User Log in

MarketStone's picture

https://wlfriends.org/accounts/login is using a paraphrase over a username and password.

The smart thing about a paraphrase over a username and password is the paraphrase is the key to the encryption so every user uses an unique encryption. just like pgp. This is brilliant i can not believe this was not used 10 years ago for log-ins.

Comments

How does it work if two or

fizk's picture

How does it work if two or more people use the same phrase?

They are generating it.

MarketStone's picture

They are generating it when You sign up it looks like "89FR KR67 1WES Q566" This opens up all kinds of possibility. How about all user information encrypted in the database that even if the gov ask for all account information they are going to need Your paraphrase. Privacy just took 10 giant steps forward.

i have always thought wikileaks was a gov front company to spreed miss information but i am starting to change my mind.

How does it work?

frankaz's picture

Back to what fizk asked, how does it work if multiple people use the same phrase?

Does it know your region? (but then what if your traveling?) Or, are you saying you enter a phrase and it requires you to remember "89FR KR67 1WES Q566"?

I love the idea of encrypting all your private information using your own personal key, but again, how does it work if multiple people use the same phrase: "i love pizza"

The paraphrase

MarketStone's picture

No You do not use 89FR KR67 1WES Q566 then make a paraphrase. 89FR KR67 1WES Q566 is the paraphrase. You use 89FR KR67 1WES Q566 to login. They could be using pgp. Then pgp uses 89FR KR67 1WES Q566 as the key to the encryption.

True the site owner can secretly log what paraphrase goes to what account. And i do like what Your saying let the user make a secret paraphrase. They just implemented the paraphrase login a few days ago and after i signed up i could not login so i think there are a few bugs but Great idea.