Skip to content

With Client Phoenix Authentication, user's secrets never leave their device. And on the backend, we're using the blockchain to eliminate reliance on trusted third parties while ensuring that users will still be able to verify sign-in and other requests with the click of a button.

Notifications You must be signed in to change notification settings

PhoenixDAO/phoenix-authentication

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Client Phoenix Authentication

Introduction

The client-facing implementation of Phoenix Authentication is a natural successor to legacy two-factor authentication solutions. Applications like Google Authenticator and Authy rely on access to shared secrets, secrets that are vulnerable to hacks and data breaches. With Client Phoenix Authentication, user's secrets never leave their device. And on the backend, we're using the blockchain to eliminate reliance on trusted third parties while ensuring that users will still be able to verify sign-in and other requests with the click of a button.

Technical Note

Unfortunately, message signing in Ethereum is implemented inconsistently across software packages. Our view is that only message hashes should be signed, not raw messages, and that the Ethereum signed message prefix can optionally be appended to the message hash before it's hashed again. Please see the table below for a summary:

Acceptable Message Encoding
"123456" keccak256("123456")
"123456" keccak256("\x19Ethereum Signed Message:\n32", keccak256("123456"))
"123456" keccak256("\x19Ethereum Signed Message:\n6123456")

Notes: Arguments to keccak256 are tightly packed. The output of the above encodings are:

Output
0xc888c9ce9e098d5864d3ded6ebcc140a12142263bace3a23a36f9905f12bd64a
0x5f7d8a4ff77887137c0e2f0b7f157f4b41bbc2950dbe9453b1342f6d28b820cd
0x2912723b3ed60c075b271f075d881d82fa5de112b6c25f7dfa4cab85de25045a

Testing With Truffle

  • This folder has a suite of tests created through Truffle
  • To run these tests:
    • Download the code
    • Navigate to the phoenixAuthentication-client folder in your terminal
    • Make sure you have Truffle and Ganache installed: npm install -g [email protected] ganache-cli
    • Install web3 and ethereumjs-util: npm install [email protected] ethereumjs-util
    • Spin up a development blockchain: ganache-cli --seed --port 8555
    • Run the test suite: truffle test --network ganache

Copyright & License

Copyright 2020 The Phoenix Technology Corporation under the GNU General Public License v3.0.

About

With Client Phoenix Authentication, user's secrets never leave their device. And on the backend, we're using the blockchain to eliminate reliance on trusted third parties while ensuring that users will still be able to verify sign-in and other requests with the click of a button.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published