RFC Possibility SQRL

Yes I agree, but you can have multiple identities (some you can throw away) so we could have our own “tumbler” like device where your unique ID could have a safecoin but it came from an unknown ID and you are using an unknown ID. There is no further leakage of anything beyond current and previous ID, so this can be wrapped into the scheme nicely I believe.


I edited in the same time your replied. But, I understand what you mean, but there is no way they know to which account the coin is linked to with SQRL. So how they can provide the service to the user?
EDIT: I get it, we don’t speak the same English.

:smiley: no worries, good thing with sqrl is you can extract the keys from the random ID, if this was tied to an anon identity and applied to a throw away account then you are fine. So throw away the SAFE account but keep the keys for SQRL access. I have not dived into detail yet, it will require some analysis of the sqrl source or papers to confirm this is OK from SQRL side. From SAFE side it is OK, ofc it does not need to be exactly sqrl it could be along the same lines though,.


This is what I believe the idea is.

You log in

You pay the coin from a use once payment address

They credit you as paying, but that address is not used anywhere else, so who cares if they know that address, its not linked to anything else.

(unless I misunderstood you)


No I though the idea is to have an SQRL id linked with our safe account. But I was wrong if I’m correct.


Only for any single payment, apart from that they are separated, this allows use of safecoin by hijacking the private key for a short time. They would be significantly separate though. So you have a SAFE SQRL keypair in your SAFE account for browsing/logging in and can become a SAFE account of that key for short periods, but that is temporary to xfer safecoin for a site (single site) if needed.

I am sure this will radically simplify and become clear as we proceed with the RFC.


There is an SQRL implementation already called Clef.


Clef is not SQRL.
Where did you get that from?

That’s weird, because Wikipedia says there are no SQRL implementations used in production.

I was under the impression it was. Can anyone contact the Clef team to find out?

Wanna fork it? https://github.com/clef

@luckybit, a Clef discussion happened here, perhaps you can continue advocating Clef under that more appropriate topic. It’s 2FA, it doesn’t support anonymity and it strongly recommends (basically requires) that no other passwords (such as SAFE PIN, etc.) be used. This topic isn’t about that.

@luckybit Clef is not totally opensource, costs money, venture backed & is not a SQRL implementation. Clef works with Oauth (maybe still has vunerabilities). You can hear about Clef here from the CEO.

What maybe is more important is making some adjustments to SQRL, so that it could work in harmony with the SAFE Network. What if you could use the SAFE Network message to message your phone? And SQRL worked like this:

In the scenario above you’ll get a text for the Clef app. But what if you got a SQRL message from the SAFE Network message system instead of a master password (masterpassword is SQRL’s weakest point). Maybe instead of a masterpassword that SQRL has, you could also choose to have 2 or 3 phones as a substitute (multisig mobile). Let’s say you lost one phone, you would still be able to login with the other phone and a pin code.

Ideally this SQRL app should be on the SAFE Network, instead of Github or the Google Playstore. If only our mobiles OS was also on the SAFE Network, then it would be…

1 Like

This is getting more and more ridiculous…

According to various (mostly accepted) ideas floating around here, a SAFE user would ideally have a farming rig, a separate secure client based on Live CD, and now another layer of authentication (potentially with 3 mobile phones), and a huge list of bookmarks that acts as some sort of medieval DNS system.

Every new idea like that knocks off another 20% of the potential user base.

1 Like

Not as a requirement.
For most people who just want to post about their cats on SAFEbook, running a vault while their computer is on should be enough to do everything they need/want to do on the SAFE network.
The DNS system is a moot point because anyone can implement any system they want. Somebody will forgo traditional DNS for petnames and others will want the more traditional DNS system. There will most likely be an app that simplifies registering to most known DNS systems at the click of a button.

What people are discussing when they say they should have a LiveCD-based SAFE operating system and redundant two factor authentication is a situation where you have something major to lose by a loss of privacy and/or anonymity and/or unauthorized access to your files. Such as a whistle-blower or a political activist and the like.

You don’t seem to get that just because a system or feature is suggested, it does not mean everyone needs to adopt it.

I think I speak for (almost) everyone when I say that when people discuss these things, they aren’t saying “Yeah, I think we should definitely impose this mode of doing things on just about everyone.” but rather they’re exploring the possibility space and seeing which ideas are plausible and where the weaknesses and strengths lie in each proposed way of doing things.


I installed SQRL on my mobile and played around with it a little bit. The setup is really easy. Enter your Masterpassword, write down a 24 digit recovery code and retype it on your SQRL client. [Go to a website with SQRL][1], scan, your asked if this is the website you want to log in too, indicate that you want it with thumbs up, your asked to create an account for that website and your logged in.

Unfortunately I can’t choose my own username in this case:

I also remember Mr Gibson saying that SQRL, uses the url to do it’s hocus pocus. So that might maybe also play a role in a SAFE Network implementation.

I wonder if SQRL can also work if you got an existing account? If so you could login with it on Paypal and still send/receive money.
[1]: http://sqrl-login.appspot.com/

Didn’t you already say that in another topic here some 4-6 weeks ago and someone replied to you saying it doesn’t make sense?

Existing account where?
If PayPal doesn’t implement it, it’s useless for PayPal because I can login directly at PayPal.com without SQRL.

I had missed this topic. If it isn’t too complicated to implement, it would be great!

If I have my MaidSafe credentials, I can login from anywhere without going on the Internet and with only SAFE being up and running (even quite possibly with HTTP being blocked on all networks that I use).

Hmmm I can’t remember. “it doesn’t make sense” It’s funny if someone would say that, because before you can log into a website with SQRL, you get to see the URL and your asked if that’s the website your trying to login to Thumb down or Thumb up?

But the thing is you don’t see the URL and you can login to your account at any site, so why would the hacker go to the site that makes it hardest to access your data?.