Tuesday, June 06, 2006
The graphical passwords
computers
The alpha-numeric passwords, those we use every day, have this big disadvantage: the more difficult they are to hack, the more difficult they are to remember.
And vice versa.
There are tools to make it possible to hack a system, by testing a whole list of traditional words. There will be a user typing one of these words.
Hop, trouble.
There is also the “shoulder surfing”, which consists in looking over the shoulder of the user while he types with the keyboard. Even more effective.
To face these problems, people imagine solutions, for example the graphical passwords. There are several alternatives, we introduce the most widespread.
Let's skip the theorical and combinative part of the problem, that you can find anyway on this website. To summarize, the challenge is : a entity B (the user) proves to the entity A (the system) that B knows a secret shared by A and B. And this proof should be delivered without the secret not being revealed to any other party observing the operation.
On the website of university Rutgers-Camden (New-Jersey), you can download a tool which implements the management of graphical passwords. Here is how it works :
To define your password, the software proposes about hundred icons. You pick up minimum 3 (can be more) and you memorize them. That's it.
When entering your password, the software displays a wall of icons, like the picture here above. With the warranty that at least 3 of your icons are in the wall. Your job is to click on any icon inside the "convex hull", the triangle designated by your icons. To increase the security, the operation should be repeated 3 times or more (you decide). Each time, the icon wall is different.
The result : a few icons to remember, and nobody understands what happens, even looking clearly at the operation.
If there are 100 on 8 pages, with 8 icons by convex hull, there would be 10,000,000,000,000,000 combinations that the hacker should test. If we estimate 0.1 second for each screen (!!), it would take several million years to test them all.
A good margin, finally.
Surely a good alternative to the technology InfoCard that Microsoft wants to impose via Windows Vista.
for those who do not know :
- Convex Hull is, in mathematics, for a set of points X in a real vector space V is the minimal convex set containing X. (Note that X may be the union of any set of objects made of points). More on wikipedia.
And vice versa.
There are tools to make it possible to hack a system, by testing a whole list of traditional words. There will be a user typing one of these words.
Hop, trouble.
There is also the “shoulder surfing”, which consists in looking over the shoulder of the user while he types with the keyboard. Even more effective.
To face these problems, people imagine solutions, for example the graphical passwords. There are several alternatives, we introduce the most widespread.
Let's skip the theorical and combinative part of the problem, that you can find anyway on this website. To summarize, the challenge is : a entity B (the user) proves to the entity A (the system) that B knows a secret shared by A and B. And this proof should be delivered without the secret not being revealed to any other party observing the operation.
On the website of university Rutgers-Camden (New-Jersey), you can download a tool which implements the management of graphical passwords. Here is how it works :
To define your password, the software proposes about hundred icons. You pick up minimum 3 (can be more) and you memorize them. That's it.
When entering your password, the software displays a wall of icons, like the picture here above. With the warranty that at least 3 of your icons are in the wall. Your job is to click on any icon inside the "convex hull", the triangle designated by your icons. To increase the security, the operation should be repeated 3 times or more (you decide). Each time, the icon wall is different.
The result : a few icons to remember, and nobody understands what happens, even looking clearly at the operation.
If there are 100 on 8 pages, with 8 icons by convex hull, there would be 10,000,000,000,000,000 combinations that the hacker should test. If we estimate 0.1 second for each screen (!!), it would take several million years to test them all.
A good margin, finally.
Surely a good alternative to the technology InfoCard that Microsoft wants to impose via Windows Vista.
for those who do not know :
- Convex Hull is, in mathematics, for a set of points X in a real vector space V is the minimal convex set containing X. (Note that X may be the union of any set of objects made of points). More on wikipedia.
Labels: computers
archives >> April - March - February - January -December - November - October - September - August - July - June - May
Powered by Stuff-a-Blog
une page au hasard