Login with a Public Ed25519 Key

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
  • ed25519-login

    Discontinued Login to websites using an Ed25519 key

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  • ssh-mars

    An experiment using SSH to sign in to websites

  • webauth-via-ssh

    Authentication for web services using ssh public keys.

  • OpenSK

    OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.

    I'm not sure what you're replying to--this scheme is much closer to self-signed X509 client certs, not FIDO. But regarding FIDO, it does not prevent user-controlled hardware; it's up to RPs to choose if they require specific device manufacturers or not.

    In my experience, the vast majority of (consumer) RPs do not require specific batch attestation, which is why you can make your own FIDO key: https://github.com/google/OpenSK.

    I am under the impression support for attestation was controversial in FIDO--it's clearly useful for enterprise scenarios (e.g. where an enterprise requires some silly certification like FIPS: https://support.yubico.com/hc/en-us/articles/360016614760-Ac...), but there's always the risk that consumer-facing RPs require it for no good reason.

    My employer requires FIPS certification due to FedRAMP; I'd be interested in how you would propose to change FIDO such that--as now--I can use a single key for work and for all my consumer needs while eliminating attestation.

  • awesome-webauthn

    🔐 A curated list of awesome WebAuthn and Passkey resources

    > That’s my point. If it’s not worth your time then let others who are interested discuss rather than just pissing all over the author’s project.

    I feel like there's a glass houses/stones thing going on here.

    Please, quote me anything I said that was "pissing all over" it. I'm getting a strange hurt feeling vibe from you given that my only comments were entirely material.

    > And what’s left is essentially wireguard for logins.

    I don't get the comparison.

    > People love wireguard for its simplicity because it doesn’t use certs and PAKEs and whatnot.

    I don't know of a VPN that uses PAKE, so I don't get this comparison, but whatever.

    > WebAuthn’s crowd and browser implementers on the other hand seem fixated on making sure users never have the option to deploy the protocol in such a way. That’s the problem.

    https://github.com/herrjemand/awesome-webauthn#software-auth...?

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts