Please Help Test Out New Script

[Guest thindery]

I have created a script that registers a user, but instead of using a password it uses an image to verify the user. It creates a 100 pixel image and stores each pixel in a db. When the user attempts to login they must upload the image. The script then runs through to make sure all pixels match in the database.

 

Please go to http://www.funnestgames.com/sci_i/register.php

 

1. Register

2. Download the image it prompts

3. CLick the login link after the image is downloaded

4. Login

 

 

It is that easy and it will greatly help me work out kinks.

 

I understand people are concerned about spam mail, so feel free to enter a fake email address. I that input option to make the form feel more authentic.

 

This process is developed as a way to prevent a possible attacker from guessing a text password with a password library. I know it has flaws, but that is why it is in testing. Further development would include downloading the image to a memory stick and using that as a "key" in a sense. The website would automatically detect the memory stick and authenticate the user. But, my skills are not that great, and it is testing the very basics for now.

 

Thanks to anyone that gives it a shot! Spread it around.

[5614]

hmm, quite a lot of the website is open to user viewing.

 

it is a very clever idea, a lot more secure than a password.

 

looking at your research plan... why is the hypothesis that it is not possible? it says: "A web-based application cannot be developed that is capable of creating images, storing hex values, and reading hex values of uploaded images to authenticate a user."

 

if you go to:

http://www.funnestgames.com/sci_i/

you can see quite a lot of the site, although it doesnt seem to be working now! it worked a second ago, but it cannot find the server now, which is weird!

 

I think that the idea is good in that it gives, in a sense, a much longer password, 100 pixels, but also there is a wider range of "charachters" or colours for each pixel, making a longer password and harder to guess.

 

If you have any more info in the development of this, please tell me, thanks.

[mossoi]

Good idea but I see a potential flaw. The image is is downloaded to a users PC where it stays. This is the equivalent of keeping a plain text file of passwords on a PC - not a good idea.

 

Used in conjunction with a password I can see this improving existing security though.

[5614]

and if one were to format a computer or accidentally delete it (dunno how someone could be that dumb, but it happens!) then they'd loose their password, you'd need a 'forgoten password' system, which normally relies on having a safe email account, which is not always the case.

 

if all passwords were stored on a computer and the HDD failed, you'd be in trouble, if you backed everything up on a floppy or CD, you'd have to keep it pretty safe and people have a tendancy to loose small things like floppys and CDs.