Šablon:Korisnik kovertirani identitet

S Wikipedije, slobodne enciklopedije
Kovertirani identitet: {{{1}}} jest obligacijski SHA-512 stvarnog identiteta ovog korisnika.
Dokumentacija šablona[uredi] [historija] [osvježi keš]
Ova dokumentacija je prikazana u Šablon:Korisnik kovertirani identitet/dok.

Ovaj šablon Vam daje način da kasnije potvrdite, da ste Vi osoba koja kontroliše Vaš korisnički nalog na dan, kada je šablon postavljen. Ovo je učinjeno postavljanjem koda (nazvanog "hash") na Vašu korisničku stranicu, tako da, u slučaju da je Vaš account kompromitovan, Vi možete uvjeriti nekoa drugog, da ste upravo Vi stvarna osoba koja koristi Vaše korisničko ime.

Zašto?[uredi izvor]

The intended use of this template is to help in the hopefully unlikely event that your account is compromised. If you published your real-life identity, then that identity could be used to reestablish contact with you if your account were compromised; keep in mind, in this scenario contact could not be established with you through your account, since it may be under the control of someone else. However, many Wikipedia users do not disclose their real-life identities, or disclose little enough of them that it may be difficult to establish their identity.

Ovo nije zamjena za imanje jakog pasvorda, niti za registrovanje email adrese za Vaš korisnički nalog. You should still do everything you can to prevent your account being compromised, including using a strong password and remembering to log yourself out when using a computer to which others may have access. If you have one, it may also be helpful to post your PGP public key. But even with the best of precautions, your account could become compromised, for instance, via a trojan horse or a brute-force attack on your password. This is intended to be a last resort.

Kako?[uredi izvor]

Ideja je da se koristi kriptografski "hash"e (hash=sjeckano meso, haše); you choose a secret string known only to yourself, put it through a one-way hash function, and publish the result somewhere. It is infeasible to determine the secret string corresponding to the hash; hence, an attacker compromising an account presumably would not be able to supply the secret string.

Korištenje[uredi izvor]

{{Korisnik kovertirani identitet|hash|hash function used|background=HTML-boje|border=HTML-boje|article=grammatical article for the hash function}}

Primjer[uredi izvor]

Kovertirani identitet: cac8b3cc95d3ea4c3bb262d2d8575bb0a511aeb7 jest obligacijski SHA-1 stvarnog identiteta ovog korisnika.

Odabiranje dobrog tajnog niza[uredi izvor]

  1. Vaš tajni niz ne bi smio biti jednostavan za pogađanje. If your string is easy to guess, then the fact that you know the string is not likely to be very persuasive. For example, a string of 'joe' will be less convincing than 'My name is Joe Schmoe, and I can be contacted at: joe@example.com; random bits:fFfwq0DuDmMXj8hYTM3NTKeDhk'
  2. Your secret string should specify enough of your identity that, if the string were revealed, you could unambiguously prove you match that identity. For instance, your secret string could include a telephone number or email address at which you can be reached.
  3. Try not to choose a secret string that represents your identity that could go completely out of date. So, for instance, it may be bad to choose a string that specifies only your telephone number as that number might change.
  4. If you want to change your secret string, do so, but keep track of all your old secret strings. It is best to reveal all of them if you ever want to confirm your identity, as this will establish that you are the same person who used your account from the first moment the committed identity was published.
  5. Your secret string should not be short. A dedicated attacker could, by brute force, try short strings until they find your secret string, but if your string is longer that attack would be impractical. If your string is 15 characters long, there are around 1027 strings of that length, or an octillion (and that's just counting alphanumeric strings with spaces).
  6. Your secret string should not only contain an email address, name or phone number, but should contain hard to guess components. "jsmith@hotmail.com" for example may be vulnerable to both dictionary attacks and a search of email addresses, enabling attackers to check 'only' those hundred million names against all published hashed identities, which is computationally much easier than trying to identify a randomly chosen string.

Getting the hash[uredi izvor]

Be sure to note the exact string you enter into the form, in case you need to use it later. It is important that this string be both easily remembered exactly by you and hard to guess or find by any intruder - if an intruder knows the secret string, then this scheme is useless and provides no security. One's username is public and trivially guessable; one's password is not a good choice either, as in the event of a compromised account, the password is likely to have been guessed.

On Unix-like operating systems the md5sum, sha1sum, sha224sum, sha256sum, sha384sum, and sha512sum programs are provided in the GNU Core Utilities. Windows users may use one of the methods mentioned below; those who have PowerShell installed can generate a hash using the following command. Provide your secret phrase in the location indicated:

[bitconverter]::tostring((new-object security.cryptography.sha512managed).computehash([text.encoding]::utf8.getbytes("Secret phrase here"))).replace("-", "")

It is recommended that SHA-512 be used, as recent cryptographic research has cast doubt on the long-term security of SHA-1. The template defaults to SHA-512 if the hash function parameter is omitted. For security, you should only use locally executed programs, or client-side javascript, to create your hash. Examples of such hash calculators include jsSHA and HashCalc 2.01.

To verify that you are correctly hashing your secret string, you can try hashing 'My name is Joe Schmoe, and I can be contacted at: joe@example.com' (without the enclosing single-quotes). Your SHA-512 hash should be:

b7a84efbbd843545666957384e874c894fdc17f48ced53abd231c2e4d08e45ad10287b1225432e3ed9794c12994ff1e82aecf66a2ded61ad4baf6d8b9c81dab8

Također pogledajte[uredi izvor]