How to get SQRL bootstrap to the Internet.

  • DNS Benchmark v2 is Finished and Available!
    Guest:
    That's right. It took an entire year, but the result far more accurate and feature laden than we originally planned. The world now has a universal, multi-protocol, super-accurate, DNS resolver performance-measuring tool. This major second version is not free. But the deal is, purchase it once for $9.95 and you own it — and it's entire future — without ever being asked to pay anything more. For an overview list of features and more, please see The DNS Benchmark page at GRC. If you decide to make it your own, thanks in advance. It's a piece of work I'm proud to offer for sale. And if you should have any questions, many of the people who have been using and testing it throughout the past year often hang out here.
    /Steve.
  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.

  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

C

coffeeprogrammer

Well-known member
Jul 19, 2021
232
20
So here is a thought, what does everybody else on these forums think would happen if we contacted the organizations that host the sites we use most often and asked for support for SQRL as a login technology?

As a SN listener, I never really worked out how SQRL works, but if I were going to use it I would want some documentation that I could slowly read and understand, just like with passkeys. I am sure there is video of it being explained, but I find it better to be able to read and reread to fully understand.

My point here is that I am wondering what would happen if SN listeners started contacting sites asking to support SQRL? Would that be enough to bootstrap SQRL as a common authentication method on the web? If a large number of website like walmart, linkdin, hulu or amazon and perhaps other more regional sites such as your local medical providers or a bank portal? Just an idea to get SQRL bootstrapped to the Internet.
 
coffeeprogrammer said:
if we contacted the organizations that host the sites we use most often and asked for support for SQRL as a login technology?
Click to expand...
You're almost half a decade late to the party, LOL. We tried that, when it was new... you can see the results it generated. At this point it's beyond too late because it appears Steve himself has given up. But if you have the spare cycles, I guess what would it hurt... just don't let your feelings get hurt when they ignore you.

What it needed desperately was a working product that had some significant uptake. Like if someone had created a version of something that was SQRL first. But for that to have happened, someone needed to take the process of getting the IETF to issue a standard for SQRL, and while there were efforts made, they petered out before any significant success was achieved.
 
  • Like
Reactions: Frankdatank
I'm saddened by SQRL's lack of adoption, given its elegance. Even this evening, I'm working on my own PHP library to spin up sites that support it. However, I fear that with the lack of maturity of the clients, despite the love they were given, there won't be enough users to justify it. For now my personal project is an exploratory project in learning how Steve approached the problem.

I've been giving it quite some thought, and watching things play out has given some insight into the adoption problem.

My suspicion is no matter how good a technical specification is, plowing through that, understanding it, and creating working code from it is an uphill battle. I suspect the plan was that the community was going to jump in, and many tried. But likely adoption rates would have been easier if the two major phone platforms and three major OSes had polished full-featured clients approved by Steve. And then some PHP framework made it stupid-simple to stand up sites, much in the same way that adding SQRL to certain blogs/forums was.

And while that would have reduced a lot of friction, it still might not have guaranteed adoption without the major browsers baking it in (or websites having desired content that couldn't be gotten with without it).

Nonetheless, Steve, thank you for your efforts. I hope you keep the forums up and SQRL on your site.
 
coffeeprogrammer said:
My point here is that I am wondering what would happen if SN listeners started contacting sites asking to support SQRL
Click to expand...

Sadly, SQRL's day has come and gone. The industry has gone its own way with FIDO, and FIDO has become widely adopted.

It could be said that Steve had a moral victory with the adoption of FIDO. Both SQRL and FIDO at their core depend on the idea of taking a website's URL, adding a bunch of other stuff, and then creating a public/private key pair from it. I've often wondered if the FIDO people got this idea from Steve. Around 2014 or 2015 he did present his ideas for SQRL at security conference with many industry leaders in attendance. It's possible that some of the FIDO people were in attendance or heard of it. Steve put his ideas in the public domain so anybody using them wouldn't have to pay him royalties. Does FIDO owe its existence to Steve? Maybe, but we'll never know.

In retrospect, the industry was probably never going to adopt SQRL in its present form anyway. Steve wanted SQRL to be completely under the control of the user and not depend on third-parties in any way. But of course companies like Apple, Google, and Microsoft want to be in the center of any secure login process. It gives them enormous control and power. The original implementations of FIDO were siloed by each company. You couldn't set up FIDO in the Apple ecosystem and then use that implementation in the Microsoft world. That's changed recently but it took a lot of effort by the FIDO committee. With SQRL you had that from day one.
 
Let me Google that for me:

Q: Google, what is FIDO?

A: FIDO can refer to several different things, most commonly the Fast Identity Online (FIDO) Alliance, an industry group that develops standards for stronger, passwordless authentication.

It can also refer to Fido, a Canadian wireless carrier, a PowerShell script for downloading Windows ISOs, an online data management system for social research, and a water technology company. [1, 2, 3, 4, 5, 6, 7]


In technology
  • FIDO Alliance: An open industry association that develops security standards to reduce the world's reliance on passwords. Its standards use public-key cryptography to enable strong authentication, often through biometrics like fingerprint or facial scans, or hardware tokens.
  • Fido (PowerShell script): A script used to automate the process of downloading Microsoft Windows retail ISOs and UEFI Shell images.
  • FIDO AI: An award-winning global company that provides advanced water network management solutions, including water leak detection and monitoring. [1, 2, 4, 5, 8, 9]
In telecommunications
  • Fido: A Canadian mobile virtual network operator (MVNO) that is a subsidiary of Rogers Communications. [6, 7, 10]
Other uses
  • FIDO (Fidelity Observation): An online system used by the Oregon Social Learning Center to manage social research and intervention data.
  • FidoAlert: A service that helps ensure pets are protected by providing alerts for lost pets.
  • Fido Dido: A cartoon character who became the mascot for the soft drink 7 Up.
  • Fido: A common name for dogs, which has been used in various fictional works. [3, 11, 12]
[1] https://github.com/pbatard/Fido
[2] https://fidoalliance.org/apple-google-and-microsoft-commit-to-expanded-support-for-fido-standard-to-accelerate-availability-of-passwordless-sign-ins/
[3] https://fido.oslc.org/info/
[4] https://en.wikipedia.org/wiki/FIDO_Alliance
[5] https://fido.tech/
[6] https://en.wikipedia.org/wiki/Fido_(wireless_carrier)
[7] https://www.fido.ca/
[8] https://miracl.com/blog/fido-a-noble-attempt-but-alternatives-required/
[9]
[10] https://en.wikipedia.org/wiki/Fido_(wireless_carrier)
[11] https://en.wikipedia.org/wiki/Fido
[12] https://www.fidoalert.com/

- - - - -

Note, "Fido (PowerShell script): A script used to automate the process of downloading Microsoft Windows retail ISOs and UEFI Shell images" https://github.com/pbatard/Fido/releases/tag/v1.67 also offers to download UEFI-troubleshooting boot ISO, so that's a new-to-me tool to play with.

Thanks.
 
You must log in or register to reply here.

Similar threads

R
  • Contains 1 staff post(s)
Should this forum be restricted to SQRL login?
Replies
2
Views
1K
SQRL
DanR
D
jlariviere
  • Contains 2 staff post(s)
SQRL forum error
Replies
4
Views
3K
SQRL
jlariviere
jlariviere
Top Bottom
Back