Hacker News new | ask | show | jobs
by grishka 1283 days ago
No, absolutely no. Private keys as a form of identity are flawed because they can't be recovered if lost and can't be revoked if leaked. In the real world, as opposed to crypto dreams, both these capabilities are not "nice to have", they are hard requirements. People lose their passwords — something they can remember — all the damn time, yet you're suggesting to use something that has to be stored as a file, but must be kept secret but at the same time stored reliably. And it's not just for authentication, it's the identity itself.

Private keys as a form of identity can't possibly work in the real world.
1 comments
EGreg 1283 days ago
And how pray tell will you authenticate with this numeric user id or username in the system? Is it like social security numbers where everyone just lets you input anything?
link
grishka 1283 days ago
I have no idea how SSNs work as I'm not from the US. Usually you'd have a password. The username is for identity, the password is for authentication, possibly combined with additional factors.
link
EGreg 1283 days ago
Oh you’d have a password!

Because you just said people lose their passwords all the time. So then what?

Unlike private keys they can also enter them in other sites, reuse them, and get phished and much more.

But yes, private keys bad! because they are cryptography and cryptography is crypto and crypto is scams and grift and there is a whole new cargo cult we have to be in now…

link
grishka 1283 days ago
Passwords can be reset. There's always a manual override. For most online accounts, you can restore your access to them from absolute zero — i.e. when you find yourself naked on the other side of the world and your house has also burned down and you also forgot all your passwords. It'd take time and it won't be an easy process, but it is ultimately doable.

But if it's a private key, you lose it an it's game over. You have to create a new identity and start over with everything that was tied to your old one. Worse yet, if you leak your private key, you can't stop other people impersonating you.

link
EGreg 1283 days ago
Oh is it magic? How do you authenticate yourself enough to reset a password? It’s almost like, you need something else. Such as a device that stores a private key.

Also, everything you said about resetting passwords can be done for resetting private keys too. The difference is that you don’t go around reusing it and typing it into phishing sites.

And if you think getting access to an account where you are totally butt naked and forgot the password is normal, I have a million gmail users who would love your wisdom.

link
grishka 1283 days ago
> How do you authenticate yourself enough to reset a password?

With a government-issued identity document.

link