22
edits
Identity/Watchdog/Visual Hashing: Difference between revisions
Identity/Watchdog/Visual Hashing (view source)
Revision as of 07:53, 17 November 2011
, 17 November 2011no edit summary
No edit summary |
No edit summary |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 8: | Line 8: | ||
== Screenshot == | == Screenshot == | ||
[[File:Screen_shot_2011-11-16_at_2.01.54_PM.png]] | |||
== Implementation == | == Implementation == | ||
Visual hashing is implemented by including | Visual hashing is implemented by including some javascript [https://github.com/mozilla/watchdog/blob/master/data/js/visualhash.js] [https://github.com/mozilla/watchdog/blob/master/data/js/util.js] into every webpage's runtime environment. This script looks for every input in the page's DOM, selects the ones that are password inputs, and then attaches event handlers to onkeydown, onfocus, and onblur. | ||
When the user types inside the input widget (fires onkeydown events), an offscreen <canvas> element is created, on which the visual hash is drawn. The widget's CSS background is set to the canvas' dataURL, until the user types again (in which case the hash is updated) or changes focus from the password input (in which case the widget's original style is restored). | When the user types inside the input widget (fires onkeydown events), an offscreen <canvas> element is created, on which the visual hash is drawn. The widget's CSS background is set to the canvas' dataURL, until the user types again (in which case the hash is updated) or changes focus from the password input (in which case the widget's original style is restored). | ||
Since the feature can be implemented with just a simple javascript injection, it could be very portable. Currently, it is available as a Jetpack add-on for Firefox, and as a Chrome extension. Porting this functionality to Safari and Internet Explorer should be fairly easy. | |||
== Security Concerns == | == Security Concerns == | ||