{"tip":"press.release","weise3_id":"12598d8b70a71cf8eaa81187e6546287306706d4cb24f643ed9ff869cdd03b7d","naslov":"Show HN: Genesis Auth — Ed25519 login, every session is a cryptographic chain entry","sadrzaj":"genesis_auth_press_release_en_v1","kreator":"press.release","kontekst":"en","nastao":1777744485,"jezik":"EN","za":"Hacker News (Show HN)","tekst":"Hey HN,\n\nI built Genesis Auth — an alternative to Google/Apple/GitHub OAuth that requires no central identity server.\n\nHow it works:\n1. The browser derives an Ed25519 keypair locally from a passphrase (PBKDF2-HMAC-SHA256, 100k iterations via WebCrypto API)\n2. Server issues a 32-byte random challenge (TTL 60s, stored in Redis)\n3. Browser signs the challenge with the private key — private key never leaves the device\n4. Server verifies the signature using the public key — pure math, no password database\n5. Every successful login creates a .dokarh chain entry with a WeisE3 ID\n\nThe architecture philosophy: \"We are not on the server, not in the database — we only have the anchor.\" The WeisE3 ID (SHA3-256 hash) is the only trace the server keeps.\n\nTech: FastAPI backend, WebCrypto in the browser, Redis for challenges, disk-based .dokarh files for sessions (no SQL for identity).\n\nEverything is CC0 — public domain, free forever.\n\nWe also launched a bug bounty: 500 EUR for a proven exploit of the Ed25519 math. Find a WeisE3 collision, break the verify without the private key, or prove a session hijack without a signature. DDoS and social engineering are out of scope.\n\nLive demo: https://genesis.limit-connect.com/auth/demo\nSDK (3 lines): https://genesis.limit-connect.com/genesis-auth.js\nBounty: https://genesis.limit-connect.com/api/v1/bounty/status\n\nHappy to discuss the architecture — especially the \"session as chain entry\" approach and why we chose Ed25519 over WebAuthn for this use case.","kljucne_teze":["Quantum-safe roadmap — ML-DSA-65 standard for v2","No central server — keypair stays in the browser","Every session = provable entry in Genesis chain","Bug bounty: 500 EUR for proven exploit of the math","Completely free for integration (CC0)"]}