In what is a possible contender for the least exciting feature announcement of 2020 award, Bitpost now allows the password forgetters out there to reset their password. Whoop whoop!
Whilst a sexy and news-worthy product development this may not be, a good opportunity to talk a little about how Bitpost tackles user authentication it most certainly is. So let’s get nerdy and dive in.
Bitpost stands out among BSV apps in that it turns to good old-fashioned username and passwords to authenticate users, instead of relying on third-party Bitcoin web wallets. There are both technical and usability reasons for this choice.
- Bitpost uses an approach similar to the Metanet protocol for creating a graph of data transactions. Metanet applications require some level of control over key usage and UTXO management, and no web wallets currently expose that kind of control.
- Requiring users to sign up for specific third-party services before they can use your app is, in our opinion, a user experience own goal — especially if you’re trying to onboard users from outside the BSV bubble.
In addition to user authentication, the password plays a secondary role in Bitpost — it is used to derive a symmetric encryption secret.
This is important because when a user creates a new account, their browser also randomly generates a deterministic chain of keys which are used to sign each of their posts. These keys are sensitive information so can’t be shared with Bitpost. In order for the user to log in using different devices, the seed to their keychain is encrypted with their encryption secret, and the encrypted seed is shared with Bitpost.
Hashed within an inch of its life
When you enter your password on Bitpost, unbeknownst to you your browser hashes the password using the
SHA-512 algorithm. It then hashes the result again. And again. And again after that. In fact, your browser carries on hashing it well over 100,000 times!
This is a process known as a Password-Based Derivation Function (
PBKDF2). Modern web browsers can perform all that hashing relatively quickly — quick enough that you won’t notice it. But crucially, the few hundred milliseconds it takes are burdensome enough to anyone trying to brute force a password.
The result is 64 bytes of pseudorandom data derived from your password. At this point the data is split in half and each part is hashed once more using the
SHA-256 algorithm. Now we have two 32 byte data parts.
The first part is your authentication hash. It is this hash (not the password itself) which is used to authenticate with Bitpost. Incidentally, this data is hashed again server side (using
ARGON2 this time) which offers further protection should the Bitpost database ever be compromised.
The second part of the data is your symmetric encryption secret. This is used to encrypt your keychain seed and any other data that needs to be securely shared with Bitpost. The encryption secret never leaves your browser.
Changing a password
This is all very clever, but you may have noticed a problem. If the user ever changes their password, they would also be changing their encryption secret, preventing them from decrypting their keychain again.
When the user is already logged in this isn’t a big deal as the user has already decrypted the keychain seed so can re-encrypt it using the new secret. So, we can ensure password changes happen only when given with a new encrypted seed.
But when the user is not logged in and has forgotten their password we have no way to decrypt the seed. It is in anticipation of this exact scenario that Bitpost asks all new users to write down a recovery phrase when they create their account — a 24 word mnemonic that can be used to recover the keychain seed and from which we can verify we have the correct keychain.
Conclusion: keep that recovery phrase safe!
Bitpost’s authentication approach can be seen as a hybrid model. Your account is associated with your own set of keys, a lot like any Bitcoin wallet. But instead of coins and money, your keys are associated with your data and your content. The consequences of losing those keys, however, are the same.
If you forget your password you can recover access with the backup phrase. If you forget both your password and backup phrase then unfortunately you will be locked out of your account.