secure-login-one
Version:
A secure login where the user's private key is never hosted on servers or the user's online devices ( this project can also be used as a form of two-factor authentication ( 2FA ) where the user's private key is never hosted on servers )
61 lines • 3.94 kB
HTML
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="author" content="Harmotus">
<meta name="robots" content="noindex, nofollow">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="icon" href="../images/favicon.svg">
<title>Docs</title>
<style>
*{border:0;margin:0;padding:0;outline:0;font-size:16px;line-height:1.2;list-style:none;list-style-type:none;text-decoration:none;box-sizing:border-box;font-family:Arial,Helvetica,sans-serif}
body{margin:3em 6em;background-color:#fff;font-family:Arial,Helvetica,sans-serif}
h1{font-size:1.8rem;margin:1.2em 0}
h2{font-size:1.5rem;margin:1.5em 0}
h1,h2{color:#0f0f0f;font-weight:700}
p{margin:1.8em 0}
li{list-style-type:disc;margin:1.8em 0 1.8em 2.75em}
p,li{max-width:946px;text-align:justify}
blockquote{max-width:946px;padding:0 1.35em;border-left:.6em solid #42ab54}
img{width:100%;height:auto;margin:auto;border:none;outline:none;display:block;max-width:946px;box-sizing:border-box}
div{margin:0;width:100%;height:auto;line-height:0;display:block;max-width:946px}
@media (max-width: 1200px) {
body{margin:3em .9em 3em .6em}
}
</style>
</head>
<body>
<h1>Secure Login One</h1>
<p>A secure login where the user's private key is never hosted on servers or the user's online devices ( this project can also be used as a form of two-factor authentication ( 2FA ) where the user's private key is never hosted on servers )</p>
<h2>Requirements</h2>
<div><img src="table.png" alt="table"></div>
<h2>Description</h2>
<p><b>1 ) </b> Using an online device ( D1 ) the user goes to the server's login page ( S1 )</p>
<div><img src="login1.png" alt="login1"></div>
<p><b>2 ) </b> The user simply enters his username in the form, and this data is submitted to the server ( login.php )</p>
<div><img src="login2.png" alt="login2"></div>
<p><b>3 ) </b> If the user's username exists in the server's database ( code.php ) then the server creates a 12-digit random code, this random code is encrypted with the user's public key, and a QR code containing the encrypted random code is sent to the user ( code.php )</p>
<div><img src="code1.png" alt="code1"></div>
<p><b>4 ) </b> Using an offline device ( D2 ) the user scans the QR code, the QR code data is decrypted with the user's private key, and this decrypted data is submitted to the server ( code.php )</p>
<div><img src="code2.png" alt="code2"></div>
<p><b>5 ) </b> If the 12-digit code submitted by the user is correct ( test.php ) then the user will be able to access the user's home page ( home.php )</p>
<div><img src="home.png" alt="home"></div>
<p><b>6 ) </b> And the user will also be able to access the user's profile page ( profile.php )</p>
<div><img src="profile.png" alt="profile"></div>
<h2>Types of Philosophy</h2>
<blockquote>Philosophy : <b>Never-Never</b></blockquote>
<ul>
<li>Private Keys : ( <b>Never</b> on servers ) and ( <b>Never</b> on online devices )</li>
<li>Therefore, public keys only on ( online or offline ) servers and private keys only on offline devices.</li>
<li>This philosophy only applies when using asymmetric encryption algorithms ( RSA, ECDSA, EdDSA, etc. )</li>
</ul>
<blockquote>Philosophy : <b>Only-Only</b></blockquote>
<ul>
<li>Private Keys : ( <b>Only</b> on offline servers ) and ( <b>Only</b> on offline devices )</li>
<li>Therefore, private keys : never on online servers and never on online devices.</li>
<li>This philosophy only applies when using symmetric encryption algorithms ( AES, 3DES, etc. )</li>
</ul>
<h2>License</h2>
<div><a href="https://opensource.org/license/mit">MIT</a></div>
</body>
</html>