|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Fwd: Re: new opensource security system product launched]
From: arun balaji (randover
randover.com)
Date: Wed Oct 06 2004 - 04:06:27 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
lets say like this.
lets say that that this system compliments existing systems and methods
it can either be used as single system or can also be used along with
existing methods
say
website :"give me ur user id and password"
user :" heres my user id and password"
website :"answer this question"
user :"heres the answer"
website : user is now logged in
this is the process that is a derivation of the randover principle in
user authentication
bye
arun balaji
rohitkritikalsolutions.com wrote:
>How is this in any way increasing security? Lets say your algorithm
>chooses random questions to be answered by the user. So in the
>registration process you are going to ask him at least that many
>questions. How diverse and questions, and more precisely the anwers be?
>They can range from name/place/job/car etc to interests, but how much of
>it is a secret unknown to your best friend? Extending it, how much of it
>will be unknown if someone does a little google search on you? In case we
>can get answers to most of these questions, you are going to rely on at
>least something which will be a complete secret to the user and that
>something can be .... a password? so in the end you are back to square
>one. Also, someone attacking gets a new set of questions each time, so he
>can easily profile the kind of person as well.
>Lastly, do you believe that user are going to choose complex answers to
>your questions? When they cant manage a complex password, why would they
>want a complex qusetion and an answer?
>In any case, once even one such system is hacked, that particular user is
>doomed, because every bit of information about him is now with hackers,
>while only a password could have been lost in the first case.
> just my 2 cents..
>Thanks
>Rohit Dube
> - http://www.prasar.org - come join the cause of silicosis victims,help
>them get justice -
>- http://silicosis.rediffblogs.com ---
>
>
>
>
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]