Cryptocard

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
Denn
Forum Newbie
Posts: 6
Joined: Sun Feb 25, 2007 3:24 am

Cryptocard

Post by Denn »

Dear friends :)

I'm new at this place so correct my topic if I posted it wrong.

You these cryptocards has become very popular and I want to make a such feature. But I don't know how to make them.

There should be generated a unique card for every user which he can print out and use when he logging in.
I could easily generate a card like that, but how to check if it right?

Simply just put it into a database or what would you do?
- need some ideas here.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Post by Mordred »

You want your users to print their login credentials on a piece of paper and carry them around?
This is not good security.

If you talk about those thingies that offer rotating one-time passwords, they are a separate hardware solution, and IMO they don't offer much better security by themselves (the something-you-have can be lost/stolen!)

Stick to regular username/passwords, they are likely enough for your application (if they aren't then you have to learn some more things before becoming the right person to do the job, no offense)
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

The only way I could see that being secure is if you need the card in combination with some other credential... but if you're going to do that, you might as well just have a username and a password.
Denn
Forum Newbie
Posts: 6
Joined: Sun Feb 25, 2007 3:24 am

Post by Denn »

I should be used together with a username and login of course.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

Okie doke :) Well in that case, I don't see a security issue... just an annoyance ;)

In any case, what does the cryptocard have on it? Just some code?

When you generate a record for the user in your database, simply generate a unique code. There are various functions that can help here, but if it's purely a gimmick and not for security, base64_encode of the username or md5() of the username or something will probably be enough of a gimmick. If it really is just a base64 encoded or md5() hash then there's no need to store it in the DB since you can generate it and check it at login, if it's more random than that, store it in th DB with the username and password.

Now when they log in, you just need to check 3 values: Username, password, secret code.
Denn
Forum Newbie
Posts: 6
Joined: Sun Feb 25, 2007 3:24 am

Post by Denn »

When using cryptocard the login page would be like:

Username: <input>
Password: <input>
A2 B2 C4
<input> <input> <input>

The field A2 would be the char on their cryptocard at cell A2 :-)
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

Ah I see, that's a bit more complicated :) In fact, it's a lot more complicated.

You need to think of a good way to store that data.

Code: Select all

create table user_crypto_grid (
    `id` int auto increment primary key,
    `user_id` int,
    `row` tinyint(1),
    `column` char(1),
    `cell_value` char(1)
);
So for a grid with 4 rows and 4 cells you might have:

Code: Select all

row   column      cell_value
1        A                3
1        B                3
1        C                F
1        D                2
2        A                4
2        B                B
2
2
3
3
3
3
4
4
4
4

 etc etc
Then you just need to:

Code: Select all

select
    `a.row`,
    `a.column`,
    `a.cell_value`
from
    user_crypto_grid as a,
    users as b
where
    a.user_id = b.id
order by rand()
limit 3;
To go into depth about how you do it start-to-finish would just be a bit too long... it's not your average username/password login.
Denn
Forum Newbie
Posts: 6
Joined: Sun Feb 25, 2007 3:24 am

Post by Denn »

I know its that way to do it. It takes time :-)
Post Reply