# passward by logic gate

Discussion in 'General Electronics Chat' started by eng.mustafasalah, Apr 10, 2013.

1. ### eng.mustafasalah Thread Starter Member

Nov 10, 2011
41
2
hi every one ..

Today my teacher asked me, how to create a security code - password- by circuits logical ...The first thing in my mind is the comparator circuit, but he said to me: "I can put a counter until know the code," and If increased the number of bit will just require more time,

For this I want you to design a circuit , where the other person does not know or do not know the code easily ..
He advised me that briefed on MD5.

When looked at "Google' can not find something that would benefit me in the design.

Last edited: Apr 11, 2013
2. ### crutschow Expert

Mar 14, 2008
13,475
3,362
You could use a large random number for the code. And to prevent a counter from finding the code in any reasonable human time period, you put a delay, such as 10 seconds, between the acceptance of a new code input if the previous try failed.

3. ### WBahn Moderator

Mar 31, 2012
18,085
4,917
What is a "risk comparison circuit"? What did you mean by "mattresses"? I think your language translator is causing some problems.

It sounds like you teacher is comparing apples and oranges. An MD5 hash is just a number within a certain range. If you let someone pick a code that is within that same range, then the counter your teacher is talking about will take just as long for either one.

As crutschow said, what you want to do is make it so that only a tiny fraction of the possible codes can be tried in the time period that defines the risk window. You can do this by making the range really large, making the rate at which codes can be tried really small, or use a lockout mechanism such as permitting three wrong attempts and then locking out further attempts, either forever (requiring some other means to reset the code) or for some period of time, such as 10 minutes or 2 days, or whatever is appropriate.

4. ### crutschow Expert

Mar 14, 2008
13,475
3,362
To avoid the delay for a legitimate entry mistake you could go to the lockout routine after a fixed number of tries, such as two or three.

5. ### WBahn Moderator

Mar 31, 2012
18,085
4,917
And the lockout period does not have to be that large, either. Figure that there are 86,400 seconds in a day. If you used a six digit PIN then most people will take about five seconds to enter a PIN and hit ENTER. So if you simply limit the attack to that rate it would take nearly two months to cycle through all one million possible PIN numbers.

6. ### WBahn Moderator

Mar 31, 2012
18,085
4,917
Oh, and another thing.

What I suspect your teacher had in mind is the notion that if you have a relatively short password space that this counter could go through that space very quickly. But he is probably thinking of running that password through a hash function, such as MD5, to get a much larger pseudorandom number that would take until the heat death of the universe to cycle through with a counter. The problem with that line of thinking is that all the attacker has to do is cycle through the same smaller password space and generate just those hash values that correspond to legal passwords. The effective number of bits that has to be attacked is limited by the password space and not by any games you do to try to obscure it.

7. ### eng.mustafasalah Thread Starter Member

Nov 10, 2011
41
2
yes , sorry .

and thanks veeeeeeeeeeeeeeeeeeeeeeeeery much.

8. ### eng.mustafasalah Thread Starter Member

Nov 10, 2011
41
2
thank you very much

9. ### WBahn Moderator

Mar 31, 2012
18,085
4,917
I'm still curious what you were trying to say with these two terms. Usually I can take a pretty good guess, but not on this one.