利用者:NUCO/sandbox/cid
このページは、LunaSys以外の利用者の編集が可能です。 |
このページの情報は古くなっている可能性があります。特に、この記事に挙げられたアルゴリズムのいくつかについては脆弱性が発見されており、もはや安全ではありません。Committed Identityを作成する時は、アルゴリズムが強力なものか確認してください。この通告は2014年2月に追加されました |
乗っ取りからアカウントを保護するための自己証明識別子
[編集]2007年5月7日に英語版ウィキペディアで発生した5名の管理者アカウントが乗っ取られるトラブルを受け、Mangojuiceはユーザーがアカウントを乗っ取られた場合にアカウントを自身のものと証明するための手段を(他のユーザーの助言を得て)考案しました。
英語版ウィキペディアにおいては、300人以上のユーザーがこの方法を使ってアカウントの乗っ取りなどの事態に備えています。
これは何?
[編集]Template:User committed identity gives editors a way to later prove that they are the person who was in control of their account on the day the template was placed. This is done by putting a public commitment to a secret string on the user page so that, in the unlikely event that their account is compromised, they can convince someone else that they are the real person behind the username, even if the password has been changed by the hijacker.
How it works
[編集]An editor chooses a secret string; this is a group of words and numbers or a phrase known only to the account holder. The secret string can be any length; a good string will contain at least 15 characters and include unique information that only the account holder would know, such as a phone number or private e-mail address (not the address associated with your wikipedia account). The secret string is then processed through a cryptographic hash function such as SHA-2 (SHA-512, SHA-384, ...) or SHA-3 to generate a unique hash value or commitment. The commitment is placed somewhere in the editor's User space. If the account is compromised or hijacked, the editor provides the secret string to a trusted administrator or a developer, who verifies that the secret string matches the commitment value. Because the hash function is "one-way", it is impossible to calculate backwards to find a string value matching a given hash value, and the odds of a random string having the same hash value (a Hash collision) is negligible. Therefore, knowing the string that produces a given value is very strong evidence that the person giving the string is the person who originally published it. Once the string is verified, the developers can reset the password to allow the original account holder to regain control.
Alternatively, a user could create a PGP keypair and place the public key on their user page, and then prove their identity by using the private key to sign any message the challenger wants signed. However, this requires more technical competence, and it is necessary to ensure the private key file is well-protected (it is no longer a simple message, although it can of course be encrypted with a passphrase).
Example
[編集]For example, User:DonaldDuck1 chooses a "secret string" that includes the names and birthdate of his nephews. His string is,
Hewey, Dewey and Louie, October 17, 1937.
However, if DonaldDuck1 has mentioned his family on Wikipedia, this might be too easily guessed. A useful variation would be
Hewey October Dewey 17 Louie 1937. Egg salad is murder!
Using this web site to calculate the SHA-512 hash value produces
b43f3e39de3f501217144badfc64687a2f516d5d1205d89e51c003715f8609adfbd085afcac3839f7d1008d185e4ab0040edecf62671dbf66a825823e7d3ad42
User:DonaldDuck1 would then put the hash value on his user page using Template:User committed identity like this:
{{user committed identity|b43f3e39de3f501217144badfc64687a2f516d5d1205d89e51c003715f8609adfbd085afcac3839f7d1008d185e4ab0040edecf62671dbf66a825823e7d3ad42|SHA-512}}
which looks like this:
Committed identity: b43f3e39de3f501217144badfc64687a2f516d5d1205d89e51c003715f8609adfbd085afcac3839f7d1008d185e4ab0040edecf62671dbf66a825823e7d3ad42 is a SHA-512 commitment to this user's real-life identity. |
In the event that DonaldDuck1's account is compromised or hijacked, he can e-mail the string to the Wikimedia Foundation office. If the hash value of the string matches the hash value previously posted on his user page, he will have proven that he is the rightful account owner.
Notes
[編集]- Do not lose your secret string.
- Although the template defaults to SHA-512, any cryptographic hash function can be used. See this web site [リンク切れ] for information on alternatives.
- Your secret string should not be easily guessable based on what you have publicly revealed about yourself. For example, if you use your real name on Wikipedia, your address or telephone number might be guessable, so be sure to make part of your string an unguessable secret.
- This is not a substitute for using a strong password on your account. It is better to never have your account stolen in the first place.
Resources
[編集]- Calculate some common hash values
- Calculate a SHA-3 hash value
- This web site has a number of alternate hash functions [リンク切れ]