Users may register for accounts and provide their public Ed25519 keys. Later, when they wish to login, they sign the string "login" (with their private key), base64 encode the result of that and provide it to the server. The server then verifies the signature using their public key. If it verifies, then the user gets a session.
While I find this approach interesting, I'm not convinced it's secure. The signatures are deterministic. So, if an attacker somehow obtained the signed message, then they could use that to login without having access to the user's private key. In that way, the signature of a constant message seems very similar to a static password.
I was hoping to get ideas and suggestions from the HN community on this approach. Is there a better way to use Ed25519 keys for user auth? I would like to prevent replay type attacks. I could have users sign the current epoch time (in seconds) or something similar.
I appreciate any and all feedback. I'm an old PGP guy trying to learn more modern crypto techniques. Filippo Valsorda has convinced me it's worthwhile.
Here's the registration page and the login page for those who may like to try it:
https://gen.go350.com/register-ed25519
https://gen.go350.com/login-ed25519
Also, you could set a timestamp in the headers and include those in the signature (like Slack & AWS do), while remembering to reject any request using a timestamp that’s too old for it’s signature.
How is this not just a more complicated password?
Usually these sorts of protocols have some sort of challenge for the client to sign, making the login one-time and checking that the user actually has the private key.