Autorizer: passwordless decentralized authorization through OAuth 2.0 on Emercoin blockchain

    This week, the company launched HashCoins open noncommercial project " Avtorayzer ", whose main task - to simplify the connection emcSSL for site owners. Being an OAuth2 provider, Authorizer allows you to enable passwordless authorization based on the Emercoin blockchain for any site whose CMS supports this protocol.



    You can see how this works in practice on the sites of the magazine about crypto mining Cryptor.net and a site with boobs where you can log in to comment on publications and make selections of your favorite glands.

    As we digitize our reality, authorization tools become increasingly important. Good old passwords no longer roll: it is too easy to crack if it is simple - or forget it if it is complex. Even password managers do not solve all the problems, because we simply cannot control how they are treated on the other side - on the side of the services themselves. And the constantly appearing news about the compromise of the account base of some major service with millions of users does not add confidence in the future. Even the hashed passwords can be selected according to the dictionary, if you wish.

    In his article “ Under the hood of Emercoin, ” Oleg Hovaiko, lead developer of the project, cites several recent high-profile incidents at once:

    Adultfriendfinder - 412 million accounts stolen .

    OPM (US Public Servants Base) - 22 million records stolen .

    Well, domestic hackers are also not far behind - Hacking VKontakte with compromised 171 million accounts .

    Here, it is no longer possible to attribute such incidents to an “exceptional special case”, here the system is traced. Of course, we will not argue - each hack was unique in its own way, but the result is the same - massive compromise of user accounts, reputation losses of sites and organizations, and in some cases significant financial losses both for users and for sites and their owners .

    EMCSSL - a decentralized service for passwordless access to Internet sites:

    1. The passwordless authorization principle guarantees protection against compromising the user account, as occurs in many cases of hacking of various services, because in this case no data is stored on the service side.
    2. And the decentralized nature of EmcSSL makes the user certificate independent of the service that issued it - which compares favorably with other passwordless authentication methods - for example, “login via Facebook”, which only works while Facebook itself is operational.

    EmcSSL shifts the focus of the authentication process to the user. When generating a certificate, a random number and a certain hash amount are generated, with which the user himself becomes the owner of his own personal data. The certificate consists of a public part and a private key, which is known only to the user.

    With EmcSSL technology, access to the identifier is not controlled by anyone except the user himself, the certificate is unique, as it is associated with a random number.

    The user of the emcSSL system receives a kind of “pass-all-terrain vehicle” that is independent of anyone but the user. Neither from the "website on the Internet", nor from the certifier, nor from anyone else.
    - writes Oleg Khovaiko, chief developer of Emercoin

    Like all good, but not recognized ideas, the problem with EmcSSL was not the reliability or grace of the solution, but the ease of implementation in real life. Imagine: hundreds of existing CMS - and for each you need to do integration? This is madness. Therefore, the decision to connect EmcSSL with OAuth was obvious: all the integrations are already there.

    Stages of connecting the site:

    1. Create a certificate. The certificate will allow you to log in to the Authorizer application page and add your site.
    2. Create an application. Everything is simple here. Indicate the name of the site and RedirectURL (about it a little further)
    3. Setting up the module on your site. There are ready-made modules for WordPress , Drupal and October. In the module settings you just need to specify Client Id and Secret. This data can be taken on the application page. RedirectURL depends on the selected CMS and is indicated in the instructions for the modules.

    HashFlare cloud mining has already implemented it in its miner control panels.

    EmcSSL certificate generation is free, and sending an entry about it to the Emercoin blockchain costs 0.2 emercoin (about 2.5 rubles). The purpose of the collection is to protect against spam and uncontrolled automatic issuance of certificates that would overload the Emercoin blockchain.

    HashCoins is working to make the process of issuing certificates completely free - that is, the company will undertake to send the data to the blockchain and the associated costs. The user will need an Emercoin wallet, to the address of which the generated certificate will be sent, after which it will completely go under the user's control.

    In case of loss of the physical medium of the certificate (for example, theft of a laptop or phone), the user will be able to regain control of the certificate by restoring his Emercoin wallet from the backup and updating the certificate entries in the blockchain, thereby canceling access for the old version and replacing it with a new one .

    For practical use, we recommend issuing certificates yourself . In this case, the user will have not only a certificate, but also a certificate template that will allow him to reissue with saving the certificate name. For the first acquaintance, it is quite possible to use our certificate generator , just keep in mind that if you lose access to your certificate, you won’t be able to restore it, because templates remain on the server side.

    Now " Avtoraiser " is almost ready. Active testing is underway, so if there is interest, you are welcome. We will help to connect and configure.

    HashFlare cloud mining supports Emercoin projects

    Also popular now: