It is so easy to crack the simple passwords like "keepout" "1q2w3e".
We downloaded "john the cripper " from the website, use
gzip -dc target.tar.gz tar xf -, then cd src,make, make clean "Liux-x86-any"
run the john to crack the password file which is in /etc/passwd.
The linux stored password in /etc/passwd with crpt(3) function, so it can not be read directly by the users. But if you use the simple password like those referred before, it is easy to be cracked.
For sensitive information, you better use the password with more than 8 characters, combined with number and alphebets with upper and lower cases.
This is a really good lesson for me to know how the password can be broken so easily.
Tuesday, May 22, 2007
Friday, May 18, 2007
Software to record the voice
I have downloaded the software "VRS Recording System" which can record the voice in .wav format.
So the bimetrics password system should work in the following way
1. Store the recorded password voice file".wav" in the database, we can use some encrypting alogrithm to encrypt the password file
2. We need analyze the wave file to make sure everyone has the unqiue feature.
If the same person say the same word, it should match regardless of the same person may speak the same word quite different.
3. Construct the interface(ask for account name and password) and database
Voice Recognition
I am just thinking that voice is easy to get and implemented to identify a person compared with the fingerprint or the face.
There are some commercial softwares to do this kind of job. As Robert has referred,Dragon Natural Speaking is one of those softwares. But this software is just to translate the voice into the text, it DO NOT differentiate the persons who say the same word.(Is it true?).
"Voice recognition or speaker recognition is a related process that attempts to identify the person speaking, as opposed to what is being said."
For biological password, if everybody has unique voice which can be differentiated by the software, not only the software differentiate the words the user said,but also it can capture the essence of the voice which is unquely belonged the specific person.
I will do the survey to try to find whether we can use the voice to identify a person like using the fingerprint .
There are some commercial softwares to do this kind of job. As Robert has referred,Dragon Natural Speaking is one of those softwares. But this software is just to translate the voice into the text, it DO NOT differentiate the persons who say the same word.(Is it true?).
"Voice recognition or speaker recognition is a related process that attempts to identify the person speaking, as opposed to what is being said."
For biological password, if everybody has unique voice which can be differentiated by the software, not only the software differentiate the words the user said,but also it can capture the essence of the voice which is unquely belonged the specific person.
I will do the survey to try to find whether we can use the voice to identify a person like using the fingerprint .
What the project will do is not to translate the voice to text as the most commercial softwares do, in my opinon, we just need analyze the voice and word (password which is not very long) set by the user, encrypted and stored it in the database, the next time the user wants to log into the machine, he needs to speak that words again to the microphone. That is it.
But it may be quite difficult,because there are two things,actually it includes the content and tone. The easy part for this, the software should "learn the word and tone ,remember it, then it can recognize it." For the current commercial software, it does not have the opportunity to learn all the words, it is dependent on its database. It should compare the words with its database to find the match, the database should be large enough.
For voice password, we just need to store the password in the database, which can be set up by the user. It simplifyies the problem. The difficult part is how to grasp the password's essence, how can grasp the unique feature of the voice of the specific person.
Information Security in Computing Project Idea
Information Security in Computing Project Idea
Biological Password
A unique biological feature can definitely represent the certified person who is authorized to have an access to some secure information.
Fingerprint is one of these features, which has been commercialized in some application. For example, in IBM thinkpad T series, the user can record his or her fingerprint through the scanner, set up the fingerprint as the password to log into the computer.
The weakness for the current fingerprint system is that it does not work very well, it is quite time-consuming to scan and store the fingerprint, it is not convenient for the user to use this function.
We need to answer the following questions:
Is the fingerprint stored using the encryption and impossible to some attacker to retrieve successfully?
For other application, wherever the access to some specific information is restricted, can we design some structure to use the unique and impossible feature of the authorized user ,making it is impossible for the unauthorized users to enter the secure place by any force?
The features can not be restricted in the fingerprint only, voice, face, eye can also be considered if we can find a good and excellent way to apply one of those into our application…etc.
Procedure:
1. Select the unique biological feature which is easy to implement and convenient for the users
2. Get the feature scanned or recorded into the database which is encrypted, it is impossible to crack in theory.
3. Test the system
Weizhong Zhang
May 18 2007
Biological Password
A unique biological feature can definitely represent the certified person who is authorized to have an access to some secure information.
Fingerprint is one of these features, which has been commercialized in some application. For example, in IBM thinkpad T series, the user can record his or her fingerprint through the scanner, set up the fingerprint as the password to log into the computer.
The weakness for the current fingerprint system is that it does not work very well, it is quite time-consuming to scan and store the fingerprint, it is not convenient for the user to use this function.
We need to answer the following questions:
Is the fingerprint stored using the encryption and impossible to some attacker to retrieve successfully?
For other application, wherever the access to some specific information is restricted, can we design some structure to use the unique and impossible feature of the authorized user ,making it is impossible for the unauthorized users to enter the secure place by any force?
The features can not be restricted in the fingerprint only, voice, face, eye can also be considered if we can find a good and excellent way to apply one of those into our application…etc.
Procedure:
1. Select the unique biological feature which is easy to implement and convenient for the users
2. Get the feature scanned or recorded into the database which is encrypted, it is impossible to crack in theory.
3. Test the system
Weizhong Zhang
May 18 2007
Subscribe to:
Posts (Atom)
