This is just a quick Guide for the my new script : ZICS [ZONTEK's Interactive Combination System]. Pretty crazy, yup but this would be a nice feature to added to your site to catch up the users eyes. To tell the truth the idea is not original but I have rarely seen this implement within websites. So here what it is. This script provides a simple grid where the user will be drawing or connecting dots and making a pattern of his wish. And then THIS WILL BE HIS PASSWORD. What actually given out by this is an array with 1's for the dots enabled and 0's for the dots disabled. hence the password given out is pretty long and it will be a another security advantage that once it is hashed it would be a hell lot to crack. Preview: Live Demo : http://expementa.freezoka.net/zics/index.php Requirements: Download the zics.zip file first. Usage There's only few steps to use the thing, first let's extract the file content to the folder login. You will have several files from that DELETE the index.php and demo.png [They are for testing]. Now let's make our own index.php. Add a link to the zicomb.css style on the header and a link to the JQUERY script of google's. This is really important as the script uses many jQuery functions. Now at last before the </body> tag add a link to the zicomb.js script. This is how it looks like. index.php PHP: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>ZONTEK's Interactive Combination based Password System</title><script src="//ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js" type="text/javascript"></script><link href="zicomb.css" rel="stylesheet" type="text/css" /></head><body><script type="text/javascript" src="zicomb.js"></script></body></html> It's almost over but we just need to specify where to add the Combination Selector. For that we can place a div with id="pwd" anywhere in the script. And the script will add a hidden field with name pass which will later hold the input of the user. So we do better use the div inside a form so we can submit the password like we submit it with a usual boring text box index.php PHP: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>ZONTEK's Interactive Combination based Password System</title><script type="text/javascript" src="../newest/script/jquery.js"></script><link href="zicomb.css" rel="stylesheet" type="text/css" /></head><body><form action="index.php" method="post">Username : <input type="text" name="user" size="25" /><br />Password :<div id="pwd"><!-- This is the block where everything is addedand here another field is adden secretlyex: <input type=hidden name="pass" value="11100101010...." />and that holds our data --></div> <input type="submit" name="done" value="Login" /></form><script type="text/javascript" src="zicomb.js"></script></body></html> There you go! But there's a little bit remaining. That's some functions allowed by the script for customization. PHP: setSize(row,col) //This will change the default number of rows and columns to your number. PHP: allowMulti() //If you call this function, it will make the buttons get activated while hovring above them Let's see index.php covering all those function and an example of getting the password with php index.php PHP: <?phpif(isset($_POST['done'])){ $pwd = $_POST['pass']; if(md5($pwd) == md5("111110001000100010001111")){ echo "Login Succesfull! <br />"; }else echo "LOGIN FAILED!";}?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>ZONTEK's Interactive Combination based Password System</title><script src="//ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js" type="text/javascript"></script><link href="zicomb.css" rel="stylesheet" type="text/css" /></head><body><h1 align="center">ZONTEK's Interactive Combination System (ZICS)</h1><p align="center">The new way of typing your password, by ZONTEK. To use just click the necessary dots.<br />Implementation details available from the <a href="http://manzzup.blogspot.com">blog.</a><br />@company: ZONTEK<br />@author: ManZzup@zonware<br />Coded on: 07/08/2011<br /></p><form action="index.php" method="post">Username : <input type="text" name="user" size="25" /><br />Password :<div id="pwd"></div><input type="button" value="Allow MouseOver Selection" onclick="allowMulti();" /><br /><input type="submit" name="done" value="Login" /></form><br />Use the following to test the DEMO:<br /><img src="demo.png" /><script type="text/javascript" src="zicomb.js"></script></body></html> That's it! This script if all your to try/change/ edit or do anything but if you dont mind put up a link back So that sum up the Guide for ZICS, newer versions with many fixes will come soon, till then enjoy !
@shabbir thanx and yup, i got the idea from my A-Pad, i tried searching for similar existing plugin first but seems others were not interested in this :S
ah i phrased it wrong i wanted to say others were not interested in making a web based plugin or implementing this for web pages as i couldnt find any other made ones like this [may be i used the wrong keyowrds to search ]
edit: setSize() method is not working [as i have porrly implemented it :S] anyway to increase the no. of sqare, you can edit the zicomb.js, the first 2 lines are the rows and columns would fix this in the next release
I think your passwords would be easy to crack. One they appear to be set to a max length of 25 characters. Add on the fact that it only allows two digits 0 and 1, this makes it super easy to crack. A program in C could crack in in no time, one in php could do it in a few minutes. Its to limited with just 2 digits and a max set of 25. If they input the correct sequence the MD5 hash doesn't matter because the password would match the hash stored in the database for that user. The function below if ran through a cron could crack your password easy and fast. Each number takes about 0.0016 s to run so in a minute or so I could crack one password. PHP: <?phpfunction antiZoints(){ $maxChar = 25;//set max limit $vals = array(0,1);// set values to be used $i = 0; $pass = 0; for ($i = 0; $i < $maxChar; $i++) { $pass .= $vals[rand(0,1)]; } return $pass;}echo antiZoints();?>
there are several factors here one is that the password generated here is equivalent to a 6 lower-upper-alpha-numeric text password [confirmed by several of the field] and to be true i am not good with permutatiaons or combinations theorie but im sure this will have the same complexity as of a 6 char password this is for 5x5 grid and there's no limit for the extendibility of the grid, although it would not be very nice to have a very big one in the above code, i'm sure you will have more time with md5 implemented, but anyway if you got a super computer or stuff you can easily crack any hash, just like any other password, this too has weakness [how ever many suggested of having some algorithms to convert the binary data to another form though some mathematical translation, i would try making one in next releases ] and on the other hand, who on the hell there days would not prevent from their DB's leeching or getting injected?
*NEW SECURITY UPDATE* [thankx to everyone ] hey everyone, i managed to put up something temporary for security but this could be used long term as well but this is server side it's simply adding up a number defined by the script anynumber the user like use the following function PHP: function addKey($str,$key){ $c = str_split($str); $s = ""; for($i=0;$i<count($c)-1;$i++){ $s .= intval((intval($c[$i])+$key)); } return $s; } using it; PHP: $pwd = $_POST['pass']; $key = 59; echo "Recieved Password : $pwd <br />"; echo "Key : $key <br />"; $chd = addKey($pwd,$key); echo "Chaned Password : $chd <br />"; And also i updated the scripts, so please redownload the zip file and the demo is also updated http://expementa.freezoka.net/zics/index.php this is not a very g00d implementation, but hope it would be okay to prevent from bruteforcers
i think its a gr8 idea of a desktop application , this idea is very creative for the generation of web application , and it can be improved with type of algorithm , i highly recommend this new of creation of type of password generators ,proud of you , keep it up
thankz a lot dude and i just remembered, is there any desktop application module of this type? becuase if not i would be happy to make one
Well done, I'm thinking of using this in my website, could run me through implementing it completely, you'll get complete credit.
thank alot dude and yup im searching for a g00d security logic for the system these days can you suggest any?
Using Mysql and I was assuming it was better to separate out a users personal information and their login and password into two different tables and then just reference them between the two.