Nathaniel Borenstein <nsb@nsb.fv.com> wrote:
Programs needing secure entry create a "secure entry field" which is really just an imagemap with the digits (and alphas if required) placed randomly about. The user then uses the mouse to click on these numerals. Ideally the graphics that represent the numerals would be drawn from a random pool and are misformed to thwart any OCR attempts. The graphics could be made even more difficult to OCR by mixing in words and pictures to represent the numbers. If any particular program for doing this came into widespread use, we could engineer an attack, similar to our keystroke attack, based on the specific properties of the approach used.
You could try but I don't think you would succeed. I have problems doing OCR on faxes with a top of the line OCR program. Don't tell me your trojan horse is going to be able to OCR images that are designed to be hard to OCR. Here is an example of an imagemap for secure number entry. http://www.l0pht.com/~weld/numbers.html Since this is inherently a visual thing, I thought I would cook up a graphic on the web siince you cannot do this via email easily. Weld Pond - weld@l0pht.com - http://www.l0pht.com/ L 0 p h t H e a v y I n d u s t r i e s Technical archives for the people - Bio/Electro/Crypto/Radio L0pht Open House 2/3/96 at 8:00pm - Live on irc #l0pht - write root@l0pht.com for details.