Newbie


Bellezza

New member
Oct 31, 2020
1
0
Hi There:

Thanks for this awesome tool; however, after going down the rabbit-hole for several hours with it . . . I realized that I completely misunderstood what this is . . . so I am using you all as a touchstone to confirm or deny what I think I have sorted out . . . and if you get a chuckle out of this I am happy to be your entertainment . . . aaahhh ahahahah

So from what I can gather - unless a company website has passwordless authenticator/ion built into their IAM platform - there is no way to use sqrl - right? So in layman's terms - the company website has to "support" sqrl. Yikes it took me forever to suss this out. Obviously . . . I am not a developer . . .

I mistakenly thought this was a tool that I could implement on my end to implement greater security and eliminate the multiple login's (not as a "password manager/vault type thing mind you) and use this as my go to one-stop login/authenticator once I associate all the company/website logins access info (100s for several different clients) with sqrl a - presto mundo lockdown -- I couldn't navigate my way to being able to do that . . .ergo down-the-rabbit-hole exploration

Is it possible to use it this way by any chance? Use this as a key, if you will - follow?

Thank you for your kind reply.

PS - I really do appreciate all the blood, sweat and tears that go into developing something like this - I thank you - this truly is AMAZING and wish you all the best in all of your endeavors . . . it's a shame this is not a universal protocol . . . no brainer . . .
 
Last edited:

Vela Nanashi

Well-known member
May 19, 2018
717
123
SQRL itself could not be used that way, as in all the security benefits require the whole protocol be implemented on both the client and server side.

However some of the crypto/math could for instance be (re)used to generate site specific keys/passwords from the master key, but that is nowhere near as secure as SQRL is, since the server could still spill all the secrets if it is storing those keys and passwords wrong, something that does not matter for SQRL's security, but does matter for passwords. So it would probably be a very bad idea to have SQRL clients do that, since then nobody would bother implementing proper SQRL on their servers, or have to even care about what SQRL is, since it would basically just be a password generator for sites.