Proof of BOINC UserID ownership via openssl - Pull Request submitted!

28 days ago

Proof of BOINC UserID ownership via openssl - Pull Request

I've been working on implementing the previously proposed proof of BOINC UserID ownership via public key cryptography and have submitted a Pull Request on the BOINC repo which requires further peer review.

The purpose of this project is to prove within any external system that you are the owner of an UserID for an individual BOINC project, without storing external system data within the BOINC project's servers.

A massive shout out to Thomas Brod for peer reviewing my pull request and helping improve the quality of the code!

Created

openssl_sign_form.php

Just a really simple form, the user inputs data as instructed by the external system (a public key, an identifier, etc) and clicks 'generate;. The user input data is forwarded to the openssl_sign_action.php script. This page is linked to from the user's private profile page.

The user needs:

  • A minimum RAC of 100 (configurable by the project admin).
  • To be logged in.
  • Optional: A verified email.
  • Optional: To solve a captcha.

openssl_sign_action.php

The openssl_sign_action script receives the user input data, produces a signature of a message containing "User_ID" and "User_Input_Data" then outputs the data as an xml file via an auto-download prompt within the browser.

Sample output:

<boinc_user_id_verification>
 <master_url>http://127.0.0.1/boincserver/</master_url>
 <userid>1</userid>
 <user_data>Steemit_Test_User_Input</user_data>
 <msg>1 Steemit_Test_User_Input</msg>
 <signature>mjSaxH6VYozryf+VsJgPGL54qKr3xiioEuqCJoWV1puDYywQq9FRmhHPpMRGEHXnYCHwe0jG6TuHOth6oRd6R4Gumi3UTa9TWbx94+IK2BCT8I1NIiqIAu7p4khxJhyT3aPkiC6mv3SJJffSO/BffKn4y8YF4K8f6pEpU5JnjQ0ZFZS9oB8gjzYqlJC3InBF5oSUo+1qTjutAIBj/azIaOoViwiGAMtiB7OeCjv3UWVsAK5D+wmyIeyB/pSsAhreDhAa2rZvZ4/whlVkcQJq16hnnDsTQqtPvZ5fDpDzUVl7B8EMcYsJTBe7KxeTxUlKQdKUJaechNRtrLbiWP/uPw==</signature>
</boinc_user_id_verification>

Any questions or suggestions?

Best regards,
@cm-steem

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  trending

Cool thing how fast you came up with that code ! Impressive didn't you just last week talk about the possibility? Well I know it wasn't that super complicated:) but nevertheless respect my dear !
Go gridcoin go @cm-steem !

·

Thanks, yeah it was a week ago that I posted the idea on github and steemit, took a couple days to think about it and another couple days to implement, pretty simple in the end.

I agree. If I must choose between #Gridcoin and #SPARC. I would choose #Gridcoin. Please reply to me. I need to know if my efforts to capitalize on both of them is causing me to be diminished in either pursuit.

·

The systems are entirely separate, so whether you're earning one has no impact on the other.

·

You should be able to earn both at the moment.

·

@vezarino Thank you for the reassurance.

Question about Gridcoin Pool and connecting a wallet.

On Step 2 /Guides/pool-gridcoin-install.htm at the bottom is says you can use an Openledger account instead of the Gridcoin Wallet, but what would I then use for the GRC Payout Address and password back on GRCPool?

Is it better to use the Gridcoin Wallet? Any benefits either way?

·

Does not have to be Openledger, you can use our favoirite exchange that supports Gridcoin as online wallet. Just open the Exchange website, open deposit menu, find gridcoin and click deposit (or +), new Gridcoin address will be generated for you. You can use this on pool. But be careful, the coins that are not in your (official) wallet on your own computer are technically not yours.

·
·

Understood, thank you for your feedback. I am going through the process of syncing my Gridcoin wallet. Seems like the better option.

·

Even if you trust the exchange, you're losing out on interest should you hold the coins for a while, as exchanges don't stake the coins for interest.

·
·

It's always a massive risk to keep funds on an exchange, how many exchanges need to be hacked until people stop permanently holding coins on exchanges? :(

·
·
·

True - I have a question though since it's kind tough keeping the individual wallets for things like Gridcoin, Stratus, etc that require a sync to the chain all the time. For non-tech people, like some of my friends it's enough to make then not get involved. I even hold a lot of UIA on my OL account like SMOKE, PEERCROWDFUND, etc since there really isn't anywhere else to hold them.

Will Gridcoin, and do you think other UIA converting to their own coins, be able to be stored on a hardware wallet like Ledger Nano or Trezor?

·
·

True, thank you. I am going the Gridcoin Wallet route - syncing it up now.

After reading the other links I still don't get it, can you give an example of these external systems? And what's the whole purpose of it? Is it to ease down the load on those project servers and to be more or less anonymous or is/was there a security risk involved?

·

After reading the other links I still don't get it, can you give an example of these external systems?

An external system such as Gridcoin, SPARC, or any other cryptocurrency which decides to reward BOINC computation.

And what's the whole purpose of it?

To prove BOINC account ownership, so that we can securely distribute rewards.

Is it to ease down the load on those project servers and to be more or less anonymous or is/was there a security risk involved?

You wouldn't need to contact a project to verify the ownership of an UserID because you could verify that the project signed the data using their public key. It would make it more anonymous because you wouldn't need to provide the gridcoin client an email address anymore, and yes there are potential security problems right now within the gridcoin network which could be neutralized if we were to use this proof of userid ownership mechanism.

·
·

Got it. Thanks for the detailed explanation :)

This looks like a great thing and interesting, I would love to learn more on this where can I more information? I want to thank you for sparking my interest.

·
·
·

Thanks I appreciate the information I am new to steemit and it never ceases to amaze me how helpful everyone is. Thank you for the links. Ill be checking them out.

·
·
·

And the wiki page for more alternatives. One of them for example does not require any modification to BOINC...

·
·
·
·

This is true, however the proposed modification is pretty lightweight compared to previous proposals.

Terimakasih @cm-steem sangat menarik sekali postingan anda dan saya menyukai postingan anda. Salam kenal dari saya @husnulkhatimah.

this post is so amazing, I'm so inspired to keep working hard on steem.

Upvoted and also resteemed :)

nice work and followed. check out @nanocheeze
and check out the nanocheeze project
http://nanocheeze.com

We be usin BOINC and other junk :)