jami
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ring] remove registration or change password


From: Simon Désaulniers
Subject: Re: [Ring] remove registration or change password
Date: Tue, 8 Nov 2016 23:07:37 -0500
User-agent: Mutt/1.7.1 (2016-10-04)

Hi Andrey,

On Tue, Nov 08, 2016 at 02:47:00PM +0100, Andrey Gursky wrote:
> Hi Simon,
> 
> > The username registration is optional and the password appears to be
> > linked to the username since it is presented as the classic "username,
> > password from", but is actually not relevant to your username
> > registration. This password is linked to multi-device account.
> 
> Could you please clarify the relations between RingID, username and
> password and multi-device in more detail? Are these separate
> registrations with separate blockchains? But the password is the same
> for RingID and username? Both registrations are permanent?

The ringID is the ultimate number we use to find someone on the DHT network
before contacting a buddy. We always need that number (internaly, under the
hood), but the username creates an abstraction for the user so that he doesn't
have to know the ringID exists. The username cannot be used on the DHT, we need
the ringID.

The username has to be written somewhere anyone can find it. The username is
paired with your ringID. Looking for the ringID behind a username must lead to
*undoubtable* results and must be done in a distributed manner, hence the
blockchain. In the blockchain, we actually write a mapping {username -> ringID}.
So, both ringID and username are written in the same blockchain. Note that no
password is needed in any of these operations.

For the rest, in short:
The password is used only for multi-device account management, i.e. sharing
sensitive account information between devices using an encrypted archive on the
DHT.

The long explanation:
Your ringID is the hash of the public key of your account. When you first create
an account, you automatically have one device linked to it: the device you used
to create the account. If you want to add an account, only a device being
already part of the account can help you do that, because it has the private key
that will sign (certify) the new device's public key. However, the new account
must also be able to be used to add other devices in the future, since that's a
device like any other. Therefor, the new device needs to be shared the private
key. That's the reason why the user now provides a password for his account.
This password is used to encrypt an archive containing the private key of the
account that is being stored on the DHT for 10 minutes (the time we give for the
new device to recover the archive). Of course, in order to protect users from
weak password choice, we also add a PIN (32 bits) which adds to the entropy in
case someone tries to bruteforce the archive password. The PIN is also used to
shadow the rendez-vous point we use to exchange the archive on the DHT. Once the
user uses his PIN on his new device to recover the encrypted archive which he
also decrypt with his password, the usage of a password is over, this is the
only use case.

A multi-device account has a list of device certificates which were signed by
the main account private key. When someone knows your main ringID and wants to
call you, he can then retrieve on the DHT the list of devices and check that
they're really devices approved (signed) by you (with the account main private
key). There could be more details, but I think that's enough for an email...

> 
> >> Is it possible to remove this registration or edit the password?
> >
> > For now registration are permanent as they are written to the
> > blockchain shared by every node in the Ethereum network and there's not
> > support for revoking a username yet. The only way to safely remove the
> > relation between your yourself and the username is to create a new
> > account.
> 
> RingID is a random string. The advantage of username is that it is
> easier to remember. But once one have lost a password or it has been
> compromised, one will have to create a new username. This would lead to
> polluted username space, harder to remember usernames. Thus neglecting
> its advantage, right? And if a username hasn't been used for a long
> time (e.g. 1 year) it will still stay forever as occupied, which is
> also not good IMHO.

Indeed. Those are issues we are aware of and we are presently discussing about
them.

> Actually, I've created my username with not a very strong password,
> just for testing purposes. Please add the warning about choosing a
> strong password because of impossibility of changing it afterwards.

As I said, the password is only linked to the multi-device archive. I imagine
that support for editing password between devices could be added in the future,
so that's not impossible, but it is indeed not doable for now. Also, as
mentioned earlier, the password is always strengthened with the help of the
randomly generated PIN. However, you're right that we could be more detailed in
the consequences of the password. I will forward the comment.

> 
> Regards,
> Andrey
> 

Thanks for your feedback!

Regards,

-- 
Simon Désaulniers
address@hidden
ring:55fee9448f9670aa4b6eecbb66a4a780e5c54d13

Attachment: signature.asc
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]