This is a read-only snapshot of the ComputerCraft forums, taken in April 2020.
ComputerCraftGeneral
Goof's profile picture

[MikkLock] The renewal of AdvLock - Questions and Answers

Started by Goof, 21 July 2014 - 07:42 PM
Goof #1

Goof's profile picture

767 posts

Posted 21 July 2014 - 09:42 PM
Since i closed AdvLock, I thought it would be a neat idea to give it another try, but with further improvements.
I've for quite a long time, thought of Updating AdvLock, just to make it better. However I've got into bad issues where the source code of AdvLock were lost due to a harddrive failure. ( I could not recover it from Pastebin either )

Therefore I have some question(s) for you. ( might be expanded )
If you would like argumenting this, it'd be very appreciated

At the moment I am working on the so called "MikkLock" which will have OneOS compability in the future, but im still curious to see what you guys actually want to get, with a Locking program.

Here's the questions, which you are free to argument about etc.

Spoiler

	What is the most important part in a Lock?

	What do you think about the security?

	What features would be neat?

	What do you want a Locking program, to complete for you?

	If its going to support OneOS, What would you then want. opens on startup, or open when trying to access certain files or folders?

Since I've worked on MikkLock, I've decided to post some of the pics available at the moment




Thank you for reading!

Let's start arguments
Edited on 21 July 2014 - 07:52 PM
Cookiezi #2

Cookiezi's profile picture

10 posts

Posted 21 July 2014 - 10:04 PM
What is the most important part in a Lock?
What do you think about the security?
What features would be neat?
What do you want a Locking program, to complete for you?
If its going to support OneOS, What would you then want. opens on startup, or open when trying to access certain files or folders?

The most important part in a lock is that it keeps the password secure, this meaning that also the File it is stored in is secure from Server Owners who would like to snoop on people's passwords.
Just a way of keeping honest people honest, try adding Encryption to it.

The security of this program is a bit simple; however, people who wish to abuse it could easily utilize a disk drive to break into it and read any stored passwords.

I think a neat feature that could be added: Are alternative methods of passwords.
For example, I remember seeing a post a long time ago about Passbeats, basically passwords based solely on tapping on the keyboard to the tune of your favorite song.
Maybe you could add in like Numpad type inputs (gui based) and add other methods like Security Questions etc. Like for example: Who is my favorite teacher?

I want a Locking Program to secure both my computer and my password, I would hate anyone to see my password and then use it elsewhere (a part of staying secure is not using the same password, but I believe some other people don't do this in the first place.)
So I would want Encryption and the best amount of security to prevent abusers from trying to get into my computer.

I would want this program to be a Startup Program.
Goof #3

Goof's profile picture

767 posts

Posted 21 July 2014 - 10:25 PM
Cookiezi, on 21 July 2014 - 10:04 PM said:
sniiiiiiiip

Because of the Hashing methods of password ( which i've used for quite some time ), and some google searching i've still not found out if its more "secure" to rehash inputs, like:


  local inputPassword = sha256( read( "#" ) )
  for i = 1, 10 do
    inputPassword = sha256( inputPassword )
    os.queueEvent( "Yield" )
    coroutine.yield( "Yield" )
  end

However, in my personal opinion, I would've rehashed it, since it would be hard to "Decrypt" the hash string via HTML /Javascripts webpages.

I still have no clue about that Hashing-Security.


However a Lock is actually not even secured, since ( as you stated ) People could craft disks and drives, to bypass the boot method of ComputerCraft computers.
Anavrins #4

Anavrins's profile picture

756 posts

Posted 21 July 2014 - 10:57 PM
Mikk809h, on 21 July 2014 - 10:25 PM said:
Because of the Hashing methods of password ( which i've used for quite some time ), and some google searching i've still not found out if its more "secure" to rehash inputs, like:


  local inputPassword = sha256( read( "#" ) )
  for i = 1, 10 do
	inputPassword = sha256( inputPassword )
	os.queueEvent( "Yield" )
	coroutine.yield( "Yield" )
  end
You're better off hashing + salt instead of rehashing ten times. It's not more secure than hash+salt and is also slower.

Cookiezi, on 21 July 2014 - 10:04 PM said:
Other methods like Security Questions etc. Like for example: Who is my favorite teacher?
Security question are just another vector of attack…
Say your security question was "What's the name of your favorite restaurant"
It would be easier to go through a list of restaurant name than billions of possible passwords.

Mikk809h, on 21 July 2014 - 10:25 PM said:
However a Lock is actually not even secured, since ( as you stated ) People could craft disks and drives, to bypass the boot method of ComputerCraft computers.
Well, assuming you're playing on a server where your base is protected, then you shouldn't worry about that.
Alternatively, you can have your lock program on a disk placed on a drive on the top of the computer, since the top overrides all sides.
Edited on 21 July 2014 - 09:09 PM
Goof #5

Goof's profile picture

767 posts

Posted 22 July 2014 - 09:00 AM
Anavrins, on 21 July 2014 - 10:57 PM said:
Mikk809h, on 21 July 2014 - 10:25 PM said:
Because of the Hashing methods of password ( which i've used for quite some time ), and some google searching i've still not found out if its more "secure" to rehash inputs, like:


  local inputPassword = sha256( read( "#" ) )
  for i = 1, 10 do
	inputPassword = sha256( inputPassword )
	os.queueEvent( "Yield" )
	coroutine.yield( "Yield" )
  end
You're better off hashing + salt instead of rehashing ten times. It's not more secure than hash+salt and is also slower.
Hmm.. Im just gonna test some salting + hashing.. It might be the final solution to the "cryptography" stuffz of the Lock.

Just tried to make some of the salting methods and this is what i've got:

{
  Settings = {
    Door = {
      false,
      false,
    },
  },
  Salt = {
    "cEWhgVX{?D",
    "Lg/)G]r([r",
  },
  Password = "3621301e0749cc0639811a343d40bfaf5d16d10597702d0eab9475e9a887953f",
  TriesLeft = 3,
}

Anavrins, on 21 July 2014 - 10:57 PM said:
Mikk809h, on 21 July 2014 - 10:25 PM said:
However a Lock is actually not even secured, since ( as you stated ) People could craft disks and drives, to bypass the boot method of ComputerCraft computers.
Well, assuming you're playing on a server where your base is protected, then you shouldn't worry about that.
Alternatively, you can have your lock program on a disk placed on a drive on the top of the computer, since the top overrides all sides.
Indeed. But if it is going to need disk-boot, then you need to protect the diskDrive, from people wanting to steal the disk, etc.

I dont know about the Security questions, because if you dont remember which of them you made, you might have a hard time
Edited on 22 July 2014 - 07:24 AM