In this day and age, all of us found that we had to remember countless passwords and usernames. Although there does exist solutions like password managers, you still need to remember a password, _ we thought there was something more. _ Furthermore, the weakest points of attack for servers is their large hashes of passwords. By eliminating the need for passwords and centralized storage of sensitive data, we strengthen the traditional login with our novel token-based system.
What it does
That's where our product idea comes in, what if instead of having to remember a password, the device that you have on you at all times is your password! In the system, we have designed gone are the days of forgetting passwords, instead, you simply scan a QR code using your phone and you are automatically authenticated. Although this is only a proof of concept, all it does is open up a simple password manager, it is very versatile and the possibilities brought on by this technology is hugely disrupting.
How we built it
Our idea had 4 different parts, first and foremost is the website/password Manager, there the user can log in. It was built on the python library Flask and designed with bootstrap. Then on the website, the user can log in using a python QR scanner, the logic behind this being that the phone has a private key that will be used to authenticate the public key and challenge given by the QR code. Meaning the website will only open up if the unique private key is used*. This makes the website really secure and also seamless to use, it was so fast we were worried the judges would think we were cheating. Then we have the production side where we deployed our app on the cloud. Then the shining jewel is our cryptography software that assures the security of our app.
More specifically, each user to be logged in will be presented with a 32 byte random blob dubbed the "challenge." The user whose private key successfully signs the challenge with their respective public key (linked to the username) will be authenticated.
Challenges I ran into
A big challenge for us was developing a mobile app. We spent a lot of wasted time dealing with app kits and libraries because none of us really knew how to make an app. This was not all in vain as we learned a lot about app development. One specific challenge was actually downloading all the dependency to have the program run on a native android. In the end, we believed this was too much of a time sink and decided to pursue our resources in more fruitful areas. Furthermore, the compatibility between each crypto library was simply abysmal. No one adhered to standards, paddings were incorrect and overall interop between python and JS was nearly impossible.
Accomplishments that I'm proud of
The QR code scanner was an interesting build. Furthermore, simply getting the PoC to work the night of the hackathon was no easy feat.
What I learned
Never use NodeJS and React Native and never give up. Never trust crypto libraries, be careful of npm's Crypto library!!
What's next for HackTheHammerProject
We would expand to other websites and refine the login system!