Is allowing G1 credentials in market places websites a good habit?

I am wondering why Ğchange is using the Ğ1 pubkey system and not the usual credentials system of a website? This is jeopardizing the Ğ1 system: the WoT and the money on the wallets.

Why does Ğchange needs it? For exchanging messages? What else?

Same for Ğannonce, but we can understand that it is necessary for following features, even that it could be done without it.
It prevents spamming accounts by having at least 1Ğ1 on the pubkey of the advertiser, and allows crowdfunding, which is based on the pubkey’s recipient.

This message is joining the same effort of not giving bad habits by letting the user entering its Ğ1 credentials on a software we can’t be sure we are using the distributed sources by the project.

3 J'aimes

I was having the same interrogation lately. Isn’t it a heritage from the time the maketplace was part of Cesium ?

Yeah, and if you don’t register with your Ğ1 credentials, you now are shown a second pubkey, which I think is quite confusing to the new user.

Besides, some new users do think they have to log in or register on Ğchange with their Ğ1 credentials.

2 J'aimes

Exactly, it was quite a while ago now. I would say two years.

Good points!

Because Gchange has an history…
Ads was integrated in Cesium (as a plugin), in very first releases.

Gchange reuse ElasticSearch Cesium+ plugins, to verifiy JSON documents signed by the ED25519 crypto algorithm.

So why reusing this Cesium code ?
Because « pas assez de Manpower » pour faire autrement, comme tu le dis sur d’autres sujets. :slight_smile:

En été 2017, il fallait commencer les échanges, et une place de marché était a bâtir. Ne voulant plus attendre, et Cgeek a lancé gannonce comme un PoC, et de mon côté j’ai sorti un peu plus tard gchange. 15 jours de dev pour sortir les annonces du code de Cesium, dans une plateforme autonome.

A l’avenir, il est clair qu’il faut améliorer la différence des comptes (uid/MDP). Il y a plein de manières d’y arriver. On peut simplement changer les paramètres de Scrypt, ou encore vérifier qu’aucun compte G1 n’existe avant d’accepter la création du compte, etc.

Bref, la question importante est elle « why ? », ou bien plutôt « comment faire mieux » ? (Dans la langue de nos ancêtres)

1 J'aime

And this credentials are also the same as scuttlebutt :wink:
I don’t know how much crypto stuff have choosen the same « scrypt »… It could lead to singularity loops…

But this elliptical loops are strong enough to resist to computer attack…
The combinations universe of the key is large enough to count 1/4 of the atoms of the visible Universe!
The problem is « toto » / « toto » effect if you let Human choose its own credentials in this « crystal space ».

I think mnemonics is a good solution, in between computer and human memory strength…
Since I am getting into crypto and chains, I realize that this relationship is often forgotten by the developpers… It is crucial to organise a good and easy « Key management ».