THIS IS A READ-ONLY ARCHIVE OF THE SQRL PROJECT FORUM
Windows “Hello” | SQRL Forums

Windows “Hello”


Jeffa

Well-known member
May 20, 2018
59
29
Hi,

@Steve, would you consider adding windows “Hello” support to you client to allow biometric/TPM auth?

I would hope this would be a small investment of time between SR 6.1 and 7,

Jeff
 
While he might be interested, I suspect he is not. He has made a number of posts or podcast comments that seem to imply he regrets spending all that time on SQRL (relative to adoption.) If I read that right, then I don't think he's going to invest more "good" time after "bad".
 
  • Sad
Reactions: Dave
If I read that right, then I don't think he's going to invest more "good" time after "bad".
Yeah, I have read and heard the same things, and come the same conclusions. It is certainly not good If even @Steve is not talking about it optimistically in the podcast.

Even so I see no harm in asking the question.

As for adoption, I think the biggest mistake was in the expectation that native support for SQRL would be built into applications and frameworks while it was in its infancy.

As you will have seen in my other recent thread I think that enabling SQRL as a backend for SAML and OAUTH is a way to enable support for 1000s of apps and services today without changing a line of their code.

Carefully done this should be possible without losing the majority of the benefits of SQRL.
 
  • Like
Reactions: MarkH
As you will have seen in my other recent thread I think that enabling SQRL as a backend for SAML and OAUTH is a way to enable support for 1000s of apps and services today without changing a line of their code.

Carefully done this should be possible without losing the majority of the benefits of SQRL.
@Jeffa & everyone...

What Jeff wrote above is true, but (as we know) that wasn't my vision for SQRL and I don't know how to compromise when I see and believe in the right way to do something. The crux of SQRL was the fact that 25519 private keys can be directly created from any large integer by tweaking three of its 256 bits, thus making private keys deterministic. Everything about SQRL flowed from that original observation. I've spent some time studying the FIDO2 / WebAuthn technology and I've invented another system and solution which would bring all—and I mean all—of SQRL's benefits to the current Passkeys system. But as Paul noted up-thread, for the time being at least, I just don't have any more wind in my sails about this. And since SQRL2 would be fully backward and forward compatible with the currently evolving Passkeys system, while being FAR more practical, no there's no big hurry. It can be adopted at any time.

The supreme annoyance is the fact that even with strong identity authentication, there's no indication that "I don't have my Passkey with me, send an eMail" fallback will EVER go away. Given that, users will still have their identities compromised. But... maybe over time if and as Passkeys become prevalent.

I haven't mentioned any of this before since I don't plan to do anything about it now or soon, and I haven't been able to think about anything other than fulfilling my obligation to SpinRite's current owners. But at some point I expect it will be worth revamping SQRL to make it fully FIDO2/WebAuthn/Passkeys compatible.
 
  • Like
Reactions: 0.NRG and Dave
@Jeffa & everyone...

What Jeff wrote above is true, but (as we know) that wasn't my vision for SQRL and I don't know how to compromise when I see and believe in the right way to do something. The crux of SQRL was the fact that 25519 private keys can be directly created from any large integer by tweaking three of its 256 bits, thus making private keys deterministic. Everything about SQRL flowed from that original observation. I've spent some time studying the FIDO2 / WebAuthn technology and I've invented another system and solution which would bring all—and I mean all—of SQRL's benefits to the current Passkeys system. But as Paul noted up-thread, for the time being at least, I just don't have any more wind in my sails about this. And since SQRL2 would be fully backward and forward compatible with the currently evolving Passkeys system, while being FAR more practical, no there's no big hurry. It can be adopted at any time.

The supreme annoyance is the fact that even with strong identity authentication, there's no indication that "I don't have my Passkey with me, send an eMail" fallback will EVER go away. Given that, users will still have their identities compromised. But... maybe over time if and as Passkeys become prevalent.

I haven't mentioned any of this before since I don't plan to do anything about it now or soon, and I haven't been able to think about anything other than fulfilling my obligation to SpinRite's current owners. But at some point I expect it will be worth revamping SQRL to make it fully FIDO2/WebAuthn/Passkeys compatible.
When you have the wind and the bandwidth, I hope you can at least write it up for future generations.
 
  • Like
Reactions: 0.NRG
When you have the wind and the bandwidth, I hope you can at least write it up for future generations.
There's no way I'll allow it to drop. Since a SQRL2 client would be FIDO2/WebAuthn/Passkeys client like another other, it will be able to some along at any time to replace the fragmented mess that appears to be developing.
 
  • Love
  • Like
Reactions: MarkH and bertwin2
It is so sad how there has been no uptake on your SQRL - using it on your sites makes me see how awesome the potential it has. I suspect that not enough $$$ is produced with this option and companies prefer to charge more for another service than do what you have provided here.