请问HN:用于信息交换的去中心化认证?
我有一个媒体服务器项目想要进行,但我在一个问题上卡住了:便利性与隐私之间的权衡。
这个项目是关于搭建自己的媒体服务器,我希望能够有一个更简便的账户系统,用户只需输入电子邮件和密码,就能获取服务器/IP 列表(后续的所有操作都在实际服务器上完成)。例如,用户可以被邀请加入两个服务器,并在同一页面上看到它们,这样会让事情变得更加直接和简单。
经过深思熟虑,我得出的结论是,集中化是最理智的选择。数据本身包括:电子邮件、加密密码、加密的 IP 列表(通过密钥交换)。有没有办法做到去中心化?我搜索过,甚至询问过大型语言模型,但没有什么感觉可靠(最好的建议是 Nostr),但这种方法会使得电子邮件和密码重置变得痛苦或几乎不可能。我对这个话题了解不多,所以这确实是一个挑战。
那么,为什么不直接使用 URL 呢?便利性。我知道,但给家长提供一个 URL 是很麻烦的,即使是一些懂技术的朋友,沟通起来也需要花费一些时间。我想尽量消除所有的摩擦。此外,如果是集中化的,用户就不需要购买域名、设置 Let's Encrypt 等等,这些都需要花费时间和金钱(尤其是对于简单/新手自托管者来说);这样会更加友好和顺畅,并在某种程度上提供更好的隐私保护。
请注意,这个项目甚至还不存在。但我会尽快推进。我在大学时只上过一门加密课程,虽然我理解并且做得不错,但我仍然需要审核/验证我的方法。
基本上是:
1. 使用不同的算法对密码+盐进行哈希,保存私钥,并将公钥发送到中央服务器。
2. (媒体服务器所有者想要邀请)媒体服务器检查公钥,加密包含所有细节(IP、状态、端口等)的消息,并将加密消息发送到中央服务器。
3. 客户端稍后检查是否有新消息,解密来自服务器的 IP/信息并连接。
每个设备都可以通过这种方式安全登录并获取服务器列表信息。将会有某种“快速连接”的方式在电视等设备上使用,并且可以更改密码,但我现在不想过于超前。我认为 IP/服务器信息的加密没有重大问题,但这就是一般的核心原则。我可能(很可能?)遗漏了一些东西。
我能想到的唯一问题是,“集中化”的 URL/域名会一直显示,而不是所有者的名字。请注意,它将被设计成允许您将其发送到您自己的 URL/域名等。
无论如何,请告诉我什么是最好的。顺便说一下,我并不富裕,但这样一个简单的“认证”服务器大概每月只需 5 美元,加上 2x5 美元的冗余,应该不会太贵。
查看原文
I have a media server project that I want to work on. But I'm stuck on one thing, convenience vs privacy.<p>As the project is about spinning your own server (media server), I want to have a smoother way to have a simple account system where the user just enters an email and a password, and get the server/ip list (everything from there is done on the actual server). For example, a user could be invited to 2 servers, and would see them in the same page, which makes things more straight-forward and a lot easier.<p>Now, I thought a lot about it, and mostly came down to the conclusion that centralizing it is the most sane option. The data itself comes down to: email, encrypted password, encrypted IP(s) list (via key exchanges).Is there any-way to do it decentralized? I searched, even asked LLMs, but nothing felt solid (best was a Nostr suggestion) but such method would make emails, password resets painful or almost impossible. I don't know a lot regarding this topic so its quite the challenge.<p>What's the point/why not just use URL? convenience. I know, but it SUCKS having to give a parent a URL, even with some techy friends it takes a bit communicating it. I want to eliminate as much friction as possible. Also, if centralized, this has the ability that users don't need to buy a domain, setup lets encrypt and all that which costs money and time (especially for simple/new selfhosters); its a lot nicer and smoother and in a way provide better privacy out-of-the-box.<p>Note, This project doesn't even exist yet. But I'm pursuing quite soon. I also only took 1 encryption course back in college days, while I understood and was good at it, I still need to audit/verify my method.
It basically is:
1. hash the password+salt in a different algorithm, save the private key from it and send the public key to the central server
2. (media server owner wants to invite) the media server checks for a public key, encrypts the message containing all the details (IP, status, ports etc), and sends the encrypted message to the central server.
3. The client later checks, if there's a new message, it decrypts the ip/info from the server and connect.<p>Every device can login in this way and grab server list info securely. There's gonna be some sort of way to "quick connect" on TVs and such, and change passwords, but I don't want to get ahead of myself for now. I don't think the IP/server-info encryption suffers from any major things, but that's the general core principle. I maybe (probably?) have missed something.<p>The only issues I can maybe think of, is a "centralized" URL/domain would be showing up all the time instead of the owner. Note, it would be designed in a way that would allow you to instead send them to your own URL/domain and such.<p>Anyways, let me know what would be best. btw I'm not rich but such simple "auth" server would probably cost like $5/m + 2x5/m for redundancies, shouldn't be too bad.