hi every one ..

Today my teacher asked me, how to create a security code - password- by circuits logical ...The first thing in my mind is the comparator circuit, but he said to me: "I can put a counter until know the code," and If increased the number of bit will just require more time,

For this I want you to design a circuit , where the other person does not know or do not know the code easily ..
He advised me that briefed on MD5.

When looked at "Google' can not find something that would benefit me in the design.

Can you give me advice?

 

You could use a large random number for the code. And to prevent a counter from finding the code in any reasonable human time period, you put a delay, such as 10 seconds, between the acceptance of a new code input if the previous try failed.

 

What is a "risk comparison circuit"? What did you mean by "mattresses"? I think your language translator is causing some problems.

It sounds like you teacher is comparing apples and oranges. An MD5 hash is just a number within a certain range. If you let someone pick a code that is within that same range, then the counter your teacher is talking about will take just as long for either one.

As crutschow said, what you want to do is make it so that only a tiny fraction of the possible codes can be tried in the time period that defines the risk window. You can do this by making the range really large, making the rate at which codes can be tried really small, or use a lockout mechanism such as permitting three wrong attempts and then locking out further attempts, either forever (requiring some other means to reset the code) or for some period of time, such as 10 minutes or 2 days, or whatever is appropriate.

 

To avoid the delay for a legitimate entry mistake you could go to the lockout routine after a fixed number of tries, such as two or three.

 

And the lockout period does not have to be that large, either. Figure that there are 86,400 seconds in a day. If you used a six digit PIN then most people will take about five seconds to enter a PIN and hit ENTER. So if you simply limit the attack to that rate it would take nearly two months to cycle through all one million possible PIN numbers.

 

Oh, and another thing.

What I suspect your teacher had in mind is the notion that if you have a relatively short password space that this counter could go through that space very quickly. But he is probably thinking of running that password through a hash function, such as MD5, to get a much larger pseudorandom number that would take until the heat death of the universe to cycle through with a counter. The problem with that line of thinking is that all the attacker has to do is cycle through the same smaller password space and generate just those hash values that correspond to legal passwords. The effective number of bits that has to be attacked is limited by the password space and not by any games you do to try to obscure it.

 

What is a "risk comparison circuit"? What did you mean by "mattresses"? I think your language translator is causing some problems..

yes , sorry .

and thanks veeeeeeeeeeeeeeeeeeeeeeeeery much.

 

Oh, and another thing.

What I suspect your teacher had in mind is the notion that if you have a relatively short password space that this counter could go through that space very quickly. But he is probably thinking of running that password through a hash function, such as MD5, to get a much larger pseudorandom number that would take until the heat death of the universe to cycle through with a counter. The problem with that line of thinking is that all the attacker has to do is cycle through the same smaller password space and generate just those hash values that correspond to legal passwords. The effective number of bits that has to be attacked is limited by the password space and not by any games you do to try to obscure it.

thank you very much

 

yes , sorry .

and thanks veeeeeeeeeeeeeeeeeeeeeeeeery much.

I'm still curious what you were trying to say with these two terms. Usually I can take a pretty good guess, but not on this one.