Atlanta, Georgia-based BitPay today introduced a new password-less means of authentication dubbed BitAuth — designed to reduce (or even eliminate) the storage of passwords on server-side, and thus decreasing the impact of a compromised server.
“We’ve given long and careful thought to how best to protect the security of our customers’ data, of especially critical importance when dealing with financial information. Existing authentication schemes that you might be familiar with include username and password, client-side SSL certificates, or even shared secrets — in the end of our review, we found each of these to be lacking in various ways, so we made the decision to build BitAuth,” the company wrote Tuesday in a blog post.
By using the same “elliptic-curve cryptography” in use by Bitcoin, BitAuth allows the client to sign each request he/she makes, and the server will then check and see if the signature matches a the appropriate public key.
“A nonce is used to prevent replay attacks and provide sequence enforcement,” the company’s developers wrote.
A glance at the system
BitAuth makes use of a SIN, or System Identification Number, a “new form of indentity based on a cryptographic keypair” originally proposed by bitcoin core developer Jeff Garzik.
“The SIN is analogous to a Bitcoin address,” the developers write, adding that the “SIN can be shared openly with the world, as the corresponding private key is kept on the clientside and never transmitted over the wire.”
BitPay says:
[blockquote style=”2″]The BitAuth authentication scheme is directly compatible with the familiar username (or email) and password mechanic. In fact, when storing private keys, we recommend encrypting them with a passphrase, so even these are resilient to attack or compromise. The primary difference with BitAuth’s method is that the password is never sent over the wire, in any format.[/blockquote]
By using this particular system, the user will still encounter a similar experience to entering a username or password, “but locally use that password to decrypt the private key and subsequently use it to sign the request,” BitPay says.
Should the server being used becomes compromised, the integrity of the user’s authentication form remains untouched, though the story is different if the end user’s machine is compromised, as the password is stored locally.
Here’s how the system compares to traditional methods of authentication, quoted from BitPay:
-
Only a compromise of the client machine can endanger the system’s security.
-
Because the private key is never revealed to the server, it does not need to be exchanged between the server and client over a side channel like in HMAC.
-
Easy to implement wherever the Bitcoin protocol is implemented.
-
Decoupled from Bitcoin addresses, allowing for a more explicit separation from financial transactions and allowing for greater privacy.
-
Identity becomes portable — the same identity can be used on multiple services, letting you take your identity with you.
“We believe that widespread adoption of BitAuth (or a similar scheme) will enhance the security of the web, and look forward to seeing further services adopting this mechanism,” the company says.
BitAuth is open source and can be viewed on GitHub. For more information, visit the blog post here.