RE: Dynamic password authentication scheme

["Mutallip Ablimit" <mutax () insi co jp>]

Hi Amandeep,

> Move the mouse pointer randomly within the perimeter of the workspace and
within a limited time period.
> The program will store the coordinates of the mouse movement. After this,
the program will calculate a new
> value by using an algorithm on the value of the coordinates.

It is a really interesting password generation algorithm.

But, I couldn't quite catch your draft on DyPASS.
Is there any extra dynamic things with DyPASS different from those
token-based authentication systems out there?


Thanks,

Mutallip Ablimit
-----------------------------
@INSI






So, to get this done, you need a token.
The relationship between the number entered by the user and the number
generated by the system is necessary to authenticate the user. The time
value will include:- date, month, year, hour and minute all in numeric form.
The program will read the value entered by the user and compare it with its
own value which will be generated by applying the same algorithm on the
value the program has stored and the current system time.

-----Original Message-----
From: amandeep Singh [mailto:amandeep1 () hotpop com]
Sent: Thursday, January 22, 2004 3:06 PM
To: security-basics () securityfocus com
Subject: Dynamic password authentication scheme




Hi everyone,

   All of you must have experienced that the current password authentication
schemes are not strong enough. Any one can crack the password by using
keyloggers or sniffers. So, their is a need to develop a completely secure
password authentication scheme which is not crackable.

With relate to this....I'm here trying to develop a new password
authentication scheme which is dynamic in nature.

  I have the concept ready with me but before implementing it I just want to
get the recommendations on this from all of you so that I can make it more
secure. Please visit the following link to have a look on the concept.
http://www.angeltowns.com/members/infosecpark/dypas/

please post your recommendations or questions in the forum at the end of the
page so as to make it more robust practically.

Thanks
Amandeep

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
----------------------------------------------------------------------------



---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------