proxynoproxy
2 hours ago
First up, you won’t win over security people with big claims of being the future of auth. This ain’t it chief.
The future of auth is probably something involving public key cryptography and zero knowledge proofs. This scheme is just complicated and fragile with moving parts, emails, reconstructing codes, etc.
With all due respect, this scheme is flawed. Individual servers should not be storing user password components in the clear for reconstruction. Monthly Magic Links. 9 digit codes. Pink codes? The state of the art today is a hardware enclave with a private key, and an authentication scheme that is bound to the website using browser APIs.
You might want to reconsider the name because it’s way too close to an actual real security vendor who names things this way.
ahilanv
an hour ago
Thanks for your insights! I just wanted to clarify a few points about how the system works, as I think there may have been some misunderstanding.
Everything in FortLock is decentralized:
Server A and Server B store hashed parts of the password, not the password itself, and they’re tied together via the Levelpoint stored on Server C. No single server has access to enough information to reconstruct the full password. The Levelpoint is an additional layer of security, ensuring that even if one server is compromised, it’s useless without the other two. We’ve also implemented several precautionary steps across these servers to ensure security, including encryption and independent infrastructures for each. The intention behind using this decentralized approach was to reduce the risk of having a single point of failure. I understand that there are other state-of-the-art methods like public key cryptography and hardware enclaves, and I’m exploring those further as I continue developing this system.
I really appreciate your feedback—it helps me refine my approach and stay grounded in what's proven. I’ll definitely take this into account as I work to improve FortLock.
Thanks again for taking the time to comment!
Best,