Coming soon / Cesium > new security wizard

Next release of Cesium will integrate a security wizard, developed by @Ccotonnec.

##Main features

  • Revoke your identity (with confirmations popup) when login;
  • Generate a revocation file. This is a file to store on your compute and/or USB storage key/hard disk, to use if your account is lost (loss of your identifiers, account hacked…);
  • Revoke your identity, using the previous generated file;
  • Generate a “retrieve credentials” file (a document named SaveID) : this file encrypt your credentials, using a list of quetions/answers that you choose (from 4 to N questions). This file could be use to retrieve your credentials (secret phrase and password);
  • Retrieve your credentials, using the previous generated file;

You will be able to access this wizard :

  • if login : from “My account” screen, then menu “Options > Security…”
  • if not login : from the home page “I lost my credentials”

Technical details

@Ccotonnec could you add details here, on the SaveID document format ?
Thanks ! :slight_smile:

2 Likes

Thanks a lot for this feature !

One small question, did you try if the revocation file was compatible with what sakia generates ? Just to ensure that what we are doing is remains coherent :slight_smile:

Good job !

2 Likes

Good job @ccotonnec

Good idea

Nope ! but we store the full revocation document, nothing more.

So one person who have this file can easily retrieve secretphrase/password only by knowing answer of these easy to decrypt questions/answers !?

I suggest to alert the user to separate and save secretphrase and password in 2 or more different physical places, that could be 2+ CD Roms, 2+ USB keys, or even 2+ physical papers.

2 Likes

Personnaly i preffer the Shamir’s Secret Sharing Scheme for this.
and giving a bit of secret with people of trust, but who does not know each other (Or little)

And it allows to recover the money in case of death

you can find a demo Here (do not use for real secret)

1 Like

Here is the technical details

|Field           |   Description                                             |
| -------------- | --------------------------------------------------------- |
|Version         |Current structure version                                  |
|Type            |Type of the document                                       |
|Questions       |Questions selected by the user                             |
|Issuer          |The public key of the issuer                               | 
|Crypted-Nonce   |A crypted arbitrary nonce value                            |
|Crypted-pubkey  |The public key derived from the encryption of credentials  |
|Cypted-salt     |Crypted salt                                               | 
|Crypted-pwd     |Crypted password                                           |
|Signature       |Signature                                                  |

##Example
Version: 10
Type: SaveID
Questions:
Comment s’appelait votre meilleur ami lorsque vous étiez adolescent ?
Comment s’appelait votre premier animal de compagnie ?
Issuer: G2CBgZBPLe6FSFUgpx2Jf1Aqsgta6iib3vmDRA1yLiqU
Crypted-Nonce: CHMJeXjoAfXKR6fzn9jxcbuRh4oVCDwFm
Crypted-Pubkey: Bo4V7mhfeLFhkPpV9jwsTwfnLnzr4gUDr322H12sXxYo
Crypted-Salt: q6k9/vKIWYA/6x4Fjp8Gp2lRuw==
Crypted-Pwd: 7m2u2kVXaWv8MSFG6TxDLWvg==
aKM4ZLMnRHjoqFu9bA+UytpSuwm1U+f6p4ZWv9ob2XGoojmJuiVh0/gE7q7J41BbDOYO87iqxAHcXtMImeCMBg==

1 Like