Identity & credential systems

Passwords, public keys

In the context of early digital civilization recovery, establishing robust identity and credential systems is fundamental to secure communication, trustworthy transactions, and reliable access control. This section provides a comprehensive overview of identity management principles, password security, and the implementation of public key cryptography for authentication and encryption. Understanding and applying these concepts is critical for building resilient local networks, protecting sensitive information, and enabling secure digital interactions in a post-collapse environment.

Introduction to Digital Identity

Digital identity refers to the representation of an individual, organization, or device in electronic systems. It is the foundation for verifying who or what is interacting within a network or service. Without reliable identity systems, it is impossible to enforce access controls, maintain privacy, or establish trust.

Digital identities typically consist of:

Identifiers: Unique names or numbers that distinguish an entity (e.g., usernames, email addresses).
Credentials: Proofs that confirm the identity (e.g., passwords, cryptographic keys).
Attributes: Additional information associated with the identity (e.g., roles, permissions).

In early digital civilization, identity systems must be simple enough to implement with limited resources yet secure enough to prevent impersonation and unauthorized access.

Password-Based Authentication

Overview

Passwords remain the most common and accessible form of authentication. They are secrets known only to the user and the verifying system. Despite their simplicity, passwords require careful management to ensure security.

Password Creation Best Practices

Length and Complexity: Passwords should be at least 12 characters long, combining uppercase and lowercase letters, numbers, and special symbols. Longer passwords are generally more secure.
Avoid Common Words: Do not use easily guessable words, names, or sequences (e.g., "password," "123456," or "qwerty").
Use Passphrases: Combining multiple unrelated words into a phrase (e.g., "BlueTiger$7Jump!") improves memorability and security.
Unique Passwords: Each account or service should have a distinct password to prevent credential reuse attacks.

Password Storage and Verification

Systems must never store passwords in plaintext. Instead, they should use cryptographic hashing algorithms with salts:

Hashing: Converts the password into a fixed-length string that cannot be reversed.
Salting: Adds a unique random value to each password before hashing to prevent rainbow table attacks.
Slow Hash Functions: Use algorithms like bcrypt, scrypt, or Argon2 that are computationally intensive to slow down brute-force attacks.

Password Management Tools

In resource-limited environments, password managers may not be available. Alternatives include:

Physical notebooks: Securely stored and encrypted if possible.
Mnemonic devices: Techniques to remember complex passwords.
Shared secrets: For group accounts, use agreed-upon passphrases changed regularly.

Password Authentication Protocols

When transmitting passwords over networks, avoid sending them in plaintext. Use secure protocols such as:

Challenge-response authentication: The server sends a challenge, and the client responds with a hash combining the password and challenge.
Encrypted channels: Use TLS or VPN tunnels to protect password transmission.

A illustration of a padlock symbol combined with a key and a password input field, representing password security and authentication.

Public Key Cryptography for Identity and Credentials

Introduction to Public Key Cryptography

Public key cryptography (also called asymmetric cryptography) uses a pair of keys:

Public key: Shared openly and used for encrypting messages or verifying signatures.
Private key: Kept secret by the owner and used for decrypting messages or creating digital signatures.

This system enables secure communication and authentication without sharing secret keys beforehand.

Key Concepts

Encryption: Anyone can encrypt a message using the recipient’s public key, but only the recipient can decrypt it with their private key.
Digital Signatures: The owner signs data with their private key, and others verify the signature using the public key, confirming authenticity and integrity.
Key Pairs: Each user or device generates a unique key pair to establish identity.

Generating Key Pairs

Key pairs can be generated using software tools available on restored computers or manually with cryptographic libraries. Common algorithms include:

RSA: Widely used, secure with sufficiently large key sizes (2048 bits or more).
Elliptic Curve Cryptography (ECC): Offers similar security with smaller keys, efficient for limited resources.

Public Key Infrastructure (PKI)

To trust public keys, a system must establish who owns which key. This is done through:

Certificates: Digital documents binding a public key to an identity, signed by a trusted authority.
Certificate Authorities (CAs): Entities that verify identities and issue certificates.
Web of Trust: Decentralized trust model where users sign each other’s keys.

In early digital civilization, centralized CAs may not be feasible. Instead, communities can adopt a web of trust model, where trusted individuals verify and endorse others’ keys.

Using Public Keys for Authentication

SSH keys: Secure Shell (SSH) uses public/private keys for secure remote login without passwords.
PGP/GPG: Pretty Good Privacy (PGP) and GNU Privacy Guard (GPG) enable encrypted email and file signing.
TLS Certificates: Secure websites and services use certificates to authenticate servers.

Key Management

Private Key Security: Private keys must be stored securely, ideally encrypted with a passphrase.
Backup: Keys should be backed up in secure locations to prevent loss.
Revocation: If a key is compromised, it must be revoked and replaced promptly.

A photo of a person holding a USB security token device used for storing cryptographic keys, with a laptop displaying a public key fingerprint on the screen.

Combining Passwords and Public Keys

Hybrid systems leverage both passwords and public keys for enhanced security:

Two-Factor Authentication (2FA): Requires something you know (password) and something you have (private key or hardware token).
Password-Protected Private Keys: Private keys are encrypted with a password to prevent unauthorized use.
Fallback Authentication: Passwords can serve as backup if private keys are lost.

Identity Systems in Local Networks

User Accounts and Access Control

Local networks require identity systems to control access to resources:

Usernames: Unique identifiers for each user.
Authentication: Passwords or public key-based login.
Authorization: Permissions assigned based on roles or groups.

Directory Services

Lightweight directory services can store user identities and credentials:

LDAP (Lightweight Directory Access Protocol): Standard protocol for accessing directory services.
Flat files: Simple text files with user data for small networks.

Identity Federation

Multiple settlements or groups can share identity information through federation:

Trust agreements: Define how identities are recognized across networks.
Cross-signing keys: Users can authenticate across domains.

A illustration of a network diagram showing multiple nodes connected with lines, each node representing a user identity with a lock symbol, illustrating a decentralized identity system.

Threats and Countermeasures

Common Threats

Password guessing and brute force attacks
Phishing and social engineering
Key theft or loss
Man-in-the-middle attacks
Replay attacks

Mitigation Strategies

Strong password policies and account lockouts
User education on phishing
Secure key storage and backups
Use of encrypted communication channels
Implementing nonce or timestamp in authentication protocols

Practical Implementation Steps

Establish unique usernames for all users.
Enforce strong password creation and storage policies.
Generate public/private key pairs for users and devices.
Create a local web of trust or simple CA for key verification.
Deploy authentication services supporting both passwords and keys.
Educate users on secure credential handling and threat awareness.
Regularly audit and update identity and credential systems.

Summary

Identity and credential systems form the backbone of secure digital interactions in early digital civilization. Passwords provide a simple, accessible authentication method but require careful management to maintain security. Public key cryptography offers powerful tools for authentication, encryption, and digital signatures, enabling trust without pre-shared secrets. Combining these methods and implementing robust identity management practices ensures secure communication, protects sensitive data, and fosters trust within and between communities.

For further foundational knowledge on networked computers and local ISP-like services that utilize these identity systems, see the sections Networked computers and Local ISP-like services.

A photo of a community meeting where several people are discussing and exchanging printed public key fingerprints and passwords written on paper, illustrating trust-building in identity systems.

Level 1 - Survival Essentials

Level 2 - Sustainable Survival

Level 3 - Early Production & Local Industry

Level 4 - Mechanical and Agricultural Scaling

Level 5 - Civil Infrastructure & Transport

Level 6 - Digital and Scientific Recovery

Level 7 - Early Digital Civilization

Level 8 - Mass Production & Modern Infrastructure

Level 9 - Global Synchronization

Level 10 - Space Research & Expansion

Identity & credential systems

Introduction to Digital Identity