Subj : Re: Presenting a new(?) idea for free open source software development.
To   : comp.programming
From : Peter Ammon
Date : Sun Aug 07 2005 03:21 pm

Ingvald Straume (from Norway - Europe) wrote:
> Hi!
> 
> I'm a 32 years old novice to average programmer, and I have an idea
> which I believe to be fairly good: An authentification system to
> replace the old fashion password authentification method. The general
> idea is that a user - using the computer mouse - draws his/her
> signature onto a canvas on the login screen. The login program records,
> from millisecond to millisecond, the mouse motions and the curve drawn
> on the canvas by the user. Then the program compares the curve with an
> already stored pattern which has been preadapted to match the authentic
> users graphical mouse signature.
> 
> I believe that this method will have some advantages compared to the
> traditional password security system:
> 
> 1) A graphical mouse login and authentification system is safe: Even if
> an intruder knows what the true user's signature looks like, he won't
> be able to reproduce it, because that requires that the signature is
> drawn in the true user's individual style and timing.
> 
> 2) Users will no longer need to remember passwords.
> 
> A couple of years ago I wrote a demo-version ("beta 0.01 release") of
> the program. (It's in MS Visual Basic, because that was
> the tool available to me at the time of writing.) I will be happy to
> submit both the program and the source code, if anyone might be
> interested in discussing or colaborating on the idea.
> 
> sincerely
> Ingvald Straume
> Norway, Europe

This approach seems rather vulnerable to replay attacks.  If the 
attacker captures the data stream for the victim's signature even once, 
the attacker can always successfully represent him or her self as the user.

-Peter

-- 
Pull out a splinter to reply.

.