Discussion:
Alan showing the demo on the Text CAPTCHA with validation and logging to block attacks to supervisor.
Conclusions:
· CAPTCHA design
- Some characters are difficult to be identified. Need to fine tune it.
- The contrast between the text and the background for the blue color design of the captcha is difficult to be identified by user. Either remove the color “blue” or change the text color.
· CAPTCHA implementation
- The text remains unchanged after refresh. Need to kill the session every time after each refresh.
- Current hashing algorithm used is SHA1, hash algorithms MD5 and SHA1 had been broken.
Need to change to other hashing algorithm, suggested SHA256 or SHA512.
· CAPTCHA design methodology
- The CAPTCHA engine should be portable. The engine should be able to be used on as a
mobile application as well as a web based plug-in.
Action items
Fine Tune CAPTCHA Design by ALAN
Kill Session Every Time After Each Refresh by LEXIS
Change Current Hashing Algorithm to SHA256 or SHA512 by LEXIS
Image CAPTCHA Demo, Design and Implementation Review.
Discussion:
Alan demo the new CAPTCHA design to supervisor. Supervisor review and comments.
Conclusions:
· Current image CAPTCHA has too few images, low permutation, thus is subjected to brute force attacks.
· Need to increase the amount of images, required to have a huge database.
· Suggested to implement the image and text CAPTCHA together, images and text appear at random.
Action items
Increase amount of images to enlarge database by TEAM
Implement image and text CAPTCHA together by LEXIS and ALAN
CAPTCHA Customizer Demo and Review.
Discussion:
Alan demo the CAPTCHA customizer to supervisor. Supervisor review and comment.
Conclusions:
· Position Module
- The grid coordinates cannot be seen clearly as the font size is too big which causes
overlapping, reduce the font size to make it clearer and change the font color if need to.
- Need to limit the range of position as the character will be out of range when a user enter a
value wider than the interface.
· Purge Logs Module
- The position of the “date” label is wrong, need to reposition it.
- The logs are unable to delete according to the specific date. Need to rectify it.
Action items
Change the font size of the grid coordinates by ALAN
Limit the range of position by ALAN
Reposition of the “date” label by ALAN
Delete logs according to the specific date by ALAN
Presentation Slides, Demo and MPEG Video
Discussion:
The team discusses with supervisor the content to show in the presentation slides and demo.
Conclusions:
· Presentation Slides
- Show the logging policy
- Can state the flaw of the image CAPTCHA if implement standalone and the solutions to it. Can
state it in the report if there’s no intention of including it in the presentation slides.
· Demo
- For the customizer, demo only 1 or 2 of the more important functions as there are too many
functions in it.
· MPEG Video
- A video on our presentation with the presentation slides and demo.
- Can use it as a rehearsal of our presentation and demo.
Action items
Power Point Slide by SEBASTIAN
MPEG Video by LEXIS
No comments:
Post a Comment