I go by SirSHAmun5on12 online. Around 2018 I built a high-powered PC and tried mining Bitcoin - that turned out to be more of a joke/learning experience than anything profitable, but it got me hooked. Led me down this whole path of hardware, then software development, cryptography, blockchain.
I'm one of those people always trying to spot what's coming before it hits mainstream - you know, find Bitcoin before it was Bitcoin. Recently got into QRL and ZKSync because I think quantum resistance and zero-knowledge tech are the next curves everyone's going to care about but most people aren't paying attention to yet. Now I'm working through Cyfrin Updraft courses trying to break into Web3 security auditing.
Why I built this: I was working on a project and needed OAuth. Added Google - fine. User asked for GitHub. Then someone wanted Apple. Then Microsoft. It clicked that OAuth is fragmented as hell. Every site picks different providers, devs integrate each one separately with different APIs and callbacks, users need accounts everywhere.
What UHP is: Basically "what if OAuth was federated like email?" One protocol, anyone can run an instance, uses XMSS signatures (quantum-resistant). Works for regular Web2 sites AND Web3 dApps - think Netflix, Reddit, Medium using the same OAuth as crypto wallets and blockchain apps. Standard OAuth 2.0 flow, just federated like email servers (SMTP).
Full disclosure - I literally just discovered OpenPass exists yesterday. There's overlap for sure. I'm not trying to reinvent the wheel here, just solving a problem that's been annoying me.
Questions I have:
- Is federated OAuth even the right approach or am I overengineering?
- Quantum resistance - too early? I know NIST talks about "harvest now decrypt later" but maybe that doesn't matter for OAuth tokens
- What obvious security issues am I missing?
(There's a JOURNEY.md that explains the full backstory - basically trying to create my own opportunity since breaking into Web3 security as a self-taught person is tough)
Tear it apart. Better to find problems now than 6 months from now.
SirSHAmun5on12•12h ago
I go by SirSHAmun5on12 online. Around 2018 I built a high-powered PC and tried mining Bitcoin - that turned out to be more of a joke/learning experience than anything profitable, but it got me hooked. Led me down this whole path of hardware, then software development, cryptography, blockchain.
I'm one of those people always trying to spot what's coming before it hits mainstream - you know, find Bitcoin before it was Bitcoin. Recently got into QRL and ZKSync because I think quantum resistance and zero-knowledge tech are the next curves everyone's going to care about but most people aren't paying attention to yet. Now I'm working through Cyfrin Updraft courses trying to break into Web3 security auditing.
Why I built this: I was working on a project and needed OAuth. Added Google - fine. User asked for GitHub. Then someone wanted Apple. Then Microsoft. It clicked that OAuth is fragmented as hell. Every site picks different providers, devs integrate each one separately with different APIs and callbacks, users need accounts everywhere.
What UHP is: Basically "what if OAuth was federated like email?" One protocol, anyone can run an instance, uses XMSS signatures (quantum-resistant). Works for regular Web2 sites AND Web3 dApps - think Netflix, Reddit, Medium using the same OAuth as crypto wallets and blockchain apps. Standard OAuth 2.0 flow, just federated like email servers (SMTP).
Full disclosure - I literally just discovered OpenPass exists yesterday. There's overlap for sure. I'm not trying to reinvent the wheel here, just solving a problem that's been annoying me.
Questions I have: - Is federated OAuth even the right approach or am I overengineering? - Quantum resistance - too early? I know NIST talks about "harvest now decrypt later" but maybe that doesn't matter for OAuth tokens - What obvious security issues am I missing?
GitHub: https://github.com/RealHaywoodJ/uhp-protocol
(There's a JOURNEY.md that explains the full backstory - basically trying to create my own opportunity since breaking into Web3 security as a self-taught person is tough)
Tear it apart. Better to find problems now than 6 months from now.