Subj : Re: Presenting a new(?) idea for free open source software development To : comp.programming From : Brock Candid Date : Mon Aug 08 2005 08:13 pm -----BEGIN PGP SIGNED MESSAGE----- "Arthur J. O'Dwyer" wrote: > > On Sun, 7 Aug 2005, Ingvald Straume (from Norway - Europe) wrote: > > > > I'm a 32 years old novice to average programmer, and I have an idea > > which I believe to be fairly good: An authentification system to > > replace the old fashion password authentification method. The general > > idea is that a user - using the computer mouse - draws his/her > > signature onto a canvas on the login screen. The login program records, > > from millisecond to millisecond, the mouse motions and the curve drawn > > on the canvas by the user. Then the program compares the curve with an > > already stored pattern which has been preadapted to match the authentic > > users graphical mouse signature. > Second problem: You have not described the "stored pattern" or the > "graphical mouse signature," which seem to be the cornerstone of your > whole idea. For example (supposing "First problem" didn't exist), you'd > want your "pattern" to compare equal even if the user starts his signature > one pixel to the left or right, or draws a loop a little bit smaller than > usual (for some definition of "a little bit"), and so on. If you can't > find a good solution to this problem, you have nothing. To be clear though, as "protocol" concerns were alluded to in another post as well, why should this method be any more vulnerable relative to protocol - namely, regarding other post: to replay attacks -than any other? Data about the signiture - shape, form, timing, whatever - would be recorded, and sent just as any password with regards to whatever protocol you decide. OP does not seem to be defining a protocol, but rather, a password (or, "shared secret") mechanism. On surface, it's perhaps not all that bad an idea. Just maybe difficult to implement because of input practicalities. BC -----BEGIN PGP SIGNATURE----- Version: N/A iQCVAwUBQvaggqF0vu+BrKeVAQHUbgQAqVjCTfRivstsuagDnwvdmJ2cG9/dQnT1 qsexkENitN2y/tB92Uk3N4gvPcCJBXAl47/Svhy1wk86MJPDEb0a5Caz+zgSXmWy 8dQMIX+osk7YS4sfiQJqhOCP5zUDsZnPzSSaU5oZGxBj9zmUkSj8RFqtBnlP36H2 9rheYHRg6Iw= =MUS7 -----END PGP SIGNATURE----- .