@lamingtons is on PowPing!

PowPing is a place where you can earn Bitcoin simply by socializing, for FREE.
Never tried Bitcoin? It's OK! Just come, socialize, and earn Bitcoin.
Check out lamingtons's activities

Team PowPing

visit channel home
Total Economy: 0 USD
hi, i have a question about how the login works. so from what i can tell, i use money button to sign something and pow ping would check the signature. but lets say that i run a website that generates money buttons. could i use a money button on my website to have someone else sign the powping login data, then use that to login as them? is there anything prevents that? trying to understand how all this works
I think when powping launched someone did hack it and posted from another users account using the exact technique you described. I think the same authentication string was being signed by all users so was easy to do. I think now the auth challenge does include a timestamp and/or some other random data. I dont know the details though.
Good question. It likes using the same password for all sites.
Maybe the server of powping will generate some random data with timestamp that only to be used in one login.