FactorThree

Because most breeches don't start with hacking; they start with a door.

Comment

FactorThree: A Three-Layer Authentication System Powered by Images, Entropy, and Solana

FactorThree was inspired by Cloudflare’s iconic lava-lamp entropy wall — a physical randomness generator used to secure the internet. We wondered what would happen if we took that idea out of the data center and made it actually usable for physical spaces, where most real breaches happen. Cloudflare protects global TLS keys, but doors remain one of the weakest links in security. PIN pads can be shoulder-surfed, biometrics can't be revoked, and access codes get leaked or reused.

So we built FactorThree, a room-protection authentication system powered by image-as-password identity, camera-generated physical entropy, and decentralized verification on Solana. Instead of trying to stop hackers on a network, we target the place where breaches really begin — the moment a person tries to open a door.

Here we blend:

• An image chosen by the user

• Real-world randomness from a live camera feed

• A dynamic PIN challenge on a keypad interface

• And to ensure authentication events can’t be tampered with or hidden, we log them on Solana Devnet.

🔐 What FactorThree Does

FactorThree introduces a new security model:

your image + physical entropy + on-chain verification.

🔸 1. Image-as-Password (Factor One)

Users register by choosing any image from their device — this becomes their authentication secret.

We transform the image into a SHA-256 image hash, creating a fingerprint that represents the image without ever storing or uploading the picture.

🔸 2. Lava-Lamp Entropy → One-Time PIN (Factor Two)

During authentication, the app uses the live camera feed (pointed at a chaotic object like a lava lamp, glitter jar, etc.) to extract true physical randomness.

We sample pixel noise → feed it into a cryptographically secure RNG → generate a 4-digit one-time PIN.

This PIN is unpredictable and completely unique to the moment.

🔸 3. Keypad “Door” UI (Factor Three)

Users enter the generated PIN through our custom keypad interface, which simulates a secure physical door.

Every time a button is pressed, the system:

• regenerates a new entropy-based PIN

• recomputes image fingerprints

• verifies the user-submitted image-password

A login attempt only succeeds if:

• The same secret image is provided

• The entropy-generated PIN is correct

• The fingerprints match the on-chain registration proof

🔗 How We Use Solana

Solana is not a gimmick in FactorThree — it is our evidence layer.

Every registration and login attempt is written to Solana Devnet as a tamper-proof proof record.

✔️ What we store on-chain:

We send a Memo-program transaction containing:

{ imageHash, embeddingHash, entropyHash, timestamp, wallet, eventType: "REGISTER" | "LOGIN", result: "SUCCESS" | "FAILURE" }

✔️ Why Solana is essential

• Immutable audit trail for every authentication attempt

• High throughput → real-time logging

• Near-zero fees → perfect for security systems

• No central admin can alter logs

• Users own their identity through their wallet

• Solana becomes the trust layer for the entire system.

• This is not “we put something on-chain just because.”

FactorThree uses Solana exactly as intended:

• decentralized evidence

• verifiable identity proofs

• real-world logging

• high-performance, low-cost transactions

It turns authentication into a cryptographically verifiable event.

🛠 How We Built It

Frontend

• Next.js

• Custom keypad UI (our virtual secure door)

• Image upload “password selector”

• Live camera feed for entropy extraction

• Real-time RNG and PIN generation

• Display of Solana transaction hashes + verification results

Backend

• Node.js

• SHA-256 image hashing

• Watermark-based signature generation

• Entropy sampling + CSPRNG PIN generator

• Solana Devnet integration using @solana/web3.js

🚧 Challenges We Ran Into

• Devnet faucet rate limiting made testing transactions difficult

• Ensuring image proofs remain private while enabling verification

• Making entropy stable enough for hashing but unpredictable enough for security

• Creating a clean UX around a 3-factor system

• Keeping the Next.js dev environment from slowing down

🏆 Accomplishments

• Built a completely new authentication paradigm using three independent factors

• Successfully logged immutable authentication receipts on Solana

• Designed a clean UI keypad that simulates physical access control

• Built a real entropy pipeline using the camera feed

• Achieved fully private image-password verification with no image storage

📚 What We Learned

• How to integrate Solana transactions using the Memo program

• How embeddings can be used for cryptographic similarity checks

• How to extract real-world entropy from video frames

• How multi-factor authentication can be redesigned using AI and decentralized systems

🚀 What’s Next

• Add real hardware (ESP32/Raspberry Pi keypad)

• Add multi-image password sequences

• Develop a Solana program to automatically verify attempts

• Build a mobile version with offline authentication + later on-chain sync

• Use more advanced entropy sources for stronger randomness

Built With

Share this project:

Updates