Go4Expert - ZICS : A *NEW* Way to Store User Password

Go4Expert (http://www.go4expert.com/)

- Web Design, HTML And CSS Tutorials (http://www.go4expert.com/forumdisplay.php?f=73)

- - ZICS : A *NEW* Way to Store User Password (http://www.go4expert.com/showthread.php?t=26452)

ZICS : A *NEW* Way to Store User Password

This is just a quick Guide for the my new script : ZICS [ZONTEK's Interactive Combination System]. Pretty crazy, yup but this would be a nice feature to added to your site to catch up the users eyes. To tell the truth the idea is not original but I have rarely seen this implement within websites. So here what it is.

This script provides a simple grid where the user will be drawing or connecting dots and making a pattern of his wish. And then THIS WILL BE HIS PASSWORD. What actually given out by this is an array with 1's for the dots enabled and 0's for the dots disabled. hence the password given out is pretty long and it will be a another security advantage that once it is hashed it would be a hell lot to crack.

Preview:
http://imgs.g4estatic.com/zics/demo.png

Live Demo : http://expementa.freezoka.net/zics/index.php

Requirements:

Download the zics.zip file first.

Usage

There's only few steps to use the thing, first let's extract the file content to the folder login. You will have several files from that DELETE the index.php and demo.png [They are for testing]. Now let's make our own index.php. Add a link to the zicomb.css style on the header and a link to the JQUERY script of google's. This is really important as the script uses many jQuery functions. Now at last before the </body> tag add a link to the zicomb.js script. This is how it looks like.

index.php

PHP Code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>ZONTEK's Interactive Combination based Password System</title> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js" type="text/javascript"></script> <link href="zicomb.css" rel="stylesheet" type="text/css" /> </head> <body> <script type="text/javascript" src="zicomb.js"></script> </body> </html>
It's almost over but we just need to specify where to add the Combination Selector. For that we can place a div with id="pwd" anywhere in the script. And the script will add a hidden field with name pass which will later hold the input of the user. So we do better use the div inside a form so we can submit the password like we submit it with a usual boring text box :)

index.php

PHP Code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>ZONTEK's Interactive Combination based Password System</title> <script type="text/javascript" src="../newest/script/jquery.js"></script> <link href="zicomb.css" rel="stylesheet" type="text/css" /> </head> <body> <form action="index.php" method="post"> Username : <input type="text" name="user" size="25" /><br /> Password : <div id="pwd">  </div> <input type="submit" name="done" value="Login" /> </form> <script type="text/javascript" src="zicomb.js"></script> </body> </html>
There you go! But there's a little bit remaining. That's some functions allowed by the script for customization.

PHP Code:

setSize(row,col) //This will change the default number of rows and columns to your number.

PHP Code:

allowMulti() //If you call this function, it will make the buttons get activated while hovring above them
Let's see index.php covering all those function and an example of getting the password with php

index.php

PHP Code:

<?php if(isset($_POST['done'])){ $pwd = $_POST['pass']; if(md5($pwd) == md5("111110001000100010001111")){ echo "Login Succesfull! <br />"; }else echo "LOGIN FAILED!"; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>ZONTEK's Interactive Combination based Password System</title> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js" type="text/javascript"></script> <link href="zicomb.css" rel="stylesheet" type="text/css" /> </head> <body> <h1 align="center">ZONTEK's Interactive Combination System (ZICS)</h1> <p align="center">The new way of typing your password, by ZONTEK. To use just click the necessary dots.<br /> Implementation details available from the <a href="http://manzzup.blogspot.com">blog.</a><br /> @company: ZONTEK<br /> @author: ManZzup@zonware<br /> Coded on: 07/08/2011<br /> </p> <form action="index.php" method="post"> Username : <input type="text" name="user" size="25" /><br /> Password : <div id="pwd"> </div> <input type="button" value="Allow MouseOver Selection" onclick="allowMulti();" /> <br /> <input type="submit" name="done" value="Login" /> </form> <br /> Use the following to test the DEMO:<br /> <img src="demo.png" /> <script type="text/javascript" src="zicomb.js"></script> </body> </html>

That's it! This script if all your to try/change/ edit or do anything but if you dont mind put up a link back :)

So that sum up the Guide for ZICS, newer versions with many fixes will come soon, till then enjoy !

Re: ZICS : A *NEW* Way to Store User Password

Really innovative and it is used in Android for screen unlocking

Re: ZICS : A *NEW* Way to Store User Password

@shabbir
thanx and yup, i got the idea from my A-Pad, i tried searching for similar existing plugin first
but seems others were not interested in this :S :D

Re: ZICS : A *NEW* Way to Store User Password

Why you think others were not interested?

Re: ZICS : A *NEW* Way to Store User Password

ah i phrased it wrong
i wanted to say others were not interested in making a web based plugin or implementing this for web pages
as i couldnt find any other made ones like this [may be i used the wrong keyowrds to search :D]

Re: ZICS : A *NEW* Way to Store User Password

edit:
setSize() method is not working [as i have porrly implemented it :S]
anyway to increase the no. of sqare, you can edit the zicomb.js, the first 2 lines are the rows and columns
would fix this in the next release

Re: ZICS : A *NEW* Way to Store User Password

I think your passwords would be easy to crack. One they appear to be set to a max length of 25 characters. Add on the fact that it only allows two digits 0 and 1, this makes it super easy to crack. A program in C could crack in in no time, one in php could do it in a few minutes. Its to limited with just 2 digits and a max set of 25. If they input the correct sequence the MD5 hash doesn't matter because the password would match the hash stored in the database for that user.

The function below if ran through a cron could crack your password easy and fast. Each number takes about 0.0016 s to run so in a minute or so I could crack one password.

PHP Code:


		
			
<?php
function antiZoints()
{
    $maxChar = 25;//set max limit
    $vals = array(0,1);// set values to be used
    $i = 0;
    $pass = 0;
        for ($i = 0; $i < $maxChar; $i++)
        {
            $pass .= $vals[rand(0,1)];
        }
        
        return $pass;
}

echo antiZoints();
?>

Re: ZICS : A *NEW* Way to Store User Password

there are several factors here
one is that the password generated here is equivalent to a 6 lower-upper-alpha-numeric text password [confirmed by several of the field] and to be true i am not good with permutatiaons or combinations theorie but im sure this will have the same complexity as of a 6 char password
this is for 5x5 grid
and there's no limit for the extendibility of the grid, although it would not be very nice to have a very big one :)

in the above code, i'm sure you will have more time with md5 implemented, but anyway if you got a super computer or stuff you can easily crack any hash, just like any other password, this too has weakness

[how ever many suggested of having some algorithms to convert the binary data to another form though some mathematical translation, i would try making one in next releases :D]

and on the other hand, who on the hell there days would not prevent from their DB's leeching or getting injected?

Re: ZICS : A *NEW* Way to Store User Password

*NEW SECURITY UPDATE* [thankx to everyone :D]

hey everyone, i managed to put up something temporary for security
but this could be used long term as well
but this is server side
it's simply adding up a number defined by the script
anynumber the user like
use the following function

PHP Code:


		
			
    function addKey($str,$key){

        $c = str_split($str);

        $s = "";

        for($i=0;$i<count($c)-1;$i++){

            $s .= intval((intval($c[$i])+$key));

        }

        return $s;

    }

using it;

PHP Code:


		
			
$pwd = $_POST['pass'];

    $key = 59;

    echo "Recieved Password : $pwd <br />";

    echo "Key : $key <br />";

    

    $chd = addKey($pwd,$key);

    echo "Chaned Password : $chd <br />";

And also i updated the scripts, so please redownload the zip file
and the demo is also updated

http://expementa.freezoka.net/zics/index.php

this is not a very g00d implementation, but hope it would be okay to prevent from bruteforcers :D

Re: ZICS : A *NEW* Way to Store User Password

i think its a gr8 idea of a desktop application , this idea is very creative for the generation of web application , and it can be improved with type of algorithm , i highly recommend this new of creation of type of password generators ,proud of you , keep it up