Search results

I donno, is this the same thing? https://sqrl.grc.com/threads/asp-net-core-middleware.900/page-3#post-8339

Here is the link to the content on the TWiT site: https://twit.tv/shows/twit-events/episodes/1?autostart=false

On Nov 30th @Steve is headed up to Petaluma to record the long promised info session with Leo Laporte and others. It is scheduled on the TWiT schedule here: https://twit.tv/schedule (note, on the bottom, that the schedule seems to default to PST: "Events shown in time zone: Pacific Time - Los...

Well, I have no intention to speak for @Steve on the topic, but I have my own opinions. If you don't have to enter ANY password at some point, then that means your identity resides in RAM unprotected. (You can argue it could be encrypted, but the key would have to itself reside in RAM, so this...

The GRC client requires you to always assert you are you before allowing you to use the identity. You could set the QuickPass to a single character if that works for you. And there are options to control when to drop the QuickPass:

This is SI. The correct spelling is milliseconds (no capitals) and the correct abbreviation is ms. https://en.wikipedia.org/wiki/International_System_of_Units

@TechLiam I will let @Steve feed back to you when he can, but please know it will likely be many weeks... he's traveling right now and hasn't really been active on this site in over a month. If you would like to get more concrete feedback, you should consider using his newsgroup for SQRL...

The SQRL protocol is stateful... HTTPS is not. Most frameworks probably have their own concept of session to provide statefulness, but as I said previously, I don't know anything about your framework choice or implementation. You will NEED a way to inject the current NUT into the stateful...

A SQRL server needs to implement a series of transactions. To tie these together, you will need some user session state. The state will hold things like the NUT (ONLY the current one, which needs to be verified with EVERY transaction) and the IP address, timers and/or expiry dates and the IDK...

The first thing we need to set clear here is a framework issue. I have no experience with any .NET framework, so I must ask you some boring/obvious questions. Are you wanting a site that only allows a single user to authenticate (some sort of personal project) or do you expect to allow any...

I looked at your code a bit, and it's a bit of mental gymnastics for me because I am not that familiar with C# despite its similarity to Java (with which I have many years experience.) I saw you using something you called FirstNut... I don't understand this. You should NEVER need to keep any...

Hey Liam, it's great to see you here. I don't know if English is your first language or not and I don't want to be rude, but I would suggest you should spell check your content on your page. If you want your product to be taken seriously, then you need to be worried about how it is perceived...

If you somehow get an attacker (or their malware) on your PC and your identity is exfiltrated while it has no protective [password based] encryption, then it is game over for that identity... so make sure you're careful how you use such power...

It should have said "Download and install VLC at videolan.org to play this video".

Well that's not always true. I think it's up to the app... extensions are a silly kind of magic. I think there are three different approaches developers use: 1. (What Steve seems to have done) Let the file dialog supply a name and assume the user is in control 2. Look for an existing...

Treat your identity, and all parts of it, like you would treat a password. Don't share it.

I believe it does if your Android OS is Android P (or later.) (I have not personally tried.) I believe you need to supply your password for the first time, then as long as your QuickPass is enabled it will use the biometric instead if possible. (You will need to configure your QuickPass...

I think you misunderstood what was on offer. It eliminates giving a password to a site to protect, not eliminating the use of good security practices. SQRL provides you with a "digital identity" and the current client requires proof that the human using the digital identity is the "correct"...

The GRC SQRL client is not likely to be open source. And even if it were, it is written in Windows specific assembly with Windows specific APIs in mind. It is not portable code. Maybe one day someone will write and release a client in an open source framework with a portable language. The...

Well I think the selling feature depends on who you are. If you've ever had a password "stolen" or "leaked" then you will probably really care about the fact that SQRL absolutely solves that problem forever. (Well, as always, it solves it for those sites who adopt SQRL.) If you already use a...