Is Battery-Free 2-Factor ID Secure? 180
An anonymous reader writes "There was a television program in Australia last week about Matthew Walker's visual battery-less two-factor authentication system called PassWindow. Essentially, you hold the clear plastic window up to the apparently random pattern on the screen of your computer, revealing a one-time PIN to type in for authentication. The plastic window has many advantages: difficult to copy or view over the shoulder, etc. Because there is no electronics, chip or battery, the PassWindow is extremely cheap to manufacture, giving it a big advantage over other two-factor authentication systems. However, I don't know about the security of the system. The apparently random pattern of lines in the PassWindow is analogous to a one-time pad, using a different subset of the one-time pad every time a PIN is needed. Is this a useful level of security for logging in to a bank account?"
Simpsons trading cards (Score:3, Interesting)
Chaum-like (Score:5, Insightful)
This is sort of like one of Chaum's voting system reciepts. those are provably secure for single use.
however having watched the video, it's obvious this one is weakly secure for a single use and rapidly insecure for multiple uses.
given a series of challenges one should be able to apply a process of elimination to determine the missing elements.
the alternative would seem to be to choose the challenge from a restricted pallet of challenges that assures some ambiguity. in this case intercepting a bunch of challenges will simply reduce the number of possible choices.
for example, if the ambiguity could be maintained at 3 choices per digit then 7 digits provides 2187 possiblilites.
that's actually not hideous. it's comparable to a bicycle lock. thus the key to making that low number useful is to prevent someone from rapidly trying the challenges exhaustively.
e.g. if you are only allowed 2 challenges per 30 minutes, or more deviously, if the challenger denies access with say 10% probability even when you type in the right pass code.
this will make such 2- factor while not government grade probably not worth the attackers time.
Re: (Score:2)
Watching the video a few times now I see that they are doing some sort of multiplexing on the patterns so that digits can fall either on odd or even place boundaries. (i.e so that a given column of segments might be the left column of a gigit or the right column). I'm not quite sure what that does to the odds but I'd assume they do this because it makes it harder to crack.
Re: (Score:2)
Re: (Score:3, Informative)
The whole point of this is *2* Factor authentication. You use this as well as a password (something you have, something you know). Stealing one or the other is useless. Key loggers are useless because you need to physically have the device or a copy of it to make the system work.
Really this is a stab at an inexpensive version of something like an RSA Card which uses a cryptographically secure RNG that is synced to a master server when it is initialized. The numbers it generates every 60 seconds are only goo
1.2-factor authentication - a win, mostly (Score:2)
Banks could mail these out by the millions. Cheaply. A win, mostly.
I'll call it 1.2-factor authentication. The user still has to be in possession of this gizmo, and it's fairly easy to crack, but it's better than a plain old password.
I worked at a large bank that mailed out RSA fobs by the thousands. Effective, but expensive as hell. About 10 people full time just to mail out the things and deal with dead ones, and when you get a batch they all preset to fail on the same date, thousands of them.
Re: (Score:2)
PIN (Score:2)
Re: (Score:2)
And after a few uses sniffing data and response it should be possible to re-create the mask reasonably.
Re: (Score:2)
I remember some computer game (C64?)a couple of decades ago, which used a similar thingie as copy protection.
Think I'll pass (Score:2, Insightful)
Let's see. Worst case scenario, you set up a camera that does about 30fps, with rotating filters in front, and use OCR to look for text in each frame. 30 passwords per second is a lot faster than 1 password + delay, 2 password + longer delay, 3 password + get account re-enabled.
Aside from that brute force method, I suspect the system is pretty vulnerable to more sophisticated attacks, like quickly narrowing down what window people have by analysing the more obvious features (number of lines, angle of line
Er, WTF? (Score:3, Insightful)
So you are worried about crackers breaking into your house and setting up spy cams to steal your banking password?
If they have already broken into your house why would they bother with that? Why not just steal your statements?
Or just use the spy cams to record all your online activity?
Talk about paranoid. This is a pointless argument against the system that holds no merit at all.
Re: (Score:2)
No, I'm worried that the planet will be overrunby self-assured neanderthals who can't think of a situation other than home banking in which an authentication system might be used.
If you can't make use of controlled paranoia, you've no business discussing security issues.
Re:Er, WTF? (Score:4, Insightful)
No, I'm worried that the planet will be overrunby self-assured neanderthals who can't think of a situation other than home banking in which an authentication system might be used.
Even neanderthals know that regardless of the application, if someone has acquired physical access to your home you're pretty much fucked.
If you can't make use of controlled paranoia, you've no business discussing security issues.
Great, let's control this paranoia with some rational assessment. So, we've got a plastic window that acts as a filter on random data. How does this compare to a typical 2-factor solution, the RSA SecurID? An attacker needs both the random data and the window pattern to get the true passcode. We can assume they can snoop the random data, so then if they can see the window (somehow) they can crack it, but if they can see a plastic window it's not too much of a stretch to them being able to see your dongle's display. RSA has an advantage here, but not one a paranoid person would be moved by.
Now perhaps the attacker can reverse-engineer the pattern by tricking them into visiting a phishing site and see what tokens they enter for a given piece of random data. Without doing the math, it seems like it would take a small-ish number of tries to deduce the pattern (since we're only talking about seven segment digits here), but probably more than a normal user would expect to be able to try without being locked out of the system. If they do discover the window, then they have broken the scheme completely. Compare to SecurID, where it would be intractable to figure out the random seed based solely on the tokens generated. On the other hand, in both cases it only takes entering in a password/token combo into a phishing site once and the attacker then has a valid password for as long as that code is valid -- ~30s on a SecurID, more than long enough to gain access to the protected system.
Thus the plastic window method is more likely to result in giving an attacker long-term access, but only in situations where a SecurID would likely have given an attacker access at least once. While certainly there are cases where the former is worse, in general having an attacker gain entry even once is unacceptable.
So while it's not a direct 1:1 replacement for SecurID, it isn't all that much worse, and much better than 1-factor authentication. As a low-cost way of adding additional security this is a pretty damn good invention. There are many applications where this will be more than good enough. Home banking being one, yes. For, say, the FBI agent logging into work it may not be, but they can keep their SecurID or whatever they use, if they decide there's a point.
Re: (Score:2)
[citation needed] ;)
Re: (Score:2)
You pretty much made my case for me here.
Your case was some nonsense about an attacker setting up a webcam, a physical-access scenario under which essentially any authentication method would be compromised. :)
Granted, but phishing is an entirely different thing --- more of a social attack that most technologies are susceptible too, than a cryptographic attack. It can and should be separately dealt with through user education, antivirus, proxies, etc.
It's also by far the more dangerous vulnerability, and it
Re: (Score:2)
Re: (Score:2)
Nothing much. It was related to the quoted text directly above it, not to my post above that.
Re: (Score:2)
I found them on a sheet of paper under his mattress when changing his bedding. I guess I should be a bit more worried now that he is older and has taken a liking to the various "spy gear" toys on the
Re: (Score:2)
Nope, because the nature of it's quasi-one time pad means that you can generate hundreds of false positives, it's easy to get a result but the value, however, is only in the correct result.
You're trying to determine the contents of the PAD, the image is given to you for free. Once you have the PAD you can login at will.
But you can generate hundreds of PADs from an image, even from an image and the number you're looking for. It's only when there are 2 or more number/image pairs that you can start to guess. S
Re: (Score:2)
That's much better, but since the viewing window is a constant, the false positives only add another stage to the process, with a few hundred possible answers to check. Every time you try a password and it doesn't work, you eliminate one of those possible answers. Wouldn't take long to work through them all.
Re: (Score:2)
Re: (Score:2)
What if there were false positives? Let's say out of the possible combinations 25% are not used as valid passcodes but instead are used as a honeypot for would be crackers? Vary the 25% unused permutations across the accounts using the system but keep the same passcode pattern for 24 hours per account.
Another obstacle is that a typical online account requires an additional data point - username. If an email address is used then that point is rendered somewhat irrelevant but can be used in combination with a
Prior Art (Score:5, Insightful)
Re: (Score:2)
Nooo! You just brought back the memories of OCP Art Studio on the speccy that I'd somehow managed to block!
Thankfully my parents took pity on me and bought me a copy of The Artist II on floppy (+3 baby!) which made my mouse adaptor birthday present actually useful!
Re: (Score:2)
No (Score:2)
the PassWindow is extremely cheap to manufacture, giving it a big advantage over other two-factor authentication systems.
Re: (Score:2)
Oh, and to the submitter, PIN number really?
Re: (Score:2)
Bank answering a phone call:
Good morning, Best Banking, how can I help you ?
Customer:
Huh, I seem to have forgotten my personal PIN number id...
One major problem: monitor resolution (Score:5, Insightful)
A lot of these sorts of schemes assume some sort of fixed pixel size such as 96 dpi, a fantasy that hasn't been true since, well, ages. Some LED screens have up to 150 dpi resolution, others as low as 72dpi. If the scale is wrong, then the pixels won't line up and the decoder is then useless.
Now, I admit it's possible that the creator of this scheme might have solved this, but I doubt it. A colour filter like those games whose clues are read through a red plastic foil viewer would be far too easy to crack, for example.
I can't escape the impression that this is just security theatre and not serious security after all.
Re: (Score:3, Interesting)
The image is displayed via browser and the sizing can be corrected at render time. It might not look pretty depending on the scale technique, but it can be done.
It still doesn't make it worthless. A one time factor like this has only so many combinations.
It's like solving the cypher problems in the newspaper. It really won't take that many iterations before you can correctly guess the pass card values.
Easily Rectified (Score:4, Interesting)
This is easily rectified in any software by compensating for the DPI by scaling up or down the image.
Heck you can do this in CSS:
IMG.passwordWindow { width: 2in, height: 1in }
This image is going to be scaled to be the exact same size on the screen in any web browser.
Also, this has nothing to do with color filters.
I swear to god every poster on this thread so far has not gone to the website: http://www.passwindow.com/ [passwindow.com]
This is actually a very novel idea that has been thought out thoroughly.
Re:Easily Rectified (Score:4, Informative)
This image is going to be scaled to be the exact same size on the screen in any web browser.
Only in your dreams. Lots of people lie to their OS about their monitor DPI, because said OS is deficient.
Re: (Score:2)
I have seen many computers set up with the wrong DPI for the monitor.
Re: (Score:3, Insightful)
This image [resized using point, inch, or other physically-based CSS units] is going to be scaled to be the exact same size on the screen in any web browser.
Unless the operating system's DPI setting doesn't match the physical dimensions of the monitor. A lot of people have never taken a ruler to their monitors, and some poorly-written yet business-critical applications for Windows tend to barf at any DPI setting other than 96.
Re: (Score:2)
You do not need to take a ruler to the screen. You query the monitor using DPMS, and then compare that to a database that has your screen size in it.
It's called GetDeviceCaps (Score:2)
I don't think any modern version of Windows will let you do direct hardware access without using a driver. Sure, you could do it with Windows 9x, but NT won't let you.
That's why a window system is supposed to provide an API to query each screen on the display server. Google says [google.com] the appropriate function in Windows is called GetDeviceCaps [microsoft.com]. But is the HORZSIZE guaranteed to be accurate, even if the end user has logged in remotely or tweaked the "horizontal size" and "vertical size" knobs of a monitor?
Re: (Score:3, Insightful)
You must not do a lot of CSS coding, or deal with multiple monitors. One centimetre on one screen is not the same on another. The usage of Pica, inches, millimetres and so on is only really recommended for print use. When used with screen resolutions, they are calculated into pixels based on the browser's preferences (often only switchable between 72dpi and 96dpi).
Even on prepress monitors, I have yet to see a monitor where a centimetre on the screen is equal to a centimetre on a ruler held to the screen.
Re: (Score:2)
The problem with the code is evident from the example on the screen: the card's marks in the first field can be combined against a field to produce a 0, 2, 6 or 8 flawlessly. It can also do (as one of the examples shows) a 7 with acceptable "noise". 1, 3, 4, 5 and 9 are impossible. So by a large enough data set of partial signs, you
Re: (Score:2)
Not *every* poster ;)
The video wasn't bad.. And I agree it could be made to work, and I don't think it's as insecure as others mention, camera wouldn't work but a photo of the card would allow you to very easily work it out (it has location marks).
What most don't seem to realise is that not all of the pass key is used every time and the image fakes some chars too.
Having said that it's not a one time pad... By it's very definition you use it more than once..
The more you use it, the less valuable it is.. Whic
Re: (Score:2)
CONGRATULATIONS! You're the only poster so far who seems to have watched the video. The "garbage" chars are the key here.
The image can be resized on screen. (Score:2)
The little blue "resize" arrow clearly visible in the video says you're wrong. I'm guessing you line up the top-left arrows then drag the arrow until the bottom-right arrows overlap.
Even the old Sinclair/Times Spectrum "lenslok" protection had a resize function. Duh!
Re: (Score:2)
I don't think it would be too difficult to deal with. On the card, in addition to the digits, you would also have 2 reference point. Have the user place the card on the screen and then click on the 2 reference points. By knowing the distance, you could then generate the image in the correct resolution. That could either be done through a java or flash app, or it could be done using an imagemap type of method to gather the coordinates (no javascript needed) and then rescale the image server-side. Yeah, it's
Re: (Score:2)
Re: (Score:2)
That's a problem only when the image on the screen is smaller than the one on the card. For larger on-screen images, holding the card a bit further from the monitor surface should do the trick.
Re: (Score:2)
There is a mixture here of various security levels. At the most secure level this type of technology could create your token has random segments of say 12 7-segment display style digits. When you go to the site, on the logon page a random set of segments of 12 7-segment display style digits. Please note that this random pattern would be changed on every attempt, and is is fully independent of which user is logging in.
The user overlays his or her card. The combination of the two sets of random segments will
Re: (Score:2)
Sounds pretty weak to me (Score:2)
meh (Score:5, Informative)
From what I saw, this system might be able to protect you from a single compromisation of your security. This would depend on a few factors, though. Given you can see both the pattern and the code, from a single session you could make some assumptions about what the code would be with a different pattern. It might take a few tries to generate the correct code. If the attacker can partially log in multiple times without being locked out, he may be able to choose a pattern that has fewer possible permutations for the code.
There's also a potential problem in that, if an attack is made on an account and the account is locked out, the card would have to be replaced. Otherwise, if the account is re-enabled without replacing the card, the attacker would be able to continue to make attempts to log in. I suppose you could also alert the customer to change their password due to a security breach.
I don't think this will protect very well against a customer's own system being compromised, with an attacker being able to monitor multiple log-ons. There are simply too few possible permutations in those 7-segment displays.
I'd also like to mention there's a potential problem if the monitor's resolution is too high. If, for instance, the user wants to log on via a netbook, the code displayed may be too small to match up with the code on the card, making logging in impossible.
Re: (Score:2)
It seems this system is designed to protect the customer from having the security numbers skimmed off the card. For instance, when you're at a restaurant in the US the waiter often has possession of the card for more than enough time to skim all the information needed for fraud. They could take a picture of the card, and reproduce the digits on transparency film. The goal is to make is much hard for people to discreetly copy the information.
I think that's a interesting system, BUT, the better solution is
No, it is not (Score:2)
Mostly because your "key" is static and only offers a very limited amount of possible configurations (WAY less than the average 2048 bit key, think more along the lines of an 8 bit key). It's trivial to have software calculate all the possibilities (all you need is one or maybe two arbitrary keys, "lenses", to figure out the process), adjust the picture to match what you'd "see", then throw it at OCR software and you'll end up with very few reasonable ("legible") configurations.
After a few, maybe even after
It's better than nothing.... (Score:2, Informative)
It's better than nothing.
The trick is that yes, it does leak information- each time you use it, an eavesdropper gets a little more information, perhaps enough to "get in". Or perhaps not.
On the other hand, the server end knows what cells may or may not have been compromised and can optimize around that.
The beauty of such grilles (and they have been known for centuries) is that they are _cheap_ and it's not unreasonable for the server end to predict when a grille's private information has been used up and s
short answer: no (Score:3, Informative)
Re: (Score:2)
There isn't any security tool in the world that adequately protects against interception by a keylogger or any other tool that can read the "cleartext", the way you describe here. So knocking it for risk due to interception the way you describe is a bit of a strawman argument.
There are several factors in this tool that give it bigger security than you describe:
1) If the entire transaction is handled in SSL, they have to crack a layer of encryption just to be able to see the challenge pattern and response co
Password in clear-text (Score:2)
The system is no better than having a normal credit card CVV.
The LCD-like half-images are the secret. Take a photo of that and you're totally compromised.
The battery systems (like RSA SecurID) are better because they protect the secret inside the deviceand only give a derived value every 60 seconds.
Nice try however.
Re: (Score:3, Informative)
It's like having a few dozen CVVs. If you snoop one of the CVVs on the card it won't help you when the server asks you for a different one.
If you can snoop a few dozen transactions you can crack it, sure, hut if you're in a position to do that the other person is basically screwed anyway.
Re: (Score:2)
SecureID has been cracked for years now.
Totally crackable (Score:2)
This idea is completely crackable and you don't have to be a psychic genius here folks.
You take the image, and run a digital filter on the image -- creating thousands of new "images" which emulate the possibilities for the plastic window.
You then interpret the results (A simple OCR of the resulting images should do), and you try those passwords.
Yes, it's brute force -- but it's no safer than a non-image password.
By the way, my E*Trade RSA digital passkey is a great system of 3 point password protection. Wh
Re: (Score:3, Interesting)
I use a similar system when offered by vendors. Blizzard has a keyfob, same with PayPal and eBay. Both of which are not technically SecurID, but OEM-ed VASCO tokens. My OpenID account on one site uses this keyfob as well.
What I wish for is someone to make a standard among the keyfobs, so regardless if someone has a SecurID card, a DigiPass Go, or a program that runs on a smartphone, they would be interchangable. Mainly so I don't need multiple keyfobs to authenticate to multiple sites, and it would be n
Re: (Score:2)
Because they cost a significant amount of money.
The idea behind this system is that it's cheap, so it could be combined with something akin to a username and password for a significant boost in security.
Security for the masses (Score:4, Insightful)
Most of the comments here are aimed at high-security applications where the assumption is that there are people looking to crack the security and will do whatever it takes to do so. This invention isn't targeted at that application however. You've missed the point.
This security is like a standard car door lock or home door lock. It won't prevent someone from breaking in but it will deter them enough to make it a less attractive. This certainly shouldn't be used to protect your bank account but it could be used the authenticate you on a variety of websites that do not hold any sensitive information (you'd still need your CC number to make a purchase) or as a guest key to get access to a wireless connection at a cafe.
As a light security measure this is a fairly good option... just like a key/lock as described in the video.
The big point is that a criminal would have to work fairly hard to get access to an account, without knowing if the amount of work involved will be rewarded and this amount of work would have to be repeated for each account.
Re: (Score:2)
Security for the masses? As in, say, online banking? EBay? Amazon purchases? Paypal?
There is no "light" security this could use. What needs "light" security? A board where you want to make sure the spammers are kept out? UID/Pass works fine here. The incentive to hack it isn't high enough to warrant a trojan attack (or anything similar aimed at keylogging). What's to gain? An account on a /. So you can post a few penis enlargement ads with a 4 digit ID or one with excellent karma. Erh... yes, that's super (
Re: (Score:2)
While I agree with you, the website seems to be attempting to market this authentication mechanism directly to banks and other areas that handle "sensitive" information.
I am not a security analyst, but the fact that this seems very guessable and that it's used for Internet security makes me very wary of replacing this with a PIN and passphrase.
Cost-shifting for the masses. (Score:2)
You're quite right, and this is good for the bank. Criminals will target other banks first.
The question is, I suppose, what are the compromise rates and costs? If the bank has 100,000 customers holding up a plastic card to their screen each several times a week and they're stopping 6 account compromises a year, they're really just doing massive cost-shifting to their customers. The customers may in fact be better served by a six basis point shift to the banks' favor on their accounts.
Tuning those three k
Re: (Score:2)
Excellent point, and one that is commonly missed. People everywhere tend to see security as a boolean value, and if it's in any possible to foil the system, then it's "not secure".
But I can go to the local $1 store and pick up a crappy hammer that will penetrate their "secure" home in a matter of seconds. Every system has weaknesses that can be exploited, given enough time and/or resources. Security doesn't have to be perfect. It just has to be good enough that it's too expensive/difficult for bad guys to b
My microwave is Passwindow protected. (Score:2)
When I moved into my new house, the digital readout on my microwave oven got bumped around, and 2/3 of the LED segments stopped working.
Basically, my microwave's clock is now a PassWindow system for which I don't have the cool transparent keycard.
But since I know what I'm looking at is numbers, it didn't take me long to figure out which LED segments were dead, and now I can read the display just fine even though it's busted.
The same is true for Passwindow. I bet that with 5-10 instances of ciphertext and t
Re: (Score:3, Insightful)
The same is true for Passwindow. I bet that with 5-10 instances of ciphertext and the knowledge that the cleartext is a numeric code, you could work out the key.
So what? Getting 5 - 10 instances of the ciphertext is a barrier to entry that PassWindow provides. Is it uncrackable? Of course not. But then again, what is?
If you lock the door of your house or your car, you should take PassWindow seriously, because clearly you believe that "trivially breakable security is better than none." If you didn't, yo
Re: (Score:2)
When I moved into my new house, the digital readout on my microwave oven got bumped around, and 2/3 of the LED segments stopped working.
Basically, my microwave's clock is now a PassWindow system for which I don't have the cool transparent keycard.
But since I know what I'm looking at is numbers, it didn't take me long to figure out which LED segments were dead, and now I can read the display just fine even though it's busted.
Now imagine that your microwave's LEDs weren't dead, and it was simply lying to you,
WATCH THE VIDEO (Score:3, Insightful)
1. The security card is extremely cheap, looks it, and like all such cheap security measures, easy to crack. It was designed to be built into a MasteCard (at basically less than $1 per card), not built into your top secret government code-key.
2. It is not intended as the kind of super-secret security. It is CHEAP security - like one of those chains you put on your front door. It doesn't keep the mafia out, it keeps the obnoxious delivery boy out.
3. If used properly, it can prevent the kind of fraud it is intended to prevent - when Amazon mistakenly sells a hard drive full of your credit card numbers that the morons forgot to encrypt, they will skip your credit card number because it is NOT worth the trouble to deal with the code, especailly when a bunch of other credit card companies don't use the security.
4. This is a great form of CHEAP security, and if all you want is CHEAP security, then it is well worth it.
Clever idea, but problematic (Score:2)
Re: (Score:2)
It would be more likely that the card company would require all transactions to go through a confirmation page that the card company sets up. Visa already does this [slashdot.org].
As far as the math goes it is pretty simple. You have a secret key "k" and a publicly known function "f". The website sends you a challenge "c" that changes each time. You have to respond with a reply "r" that you compute by applying "f" to "k" and "c" (i.e. "f(k,c)"). This "r" is the "one time password" since it changes each time even thou
OK this is not good. What would be good? (Score:2)
Let us say I willing to put up with some hassle, but I want really good security. What is the best choice? Like I register a cell phone number with the bank. Bank texts a new passcode everytime I want to login to my phone. Would it be secure?
Sounds like an changed version of print (Score:2)
Screen resolution (Score:2)
So what happens if someone uses a screen which uses a different DPI to the one intended by the creator of this device?
Nothing will line up and you won't get any readable output from it unless you resize the image on screen to the appropriate size...
On a system which automatically works out your DPI, this could work... However the majority of systems (windows, osx) don't...
Re: (Score:2)
Which is why the system lets you resize the image with a pull handle.
If widely used, tracking will be simple. (Score:2)
0110010 _ 0011000 0100010 _ 0011001 0010100
2_chr(24) "_â â
OK, so it'
Permuation Enumeration (Score:2, Interesting)
Lets analyze....
5 character code - 0-99999 = 100,000 possible codes.
5 characters with 7 lines each = 35 possible "line" locations. The card in the video has 14 lines. The challenge code on the computer "ALSO" has 14 lines.
This solution simply has the appearance of security. There are MAJOR design flaws.
If one were to analyze the incomplete code from the video you begin to notice that there is an enumeration flaw.
The first character is blank, 0-9. The second character can either be a 0, 6 or 8. The thir
Re: (Score:2)
The video shows a massively simplified prototype.
The real version will have segments from 12 character positions.
The pattern on the screen may contain segments also present on the card.
Overlaying the cards will result in only around 6 valid digits. The remaining positions generate non-valid characters which are ignored.
The result is much more secure. If properly implemented server side, such that the chalenge code is generated before knowing the username, such that the challenge code itself cannot leak any
This is just a CAPTCHA (Score:2)
This is just a CAPTCHA implemented with a secret decoder ring. All is takes to crack is a motivated individual to create an optical simulation to process the image into something that can be OCRed. That final step will be easier that what they have to do today since the text can't be distorted too heavily without the risk of too many failures from legitimate users.
It's stupid (Score:2)
Main problems that sprang to mind - you can copy it.
Somebody sees it, jots down the lines and they've cloned your key - and you're none the wiser.
Secondly, it's just not very secure. Can't be bothered out working the maths, but from merely what's on the screen you can rule out a large number of possible numbers and massively increase the change of brute force.
Simple extension of the idea (if not part of current pitch, I claim it NOW) is that the display should just have a single alignmen
Wrong. It is not translucent. (Score:4, Informative)
Please RTFA and the website. The filter is opaque. THe user is sent gibberish as a password, and it only makses sense if you have the opaque window to create letters and numbers from the gibberish.
It is mot possible to decode without knowing the one time padd. And the one time padd is implemented in the physical world, by the window.
If the authors claims are accurate (that it is possible to create tens of thousands of throwaway passwords per window before they need to be replaced) then this is an ideal authentication method IMO.
Re: (Score:2)
The problem is that the second time you use that window, it's no longer a one-time pad.
Re:Wrong. It is not translucent. (Score:4, Informative)
You're only using a subset of the window at a time. It is a single object which acts as many many one-time pads.
Re: (Score:2)
Do you get a new one when you've used every part of it once?
No, moron. This is not a one-time pad. (Score:2)
The point the GP was trying to make is that a one time pad [wikipedia.org] is not just a normal encryption key that you use once. A one time pad is where you never reuse any part of the encryption key at all even during the same act of encrypting a message. Therefore the one-time pad must be equal in size to the message itself. The reason this is considered unbreakable is because without any re-use of data, there's no crypotgraphic analysis to be done. With a properly random pad, you can use the most brain-damaged encr
Re: (Score:2)
and bam, you're done.
Lol, where's that preview button again?
for(size_t i = 0; i < len; i++) { crypted[i] = plaintext[i] + onetimepad[i];}
Re: (Score:2, Informative)
I wouldn't say that. The "one time pad" is static. If it were truly an OTP, you would either need hundreds of these cards, or at least several that could be combined together in thousands of different ways. and they would have to have lots and lots of different combinations to make it work.
The bottom line is the physical factor is the weak link in the chain. The key-l
Re: (Score:2)
SO a higher security version would just have a longer key-length... duh. How many characters do you want to type in? 8, 12, 24, 56? Most passwords only have to be 6 and can be as many as 8 ;-p
Actually the card could be printed with room for say, 48 characters but you would only use 8 at a time... make it a grid and have the user type in the characters left to right... 1 character per column.
One time, or every time? (Score:2)
Re: (Score:3, Funny)
Nah not ideal at all. It's a hi tek secret decoder ring. The problem with this particular ring is that a copy can be made of it. I would condsider this a huge vulnerability. Other more conventional technologies such as secureid cannot be compromised in this way.
It's not a one-time-pad if you use it twice. (Score:2)
It is mot possible to decode without knowing the one time padd. And the one time padd is implemented in the physical world, by the window.
It's not a one-time-pad if you use it twice.
It's probably better than nothing, but not by much.
Re: (Score:2)
It is mot possible to decode without knowing the one time padd. And the one time padd is implemented in the physical world, by the window.
No, it's not in any way a one-time pad. One-time pad does not mean a passcode that is used for one encryption session. It means a passcode where no part of the passcode is re-used ever, even to encrypt other parts of the same message. To do this, the passcode must be at least as long as the message itself. This is most definitely not a one-time pad, nor does it claim
Re: (Score:2)
This is easily rectified in any software by compensating for the DPI by scaling up or down the image.
Heck you can do this in CSS:
IMG.passwordWindow { width: 2in, height: 1in }
This image is going to be scaled to be the exact same size on the screen in any web browser.
Re: (Score:2)
Only if the user has correctly configured his system to know the correct physical resolution (dpi) of the screen, or the OS was able to get correct information from the screen automatically (DDC); this will only be true for some users.
Re: (Score:2)
Assuming the OS knows and uses the screen DPI... X11 has done this for years, but i dont think windows does.
And aside from that, not all screens are capable of reporting their DPI, and this will also break where you have a multi screen setup using 2 different size screens.
Re: (Score:2)
And aside from that, not all screens are capable of reporting their DPI, and this will also break where you have a multi screen setup using 2 different size screens.
And some screens just flat out get their DPI wrong - I've seen some code which hard-codes certain screens. Probably somebody copy & pasted an EDID between models or something.
Recent xorg X seems to get multi-screen DPI right - at least my fonts look right on varying displays.
Re: (Score:2)
Er, WTF? (Score:2)
And this is less secure than existing passwords how?
With existing passwords spyware just grabs the keystrokes.
With this method the spyware would have to do OCR on the password image and then do a sophisticated algorythm comparing what you typed, and do this many times before it could be sure it had the whole image.
It is much more complicated. Sure it is still vulnerable but it is a vast improvement over most password systems.
Re: (Score:2)
This is definately quite weak cryptographically speaking, but remember that the card has segments for say 12 digits, but only around 6 digits would be entered. The rest of the characters form gibberish. Further, segments in the challenge may be presnet even if they are also present on the card.
So after 3-4 observed logins, you will most likely have gained enough information to successfully identify some segments, but I expect it would take a minimum of 10-12 to fully determine the code, and often more. That
Multi-factor authentication -- something you have (Score:3, Insightful)
How is this more secure than a key? Like an honest-to-goodness, metal-object-you-stick-in-a-lock, physical key?
It's not. It's not really trying to be. It is, in fact, supposed to be the online equivalent of a key, a physical device which you have to possess in order to gain access to something.
Haven't there been tons of discussions about why using flash drives to store passwords is a really bad idea, simply because the risk to your physical media being stolen is much higher than the risk of your passwords