21 January 2014
17 February 2012
User Challenge Password
This was my ideas as posted in comp.infosystems.www.servers.unix group.
Sept 22, 2005.
http://groups.google.com/group/comp.infosystems.www.servers.unix/browse_thread/thread/265a81b96e1af49e/d927f7fdc6217910?hl=en
I don't know your case, but I have been thinking of this approach for
some time, but I don't know whether it applies to you or not:
I am using the bank PIN system, but with a litle bit of a twist.
Suppose, I (as a user) already know my PIN number as 123456.
I will also be assigned with "challenge phrase" (I can choose from
countless number of possibilities -- I will explain soon), and I (and
the bank) will be the only one that know this phrase
Example, my "challenge phrase" that I use would be:
"Add my first PIN with the fourth number of the "challenge list"
...........
When I try to log into the system or ATM,
I will write in my login ID and press enter (or for ATM, my ATM card)
The system will give me few sets of numbers, eg: 3452 5643 3443 5645
This is the "challenge list"
Since my challenge phrase is to add my first PIN ( which is 1)with the
4th number of the challenge list (which is 2), I will ended up with the
number 3
I will enter in the "answer", 323456 as the "challenged PIN".
There are vast possibilities for the "challenge phrase", it would need
our mind to calculate it (or we can put a calculator in the web page to
assist calculation)
Next login, the system will give new sets of "challenge list (CL)"
but our original PIN, and "challenge phrase (CP)" would be the same
unless we change it after login. The the challenged PIN (CPIN) will
also differs each time we login. This way, even the keyboard reader
cannot know the actual PIN.
Another example, if my CP is multiply 1st PIN number with 8th number of
the CL, and substract 4th number of PIN with 11th number of the CL,
then my CPIN will be 323056
The possibilities are endless...
no PIN are transferred through the net. If the CP is very good, the CL
and CPIN can even be transferred clear text, and still nobody can
guess...
additional possibilities for the CL can also be: "use the 4th number of
the CL as your CPIN, use the 3rd number of the CL as your 2nd CPIN, use
the 16th number of the CL as your 3rd CPIN, and so on...."
then there will be no calculation needed....
This method can also be used as your second authentication, after the
usual username-password combination.
I hope somebody could calculate the "statistical probability" that
someone can crack the CPIN.
I think It is as same as trying the PIN one by one by brute-force.
Rosdan
26 October 2009
Budget 2010: The Property Gain Tax.
My comment to 1malaysia website on the budget:
salam,
terima kasih kerana mengembalikan semula "property gain tax" dalam bajet 2010.
Saya harap pihak kerajaan boleh memperketatkan lagi cukai dan undang2 untuk mengurangkan kegiatan pihak2 ini dalam membeli rumah baru untuk tujuan pelaburan. Ia menyebabkan ramai "genuine buyer" tidak dapat membeli rumah impian mereka terutama dikalangan pemaju2 yang mempunyai rekod baik. ini kerana toyol toyol ini telah dengan cepat membeli rumah2 ini lantas mengeluarkan ia dari pasaran hanya untuk menjualnya kemudian dengan harga yang lebih tinggi.
Mungkin kerajaan boleh menghalang seseorang dari membeli rumah baru lebih dari 3 atau 4 kali dalam masa lima tahun. mereka bebas untuk membeli rumah-rumah "second hand" sebanyak mana yang mereka hendak. tetapi rumah yang baru dilancarkan dan masih dalam pembinaan tidak boleh mereka beli lebih dari 2 atau 3 unit.. jualan untuk rumah2 baru ini boleh dibuka semua kepada "profiteer" ini setelah satu tahun dari tarikh ia dilancarkan (untuk memastikan pemaju tidak rugi jika tiada pembeli).
Ini untuk memberi peluang kepada "genuine buyer" untuk membeli rumah impian mereka.
Harap ia mendapat perhatian.
-- note: I mean 2 or 3 units limitation is not for the same development project, but for the entire country. if there are genuine buyer, then they can apply for exemption.