[ANN] Bitshares SMF login plugin

[jsidhu]

From https://news.ycombinator.com/item?id=8788676 on BitShares Login

This sounds amazing and useful to me, but even if it all works perfectly, I do have one serious concern: if you forget the passphrase to your private key, your online identity is owned by nobody. That is a very scary prospect!

Is there a (obvious) solution here?

Wild / unspecified idea: What about somewhat making your finger print your private key?

Pretty cool idea but better to hAsh the fingerprint with an answer to a known security question.. that way even if your print was stolen they would need your priv key plus finger print plus answer to the secret question

[santaclause102]

From https://news.ycombinator.com/item?id=8788676 on BitShares Login

This sounds amazing and useful to me, but even if it all works perfectly, I do have one serious concern: if you forget the passphrase to your private key, your online identity is owned by nobody. That is a very scary prospect!

Is there a (obvious) solution here?

Wild / unspecified idea: What about somewhat making your finger print your private key?

[fluxer555]

Perhaps the site name also needs a robohash?

[erasmospunk]

 

Some feedback: What if an attacker registers a similar looking username on the blockchain for a mitm attack? For example when logging in to bitsharestalk.org the name that appears in the wallet is "bitsharestaIk" or "Bitsharestalk" instead of the original "bitsharestalk".

edit: clarification

[alt]

how to install bts handler plugin for firefox?

来自我的 HUAWEI P7-L00 上的 Tapatalk

http://wiki.bitshares.org/index.php/Developer/Build#System-wide_Installation_.28optional.29

it's part of the .desktop file

Code: [Select]

MimeType=x-scheme-handler/bts;


I have try just now, I need to run this command to work.

Code: [Select]

gvfs-mime --set x-scheme-handler/bts BitShares.desktop
run this to check if the bts handler register success

Code: [Select]

$ xdg-mime query default x-scheme-handler/bts
BitShares.desktop


[jsidhu]

http://bytemaster.github.io/article/2014/12/22/BitShares-Login/

bitshares url= Bitshares URI scheme

[bytemaster]

http://bytemaster.github.io/article/2014/12/22/BitShares-Login/

[alt]

I attempted to login to this today as I was preparing a blog article on the topic.   After I was redirected to your site it failed to log me in.

I noticed a few bugs with URL handling on our side of the fence.  I would really like to get the kinks worked out so we can all switch to BitShares login and start getting some extra benefits out of our BitShares accounts.

this is a big thing

[bytemaster]

I attempted to login to this today as I was preparing a blog article on the topic.   After I was redirected to your site it failed to log me in.

I noticed a few bugs with URL handling on our side of the fence.  I would really like to get the kinks worked out so we can all switch to BitShares login and start getting some extra benefits out of our BitShares accounts.

[gamey]

I'd like to test this out.  http://bitsharesnation.org/ does not load for me:

Code: [Select]

[497][~] curl -IL 'http://bitsharesnation.org/'
curl: (7) Failed to connect to bitsharesnation.org port 80: Connection refused
PM me if you need any details to help troubleshoot the connection issue.

Once that's resolved, let me know if there's anything specific that you'd like me to test, and I'll be all over it.

3 gigs is not enough memory for the VPS apparently.  It ran out of memory at some point and apache died.  Hrmmm.  I guess I can just buy another gig for the instance and restart it.

All the spamming bots help load test it for me.

[alt]

how to install bts handler plugin for firefox?

来自我的 HUAWEI P7-L00 上的 Tapatalk

http://wiki.bitshares.org/index.php/Developer/Build#System-wide_Installation_.28optional.29

it's part of the .desktop file

Code: [Select]

MimeType=x-scheme-handler/bts;


thank you,
I'll try this,
that's really exciting  feature

[70231f697a2b3c2b]

I'd like to test this out.  http://bitsharesnation.org/ does not load for me:

Code: [Select]

[497][~] curl -IL 'http://bitsharesnation.org/'
curl: (7) Failed to connect to bitsharesnation.org port 80: Connection refused
PM me if you need any details to help troubleshoot the connection issue.

Once that's resolved, let me know if there's anything specific that you'd like me to test, and I'll be all over it.

[sudo]

cool

[gamey]

This is back up and the plugin is fairly robust now.  www.bitsharesnation.org

Originally I was going to make users put in an email address but SMF has some internal rules to validate an email address so it can't be left blank.  This causes a security problem though because if that email is 'leaked' then an attacker can simply sign-up with that email if it is available and then take the account over.  I'm going to have to fix this I suppose and allow blank emails.  Hopefully it is a permission somewhere.

You can register with a bitshares registered account or a local account.  The membergroup reflects this now.  Otherwise not sure if anything changed except the sign-up flow.

[gamey]

Great Work!

just want to double confirm that, wouldn't this method access your private key, right?
Cuz in GUI wallet you have to unlock to do everything, not just transaction.

Also, I think it would be great if this login method can use bitshares_client, not just qt-wallet.

The wallet has to be unlocked so in that way it accesses the private key. I would have to review the crypto but I assume it utilizes the private key directly, but i am not 100% sure.

It would be hard to get it to work with bitshares-client, as you would need to protocol handler installer to set it up for you.  It might very well be the it does work with the cli if that is done.  I'm not sure what use-case you have in mind, but I'm just working on the php side.