Recent content by shanedk

  1. shanedk

    Common or Best Practice for login form?

    I think the only specification is the font and blue color for the SQRL link itself. A lot of what you're talking about should probably be left to the designer to work into their own pages. But a list of Best Practices might be good.
  2. shanedk

    Android to Android App Login

    If you're asking how to authenticate to an Android app with SQRL, it would be just as if the app were a browser with a web page (which, let's be honest, most of them really are). Just as logging into an app logs you into a backend server, the app would provide a SQRL link to that server, and the...
  3. shanedk

    scrypt ASICs

    Here's a paper I found and posted to the newsgroup years ago, about how Litecoin chose the wrong parameters for scrypt, but SQRL uses a better approach: (Although for the life of me I still...
  4. shanedk

    The downside of stateless

    I'm not sure what you're asking. The sqrlonly flag can be completely ignored by a particular site and there's nothing the client or anyone else can do to enforce it. Just have that one site where it's not used, and use it everywhere else.
  5. shanedk

    Getting Windows to Handle SQRL URIs?

    Right-click the sqrl.exe file and select Run As Administrator. You should only need to do that once.
  6. shanedk

    Extra parameters in sqrl:// link

    But as I pointed out, deliberately giving out invalid nuts is A Very Bad Idea. The reason why you'd have multiple QR codes for each product is so you'd get the extra variable names in there, but they wouldn't have to be placed on the product. You could select the product as normal (press "B" "2"...
  7. shanedk

    Extra parameters in sqrl:// link

    The vending machine in this scenario displays the QR code. So how are they going to replace it without compromising the vending machine? It would need to be displayed on an LCD screen. Otherwise, how are you going to get a valid nut?
  8. shanedk

    Extra parameters in sqrl:// link

    If the hacker has compromised the vending machine, you're screwed no matter what.
  9. shanedk

    Extra parameters in sqrl:// link

    SQRL's ASK facility is perfect for this. "Are you sure you want to buy a Diet Pepsi for $1.50?" Theoretically, it should know it from the nut, but yes, the ability to put extra stuff in the URL could be beneficial. You're not connecting to the vending machine, you're connecting to a website...
  10. shanedk

    Extra parameters in sqrl:// link

    What PaulF said about the link still applies: SQRL clients must sign and return the entire unmodified link. It's also in the spec that any name=value pairs the client or server doesn't recognize are ignored; this allows for the creation of "extensions" which are beyond the standard spec. I would...
  11. shanedk

    Incompatible tablets?

    Would it solve the problem to get the SQRL app in the Amazon store?
  12. shanedk

    SQRL and subdomains

    I'm not sure why you'd need OAuth, unless you're not wanting to build a full SQRL implementation yourself. The SQRL identity is whichever one is in the link/QR code. If you wanted, you could have separate users made for and just by including the subdomains in...
  13. shanedk

    ILK derivation in Python using PyNaCL

    I had to completely remove Python and reinstall, but that did the trick! It's working now!
  14. shanedk

    ILK derivation in Python using PyNaCL

    Yeah, even the last one's giving me the error. I'm going to have to do like you said: wipe everything Python-related and reload.
  15. shanedk

    Textual version differences, same ID.

    The textual version is never encrypted with the password, just the rescue code. What you're seeing is from the fact that, since we never want to encrypt the same data the same way, every time the identity is changed or imported it's re-encrypted with a different Initialization Vector. As for...