I built ZKP auth so passwords never touch your server
Abhik Mondal introduces a new authentication method called Zero-Knowledge Proof (ZKP) auth, which ensures that passwords never reach the server. This method allows users to prove knowledge of their password without revealing it, thereby eliminating the risk of password breaches. The ZKP auth system is implemented through a TypeScript library that includes server and client packages for secure authentication processes.
- ▪ZKP auth prevents passwords from ever reaching the server, reducing the risk of breaches.
- ▪The method uses cryptographic techniques to verify user credentials without exposing the actual password.
- ▪The ZKP auth library is available as a TypeScript monorepo with focused packages for server and client applications.
Opening excerpt (first ~120 words) tap to expand
try { if(localStorage) { let currentUser = localStorage.getItem('current_user'); if (currentUser) { currentUser = JSON.parse(currentUser); if (currentUser.id === 3937404) { document.getElementById('article-show-container').classList.add('current-user-is-article-author'); } } } } catch (e) { console.error(e); } Abhik Mondal Posted on May 18 I built ZKP auth so passwords never touch your server #node #javascript #security #authentication Every time you hear about a major breach, the headline is the same: "Millions of passwords exposed." Attackers get in, dump the database, and walk away with your users' bcrypt hashes. Given enough time and a GPU farm, weak passwords crack. Even strong ones end up in breach databases. The root cause is always the same: the password reached your server.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at DEV.to (Top).
Discussion
0 commentsMore from DEV.to (Top)
