• Welcome to the edge of the civilized internet! We are a site and community dedicated to freedom of speech. All our official content can be found here. If you have any questions, try our FAQ here or see our video on why this site exists at all!

A Theory for User Verification

Arnox

Veteran
Staff member
Founder
Messages
4,537
I was thinking a couple days ago with that thread about where our USD should be spent, and during that, I had an idle thought. If Sanctuary was taken down for whatever reason, and later I wanted to start the site back up, how could I do so and verify without using any other website that, yes, it is actually indeed me starting the site back up again and not some other rando? It took my monkey brain a little bit to think of something, and while I did think of a solid strategy, I'm sure it's perhaps redundant with some other method of verification that already exists out there, so I need someone to tell me if I'm being stupid or not.

Basically, how it would work is, I would make a very simple text file with some word in it. Doesn't matter what the word is. (On second thought, the text file may not even be needed at all, but whatever. I'll just leave it in for now.) After that, I would make a VeraCrypt container and put that text file in there. And the password for that container would be something I would memorize and only I would know. I then upload that container as an attachment and make it available for anyone and everyone on Sanctuary to download. Then, once I decide to start the site back up, to verify that it is truly me, I can provide the password to that container. And this is fully repeatable too. I can just make a new container with a new password I memorize and then attach that container in the very same post that I give the password in.

Of course, any other user can also use this method so identities are preserved no matter how badly Sanctuary is hit or if user accounts or even emails are hacked or shut down.
 

Arnox

Veteran
Staff member
Founder
Messages
4,537
Yes. The thing that I just said.
I should rephrase. As wikipedia calls it, public-key cryptography is a security primitive. It isn't an actual application or anything, but rather, a method employed by an application or etc. So, with that out of the way, is there an even easier way via application that this could be done besides just making a container with VeraCrypt? The method I have in mind here allows for anyone to authenticate a password or "signature" completely on the fly using mere megabytes of server storage to host the encrypted containers, or "public keys" for anyone to download.
 

Houseman

Arch Disciple
Sanctuary legend
Messages
865
I should rephrase. As wikipedia calls it, public-key cryptography is a security primitive. It isn't an actual application or anything, but rather, a method employed by an application or etc. So, with that out of the way, is there an even easier way via application that this could be done besides just making a container with VeraCrypt? The method I have in mind here allows for anyone to authenticate a password or "signature" completely on the fly using mere megabytes of server storage to host the encrypted containers, or "public keys" that anyone can (and should) download.
We are essentially talking about the same thing, except you're introducing applications like VeraCrypt into the mix, when just distributing a couple text files will suffice.

Just distribute your public key, and then later, distribute something that we can check against your public key. No applications needed.
 

Arnox

Veteran
Staff member
Founder
Messages
4,537
We are essentially talking about the same thing, except you're introducing applications like VeraCrypt into the mix, when just distributing a couple text files will suffice.

Just distribute your public key, and then later, distribute something that we can check against your public key. No applications needed.
Fair enough. I'll have to do a bit more research.
 

Signa

Libertarian Contrarian
Sanctuary legend
Messages
706
I mean, it's a good idea to be thinking about cyber security and backup plans in general, but just message me on Discord, bro!
 

Arnox

Veteran
Staff member
Founder
Messages
4,537
I mean, it's a good idea to be thinking about cyber security and backup plans in general, but just message me on Discord, bro!
Sure, but what happens if Discord bans your account or it gets hacked? Or your email and Discord are both compromised? Or what if you want to verify your identity with someone but they don't want to start up a Discord account or they lost theirs? Or maybe you simply just don't want to use Discord anymore, or at very least, maybe you think it's a bit too much of a hassle to use it just to verify your identity.

Of course, with all that said, you don't need to employ a user signature at all and can just continue using Sanctuary as normal, and that's totally fine, but even so, I will definitely need to employ this method for myself.
 

Signa

Libertarian Contrarian
Sanctuary legend
Messages
706
Sure, but what happens if Discord bans your account or it gets hacked? Or your email and Discord are both compromised? Or what if you want to verify your identity with someone but they don't want to start up a Discord account or they lost theirs? Or maybe you simply just don't want to use Discord anymore, or at very least, maybe you think it's a bit too much of a hassle to use it just to verify your identity.

Of course, with all that said, you don't need to employ a user signature at all and can just continue using Sanctuary as normal, and that's totally fine, but even so, I will definitely need to employ this method for myself.
Fair enough. There are additional points of failure to consider. However, unless me or you get banned Alex Jones style off the internet, those points of failure would have to be pretty simultaneous, or a very, very long road of progression, like me migrating away from Discord like when I left Skype all those years ago, and then us losing contact from the migration.
 
Top