from Hacker News

Password-Derived Signature Authentication

by danieltanfh95 on 6/24/25, 2:01 AM with 3 comments

• by danieltanfh95 on 6/24/25, 2:01 AM

  This is a demo of an authentication approach that combines the familiarity of passwords with the security of digital signatures. Instead of sending passwords to servers, users derive cryptographic key pairs from their passwords and use digital signatures for authentication.

  With PDSA, passwords never leave the client device in plaintext and even if the server is breached, attackers cannot impersonate users, so even if users reuse the same password across services the impact to other services using the same password is minimal.