π SelfRecover β open source protocol for password recovery without email I designed and released SelfRecover under AGPL-3.0-or-later in April 2026, two weeks before the French ID agency (ANTS) breach exposed ~12M citizen accounts via an IDOR.
-
SelfRecover β open source protocol for password recovery without email
I designed and released SelfRecover under AGPL-3.0-or-later in April 2026, two weeks before the French ID agency (ANTS) breach exposed ~12M citizen accounts via an IDOR. The case for email-less recovery
suddenly got very tangible.
How it works (one line):
The browser computes HMAC-SHA256(secret, current_domain). The server only stores Argon2id hashes of derived values. The raw secret never leaves the user's browser, and a captured secret on site A is useless on
site B (anti-phishing by construction).
Two adoption modes:
βΈ Full: zero email at all. Diceware passphrase (EFF wordlist 7,776 words) + HMAC-per-domain.
βΈ Lite: keeps existing SMTP reset link, but adds a user-memorized word HMAC-derived client-side. So an intercepted reset email is no longer enough to compromise an account. Compatible with legacy stacks.
Honest threat model β explicitly out of scope: client compromise (keyloggers, info-stealers), browser exploits, physical coercion, theoretical cryptanalysis of SHA-256 / Argon2id. The protocol assumes a
trusted endpoint. For higher-assurance contexts, Tails / Qubes is the right answer.
Self-host in 30 seconds:
docker run -p 8080:8080 ghcr.io/pierroons/selfrecover:v0.1.1
(Image multi-arch amd64 + arm64, AGPL labels embedded)
GPG-signed tag v0.1.1, release dated 2026-05-05.
Live demos (no signup, ephemeral data):
- Full mode: https://bi-self.my-self.fr/selfrecover/
- Lite mode: https://bi-self.my-self.fr/selfrecover/lite.html
- Side-by-side comparison (8 adversary classes Γ 3 models): https://bi-self.my-self.fr/selfrecover/comparison.html
Whitepaper EN: https://github.com/Pierroons/my-self/blob/main/bi-self/selfrecover/docs/whitepaper-en.md
Whitepaper FR: https://github.com/Pierroons/my-self/blob/main/bi-self/selfrecover/docs/whitepaper-fr.md
Repo: https://github.com/Pierroons/my-self/tree/main/bi-self/selfrecover
The protocol is the first brick of a broader self-hosted ecosystem (MySelf β https://my-self.fr) that includes SelfModerate (community governance), SelfJustice / SelfAct (legal access), SelfFarm-Lite
(agricultural management), and SelfDataGuard (data-at-rest protection β coming soon).
Feedback especially welcome from people who have integrated similar split-knowledge schemes, and from anyone running auth flows in self-hosted setups. AGPL-3.0-or-later, no NDA, no commercial agenda β just an
open protocol that I hope is useful.
#opensource #infosec #AGPL #privacy #selfhosted #cryptography #authentication #zerotrust -
SelfRecover β open source protocol for password recovery without email
I designed and released SelfRecover under AGPL-3.0-or-later in April 2026, two weeks before the French ID agency (ANTS) breach exposed ~12M citizen accounts via an IDOR. The case for email-less recovery
suddenly got very tangible.
How it works (one line):
The browser computes HMAC-SHA256(secret, current_domain). The server only stores Argon2id hashes of derived values. The raw secret never leaves the user's browser, and a captured secret on site A is useless on
site B (anti-phishing by construction).
Two adoption modes:
βΈ Full: zero email at all. Diceware passphrase (EFF wordlist 7,776 words) + HMAC-per-domain.
βΈ Lite: keeps existing SMTP reset link, but adds a user-memorized word HMAC-derived client-side. So an intercepted reset email is no longer enough to compromise an account. Compatible with legacy stacks.
Honest threat model β explicitly out of scope: client compromise (keyloggers, info-stealers), browser exploits, physical coercion, theoretical cryptanalysis of SHA-256 / Argon2id. The protocol assumes a
trusted endpoint. For higher-assurance contexts, Tails / Qubes is the right answer.
Self-host in 30 seconds:
docker run -p 8080:8080 ghcr.io/pierroons/selfrecover:v0.1.1
(Image multi-arch amd64 + arm64, AGPL labels embedded)
GPG-signed tag v0.1.1, release dated 2026-05-05.
Live demos (no signup, ephemeral data):
- Full mode: https://bi-self.my-self.fr/selfrecover/
- Lite mode: https://bi-self.my-self.fr/selfrecover/lite.html
- Side-by-side comparison (8 adversary classes Γ 3 models): https://bi-self.my-self.fr/selfrecover/comparison.html
Whitepaper EN: https://github.com/Pierroons/my-self/blob/main/bi-self/selfrecover/docs/whitepaper-en.md
Whitepaper FR: https://github.com/Pierroons/my-self/blob/main/bi-self/selfrecover/docs/whitepaper-fr.md
Repo: https://github.com/Pierroons/my-self/tree/main/bi-self/selfrecover
The protocol is the first brick of a broader self-hosted ecosystem (MySelf β https://my-self.fr) that includes SelfModerate (community governance), SelfJustice / SelfAct (legal access), SelfFarm-Lite
(agricultural management), and SelfDataGuard (data-at-rest protection β coming soon).
Feedback especially welcome from people who have integrated similar split-knowledge schemes, and from anyone running auth flows in self-hosted setups. AGPL-3.0-or-later, no NDA, no commercial agenda β just an
open protocol that I hope is useful.
#opensource #infosec #AGPL #privacy #selfhosted #cryptography #authentication #zerotrust
Update β the "coming soon" SelfDataGuard mentioned at the bottom of this thread is now released as v0.1.0-beta.
Per-user envelope encryption that survives DB exfiltration. Same memorized secret unlocks both modules, mathematically isolated via HMAC contexts.
Live demo: https://dataguard.my-self.fr
Release: https://github.com/Pierroons/my-self/releases/tag/selfdataguard-v0.1.0-beta
#SelfDataGuard #InfoSec #Cryptography -
R relay@relay.infosec.exchange shared this topic
