every 30 seconds.

Encryption, works on a key, whether that's a shared secret key, or a public/private keypair.

Yes, the only problem with that is when they steal your 2fa privkey at the time of creation, or when your device time isn't exactly in sync, or when the user loses the privkey (because GA was in the stolen phone, etc)...

To me 2fa is not an excuse to replace a solid good randomized password made with a decent password manager (not online sites, free open source software) that also uses a very good password running in a secure OS unlikely to have random malware of the week sniffing.

Passwordless solutions have always been defeated at some point, they are way too dangerous. You can do a "one time", and then go asymmetric like with SSH you add public server keys to your client and never input login passwords again, but only if your OS is secured.

And very likely some of the passwordless proposals include fingerprinting you to the point of uniqueness. What happens when THAT info falls into the wrong hands? Same as with KYC/AML.
The idea of an innovative way to secure and get a hold of your stuff is astounding, let alone variable keys. But I don't think the general public is ready to accept it just yet. Most of the people are fond of using password and keys that itself provides enough security to fend off unwanted people, it's just that the system supporting the program is the one that fails which let in unwanted people from the chart.
full member
Activity: 224
Merit: 120
No one is going to ever hack this BitCoin, the BitCoin that costs about 1550 per ounce in the picture below  Grin Grin Grin



Hard Facts
-
In order for someone to hack, steal, no matter who, you need to be able to interest a reputable hacker.

People who can do it are worth more than gold. These are unique specialists who don't deny themselves anything, attack who they want and when they want.
This is how our security in the digital world works. It's not how it's set up, it's just a fake. There's nothing in this world that doesn't break, it's a matter of price.

Even the fact that you talk to specialists like that will cost you more than all your money. They probably aren't interested in you, because you aren't seen or hacked yet. This is not a situation where you are able to resist it, because you use digital devices that someone has made for you.

 Your keys and passwords can only be stolen because you have used them at least once.

Doubts?

Read the post from today, 12:45, here, then we'll talk:
https://bitcointalk.org/index.php?topic=5209297.60.



The main enemy of all these creative experiments, in the proposed model of encryption - is the effect of loop system.
By cycling of the system, we mean repetition of the state of the system, in any part of it.
Researches have shown that when the number of consecutive repetitions of the same algorithm is limited, this phenomenon becomes impossible in principle.
You should agree that a large number of elements in a large room is more difficult to put in order than to scatter around the room without order.
High entropy of chaotic movement, no matter what, is easier to achieve than low than the logical arrangement of all the elements.
It's harder to build than to break.
This is roughly the case in the proposed model of virtual space-world, the technology of keyless geometric encryption.
Fears that a very long silence of the user, which is replaced by the transfer of false information generated by the system itself - sooner or later the system will loop, also has no reason.
Let's remind that in this model there is no identical information, neither false nor user information, because the system is always "new".
In this regard, note that any information, and that which is produced by the system during the "silence", and that which is entered by the user for encryption, and that information which is repeated many times successively by the user - for the virtual space-time continuum will always be absolutely new information, because there are always new moments of time for the system and new numbers of sequence of events.
Thus, any data, even if it is constantly repeated, always differs from one another, always as new, so it always leads to new values of algorithms of system transformation.



How do I link absolute sensitivity to any code modifications with interference immunity of a closed communication channel?

Will there be an effect of interruption of work because of insignificant hindrances, technical, natural origin?

On the one hand, the above mentioned features of keyless encoding technology do not tolerate any modifications.
On the other hand, all modifications are visible, observable, and therefore it is possible to develop algorithms of system behavior.
The principle of these algorithms' operation is aimed at correcting any error in code. If an error is detected in the information part of the data packet - the method of correction is a repeat of this data packet.

Thus, a keyless encryption system, any of its models, any version, should have a protocol governing the formation, sending and receiving of data packets.

It turns out that errors are always visible, all consequences are controlled, therefore from the point of view of noise resistance of such model of encryption, this system is steady against any quantity of errors, with possibility of recognition and correction.

What kind of encryption system can handle such a wide range of tasks?
All a key encryption system can afford is a hash sum verification of a message.
A keyless encryption system can afford to identify, verify, analyze and correct every received packet of data.   

It's farther away.



From open sources, we know that fundamentally new encryption systems, absolutely new, able to withstand quantum computers obtained even from another galaxy - already now a large number.
And in 2022, we will know the winner.

All modern systems except AES will go to the dump of history, and the threat of quantum computers will remain in the past.

And what will be left for us?
There will be an eternal threat of cryptoanalysis, mathematical hacking into new encryption systems.
Why is that?
Because there's speculation, and there's evidence.
And to date, the only cryptography that's proven reliable is Vernam's cipher.
This cryptography was invented back in the 19th century (not even in the 20th)!

And we will also have the eternal problems of all key systems:
- stealing keys and passwords;
- phishing attacks;
- spyware that steals information until it's encrypted;
- and other nasty things in the modern world.

No cryptographic system struggles with these problems, or even has the capability to do so.

These threats, as well as quantum threats, can be counteracted by a new technology of keyless encryption and passwordless authentication, based on the logic and geometry of virtual spaces rather than on mathematics.

And the variants of virtual spaces are infinite a priori.   
member
Activity: 434
Merit: 29
No one is going to ever hack this BitCoin, the BitCoin that costs about 1550 per ounce in the picture below  Grin Grin Grin



Hard Facts
Pages:
Jump to: