New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security improvement for brute-force collection #2

Closed
BrunoBernardino opened this Issue Apr 30, 2014 · 7 comments

Comments

Projects
None yet
4 participants
@BrunoBernardino
Collaborator

BrunoBernardino commented Apr 30, 2014

We should make a change in all back-end packages:

Add a random length of garbage information (just 1-50 bytes, for example) to any image when showing it, so the image sizes/hashes would never be the same if someone tries to download and create a database of image -> checksum.

@oujesky

This comment has been minimized.

oujesky commented Jun 24, 2014

I fear that simple change in signature is not enough for a brute force counter-measure. The content of the image can be quite easily compared visually using a tool like http://phash.org/ against a predefined set of images. Then the difference in file checksum won't have any effect.

@BrunoBernardino

This comment has been minimized.

Collaborator

BrunoBernardino commented Jun 24, 2014

@oujesky thank you so much for your feedback. You can look at #8 for some of the counter points I made there.

Do you have a suggestion that won't cripple UX, and solve the problem you're talking about?

@jasny

This comment has been minimized.

jasny commented Mar 14, 2015

Note that even with just guessing, one in five attempts will succeed (or worse #17).

Having a single image where the images are randomly placed already makes it more difficult, storing the correct coordinates in the session. Adding a non-white background might make it secure enough. At least to keep out casual hackers.

Click on the printer
alt

@BrunoBernardino

This comment has been minimized.

Collaborator

BrunoBernardino commented Mar 15, 2015

I like this concept. Delivering one single generated image instead. It will increase the server processing and requirements, but should not be a big deal. As for accessibility concerns (for color-blind), the accessibility option should be a good alternative.

Maybe the front-end can set the image size and number of images to deliver, and the server will have a reasonable limit for both options (as per #17).

Sounds good?

BrunoBernardino pushed a commit to desirepath41/visualCaptcha-packagist that referenced this issue Jul 12, 2015

Bruno Bernardino
Increased security.
- Increased minimum number of options from 2 to 4.
- Added random non-visual noise in the images.

Related to desirepath41/visualCaptcha#2 and desirepath41/visualCaptcha#17

BrunoBernardino pushed a commit to desirepath41/visualCaptcha-npm that referenced this issue Jul 12, 2015

Bruno Bernardino
Increased security.
- Increased minimum number of options from 2 to 4.
- Added random non-visual noise in the images and audio files.

Related to desirepath41/visualCaptcha#2 and desirepath41/visualCaptcha#17

BrunoBernardino added a commit to desirepath41/visualCaptcha-python that referenced this issue Jul 12, 2015

Increased security.
- Increased minimum number of options from 2 to 4.
- Added random non-visual noise in the images and audio files.

Related to desirepath41/visualCaptcha#2 and desirepath41/visualCaptcha#17

BrunoBernardino pushed a commit to desirepath41/visualCaptcha-rubyGem that referenced this issue Jul 12, 2015

Bruno Bernardino
Increased security.
- Increased minimum number of options from 2 to 4.
- Added random non-visual noise in the images and audio files.

Related to desirepath41/visualCaptcha#2 and desirepath41/visualCaptcha#17
@BrunoBernardino

This comment has been minimized.

Collaborator

BrunoBernardino commented Jul 12, 2015

After some deliberation, I've went with the simpler option to increase the file size randomly, in order to not cripple the UX.

The main goal of visualCaptcha is to be extremely user-friendly and accessible, even if that means not being the most secure option out there. There's a very good one for that already (reCaptcha).

@CrazyPython

This comment has been minimized.

CrazyPython commented Jul 11, 2016

@BrunoBernardino You should add some image corruption to make it harder for hackers to crack, for example adding random colored dots to the image and changing the color of the image. That would make it significantly more secure.

@BrunoBernardino

This comment has been minimized.

Collaborator

BrunoBernardino commented Jul 11, 2016

@CrazyPython Thank you for your suggestion. That's been discussed before and discarded in the comment above.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment