Introducing Strangers

It’s difficult to exchange public keys easily and correctly between strangers who have never met before.

But once they have done so, there is no way to stop them from communicating any more.

Eccentric Authentication focuses on getting that first key exchanged.

Eccentric Authentication is an authentication protocol that places end user anonymity, privacy and ease of use above other requirements. The user comes first, the web sites come second. The spies can go home.

It is designed to let people create accounts at web site while staying anonymous. The accounts are created with anonymous cryptographic identities. All the crypto-details are handled by a user agent, taking care of the details. It makes creating an account as easy as pressing a button. No more hassles with passwords nor email messages with activation links.

The users stay anonymous until they decide to reveal their identity. Even the web site will not learn the true identities. Nor will anyone else when proper traffic analysis protection it used. (Tor, I2P).

Secure names

Hidden in the account management are the public and private keys. These can be used to encrypt and sign messages between users of a site, or even between users of different sites. This can form the basis of a secure email replacement, making phishing even more a thing of the past. Because of the validation service, users can learn of other users identities by nickname and lookup the public keys. This makes world wide names secure.

Always encrypted

As this protocol deploys https-connections everywhere, it protects the users against passive eavesdropping and active manipulations such as Phorm, DPI.

End phishing

With the use of DNSSEC and a validation service to check that each certificate is issued only once we can prevent Man-in-the-Middle attacks and phishing. Even if the user falls for a bank-phishing scam, his/her computer knows better and won’t let the user connect. If the user would persist, bypass all protections and log in at the phishers fake bank site, the real bank site would detect it when the phishers impersonate the user and block the account.

Safe javascript apps

With some changes in the browsers’ Same Origin Policy, it can use the Eccentric Authenetication to prevent XSS and CSRF attacks. That opens the way for secure javascript applications, such as CryptoCat, Crypho or other activists tools.

Good for/with Tor

Secondary benefits: Due to the pervasive use of encryption, Tor users benefit in two ways: The use of Tor does not stand out between the other traffic that uses this protocol. This makes it easier to hide your Tor use. Secondly, when running eccentric authenticated connections over Tor, the end-to-end connection is encrypted, solving the evil-exit-node vulnerability of Tor.

Please see the Design Goals for more details and use cases.

With regards,
Guido Witmond
Witmond Secure Software
inventor of Eccentric Authentication