Kgothatso Ngako



I am Kgothatso Ngako, Software Developer born and raised in Mamelodi, Pretoria (currently developing as a side project). Consistency is a super power.

Former researcher at the CSIR where I spent some time researching the economics and technicalities of cryptocurrencies. Currently running (as a side project) to translate literature that explains cryptocurrencies into native African languages (already have content translated into 4 South African languages and 1 Namibian native language).

Title: Authentication is Broken. Can We Try Fix It?

This talk seeks to demonstrate how the hardened derivation of hierarchically deterministic asymmetric keys can be used as an authentication mechanism that sites could use to replace the passwords. As anyone who frequents haveibeenpwned would know, password reuse is a major problem that is worsened by inevitable data leakages. Without the use of a password manager a person is prone to reuse a password at least once (or risk forgetting their password if they try to be clever by coming up with a new password for every site).

In this proposed authentication mechanism sites would store xpubs instead of passwords. The xpubs would be used to derive public keys when authenticating users. The users of a site would derive the private keys to sign messages which the sites can verify using the derived public keys. The messages could be a derivation path which both parties will use to derive both the private and public key. This allows keys to not be passed during frequent authentication (user only needs to share xpub on registration).

The talk will also cover what advantages and concerns this approach presents. And a proof of concept will be demoed using something I hacked together using nodejs (should open source the code before the day).

A short history of asymmetric cryptography and how Bitcoins hierarchically deterministic keys came about will also form part of the talk.