Thread: Image files as passwords
View Single Post
  #4 (permalink)  
Old 02-22-2007, 05:00 PM
vedaal
Guest
  
Posts: n/a
Default Re: Image files as passwords
On Feb 22, 6:33 am, "Saul" <saul.dob...@dobney.com> wrote:

> 1. User is asked to upload an image and an access key to the website

> Does any such system already exist? Does the server actually need to
> make modifications to the uploaded image or would a plain image do on
> its own?

truecrypt
http://www.truecrypt.org/docs/?s=encryption-scheme
(click on the highlighted word 'keyfiles')
has a similar system in which they use a 'keyfile' in addition to or
in place of a password

any file can be used as a keyfile, (so any image file selected by the
user is ok)

in your setup,
the server does not need to modify the image,
(just hash it [sha-512 should be fine] )
and keep the hash to verify that the image file is unaltered)

but the users have to be cautioned to use only an image that has not
been e-mailed, posted, or otherwise 'leaked'
and to safeguard that image as if it were an actual key


vedaal


Reply With Quote