Musing while setting up 2FA: one of the nice old auth systems I remember is S/KEY. It allowed you to generate one-time codes such that the server only needs to store a “public key” (verification key) rather than a shared secret. https://en.m.wikipedia.org/wiki/S/KEY
S/KEY didn’t use classical public key encryption, it used hash chains. You’d start with a secret “s” and hash it to get H(s), H(H(s))… and so on. The final hash would be stored on the server and then you’d use the remaining ones from last to first as passwords. Anyone could hash them to check against the server value.
Anyway the problem with S/KEY is that the passwords have to be longer. We have this view that Authenticator OTPs should be 6 decimal digits long. It’s hard to do any interesting cryptography in six digits, you need more.
In a world where your servers are operated by volunteers rather than big well-resourced SV corporations with security teams, it’s interesting to think about how we can make identity and authentication require fewer shared secrets.
@matthew_d_green This is an essential point of decentralization. Too many pieces of internet infrastructure have shifted to requiring large teams with staffed security teams to operate. Web apps are the worst in that regard. Debian still keeps self-hosters as a key use case.
