Login with a Public Ed25519 Key

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Fido2 Webauthn awesome-list U2f Awesome

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • ed25519-login

    Discontinued Login to websites using an Ed25519 key

  • ssh-mars

    An experiment using SSH to sign in to websites

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • webauth-via-ssh

    Authentication for web services using ssh public keys.

  • OpenSK

    OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.

    • I'm not sure what you're replying to--this scheme is much closer to self-signed X509 client certs, not FIDO. But regarding FIDO, it does not prevent user-controlled hardware; it's up to RPs to choose if they require specific device manufacturers or not.

    In my experience, the vast majority of (consumer) RPs do not require specific batch attestation, which is why you can make your own FIDO key: https://github.com/google/OpenSK.

    I am under the impression support for attestation was controversial in FIDO--it's clearly useful for enterprise scenarios (e.g. where an enterprise requires some silly certification like FIPS: https://support.yubico.com/hc/en-us/articles/360016614760-Ac...), but there's always the risk that consumer-facing RPs require it for no good reason.

    My employer requires FIPS certification due to FedRAMP; I'd be interested in how you would propose to change FIDO such that--as now--I can use a single key for work and for all my consumer needs while eliminating attestation.

  • awesome-webauthn

    🔐 A curated list of awesome WebAuthn and Passkey resources

    • > That’s my point. If it’s not worth your time then let others who are interested discuss rather than just pissing all over the author’s project.

    I feel like there's a glass houses/stones thing going on here.

    Please, quote me anything I said that was "pissing all over" it. I'm getting a strange hurt feeling vibe from you given that my only comments were entirely material.

    > And what’s left is essentially wireguard for logins.

    I don't get the comparison.

    > People love wireguard for its simplicity because it doesn’t use certs and PAKEs and whatnot.

    I don't know of a VPN that uses PAKE, so I don't get this comparison, but whatever.

    > WebAuthn’s crowd and browser implementers on the other hand seem fixated on making sure users never have the option to deploy the protocol in such a way. That’s the problem.

    https://github.com/herrjemand/awesome-webauthn#software-auth...?

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts