Editing Talk:OpenDuino

From syn2cat - HackerSpace.lu
Jump to: navigation, search
Start a new discussion

Warning: You are not logged in.

Your IP address will be recorded in this page's edit history.
 

Please note that all contributions to syn2cat - HackerSpace.lu are considered to be released under the Attribution-NonCommercial-ShareAlike 3.0 Unported (CC BY-NC-SA 3.0) (see syn2cat:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

Cancel | Editing help (opens in new window)

Contents

Thread titleRepliesLast modified
Alternative OpenDuino authentication220:24, 23 May 2011

Alternative OpenDuino authentication

feel free to modify these or add your own.

[edit] Possibility A

  • Step 1: Log in to an application (ideally a mematool addon)
  • Step 2: Print a QrCode that will be valid for at most 2h
  • Step 3: Show your QrCode to a webcam installed at the Space's front door
  • Step 4: OpenDuino will verify your qrcode and send you a confirmation code to your mobile phone.
  • Step 5: You will get an SMS (of course you'll need a mobile phone and have your number registered with us) with a verification code
  • Step 6: Show the verification code to the webcam or scribble it on a sheet of paper.
  • Step 7: OpenDuino will confirm that you are who you claim to be.
Kwisatz19:23, 23 May 2011

If, at first sight, you compare this to the current auth, this method is more secure. So I try to determine what were the conditions to come up with this procedure.

  • the user must give his password
  • the user has to be at the front door
  •  ??? I can't think of anything else

So procedure optimized as follows:

ask via authenticated webpage for a code.

that code is sent via sms and is valid 2h

show the code to the webcam (or via IR or bluetooth)

Gunstick19:47, 23 May 2011

The difference is that with a login, unless someone wrote down his/her password, you can be reasonably sure that the person entering it is the person s/he claims to be. So s/he needs to fulfill both requirements at the same time. However, if you're using a sheet, there is the risk of someone else stealing or finding it and thus not being who s/he claims to be. Ok, chances that this person (if s/he finds the sheet) knows what purpose it serves are rather slim, but not impossible. (my 2cents)

  • IR is not a viable alternative in my eyes because the costs involved will not be much lower than a wifi-capable device.
  • Bluetooth is almost as bad as rfid in terms of security. (And how do you get the code onto your phone in the first place if it isn't wifi capable?)
Kwisatz20:01, 23 May 2011
 
 
Personal tools
Namespaces

Variants
Actions
Navigation
syn2cat
Hackerspace
Activities
Initiatives
Community
Tools
Tools