-
Dec 20th, 2015, 05:48 PM
#1
Thread Starter
Addicted Member
Sketcauth - User authentication with drawings
This is a POC app I made for an idea I had, of using drawings to authenticate a user. Basically, the user draws something on the screen, which will be his "password". The user can then access the account by drawing the same sketch again.
How to use the app:
Draw something on the PictureBox, write your name on the TextBox that says "YourName", and then click in regiser. Now, you can draw the same sketch to log in. Try to draw it as close to the original sketch as possible, otherwise the login will fail. Note that you don't need to write a user name to login, it will search for the matching user on the account table automatically.
How it works (under the hood):
The program first detects the position where the drawing starts/end, and then creates a box around it. After, it subdivides the drawing into smaller box (atm it divides the drawing into a 6x6 grid, through the value can be tweaked). It will then detect if theres a point of the drawing inside each square of the grid (the gird have, in this case, 6 * 6 = 36 squares), this creates what I call the "Key Map", basically a 6x6 downscaled version of your drawing. The image is then subdivided into a 2x2 grid, where each block of the grid have a 3x3 grid. Each block on the 2x2 grid is binary-encoded, and the SHA256 hash of each block is then computed. Each block will also store the Start/End X/Y value of the sketch. the four hashes are then Base64-encoded and stored on the Account.xml file.
To check to which user a sketch key belongs, the program searches for a matching key on the Accounts Table, where at least 3 of the 4 blocks matches (again, this value can be tweaked).
Sorry if the explanation was not very clear, but hopefully looking into the sources make it easy to figure out.
This generates a key worth of 36 bits (through the final base 64 hashes have 1024 bits, and the unhashed key have 96 bits). For comparasion, it would be like a randomly generated password with A-Za-z0-9 and special chars of a bit more than 8 characters.
Tweaking the values:
On Sketcauth.vb, you can change the BlockCount to change the size of the grid. Bigger values will create bigger and safer keys, but will be harder to match the drawings. Small values will make the drawings easy to be matched, but will also be easier to "guess" the keys. On IO.cs, you can change MinimunMatchingHashes to change the amount of hashes that needs to be matched. It only have 4 hashes, so the max value is 4. Again, lower values means that the drawings will match easier, but also means that guessing it will be a lot easier.
I did it most for fun, hope you guys like it!
Sketcauth_v0.1_src.zip
Last edited by omundodogabriel; Dec 20th, 2015 at 05:58 PM.
-
Jan 5th, 2016, 07:19 AM
#2
New Member
Re: Sketcauth - User authentication with drawings
I would never be able to login, can't make the same design twice.
But it is a great code gz.
-
Jan 5th, 2016, 01:13 PM
#3
Thread Starter
Addicted Member
Re: Sketcauth - User authentication with drawings
Originally Posted by Gomesr333
I would never be able to login, can't make the same design twice.
But it is a great code gz.
thanks. This was more a toy, its not usable on real world authentication. You can tweak the values to make it recognize your drawings easier.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|