Recent content by shanedk

I think the only specification is the font and blue color for the SQRL link itself. A lot of what you're talking about should probably be left to the designer to work into their own pages. But a list of Best Practices might be good.

If you're asking how to authenticate to an Android app with SQRL, it would be just as if the app were a browser with a web page (which, let's be honest, most of them really are). Just as logging into an app logs you into a backend server, the app would provide a SQRL link to that server, and the...

Here's a paper I found and posted to the newsgroup years ago, about how Litecoin chose the wrong parameters for scrypt, but SQRL uses a better approach: https://www.mobsec.ruhr-uni-bochum.de/media/mobsec/arbeiten/2014/12/12/2014-ma-kranz-gpu-scrypt.pdf (Although for the life of me I still...

I'm not sure what you're asking. The sqrlonly flag can be completely ignored by a particular site and there's nothing the client or anyone else can do to enforce it. Just have that one site where it's not used, and use it everywhere else.

Right-click the sqrl.exe file and select Run As Administrator. You should only need to do that once.

But as I pointed out, deliberately giving out invalid nuts is A Very Bad Idea. The reason why you'd have multiple QR codes for each product is so you'd get the extra variable names in there, but they wouldn't have to be placed on the product. You could select the product as normal (press "B" "2"...

The vending machine in this scenario displays the QR code. So how are they going to replace it without compromising the vending machine? It would need to be displayed on an LCD screen. Otherwise, how are you going to get a valid nut?

If the hacker has compromised the vending machine, you're screwed no matter what.

SQRL's ASK facility is perfect for this. "Are you sure you want to buy a Diet Pepsi for $1.50?" Theoretically, it should know it from the nut, but yes, the ability to put extra stuff in the URL could be beneficial. You're not connecting to the vending machine, you're connecting to a website...

What PaulF said about the link still applies: SQRL clients must sign and return the entire unmodified link. It's also in the spec that any name=value pairs the client or server doesn't recognize are ignored; this allows for the creation of "extensions" which are beyond the standard spec. I would...

Would it solve the problem to get the SQRL app in the Amazon store?

I'm not sure why you'd need OAuth, unless you're not wanting to build a full SQRL implementation yourself. The SQRL identity is whichever one is in the link/QR code. If you wanted, you could have separate users made for forums.group.org and database.group.org just by including the subdomains in...

I had to completely remove Python and reinstall, but that did the trick! It's working now!

Yeah, even the last one's giving me the error. I'm going to have to do like you said: wipe everything Python-related and reload.

The textual version is never encrypted with the password, just the rescue code. What you're seeing is from the fact that, since we never want to encrypt the same data the same way, every time the identity is changed or imported it's re-encrypted with a different Initialization Vector. As for...