Jump to content

Template:User committed identity/doc

From Wikinews, the free news source you can write!

This template gives you a way to later prove that you are the person who was in control of your account on the day this template was placed. This is done by putting a code (called a "hash") on your user page so that, in the event that your account is compromised, you can convince someone else that you are really the person behind your username.

Why?

[edit]

The intended use of this template is to help in the hopefully unlikely event that your account is compromised. If you published your real-life identity, then that identity could be used to reestablish contact with you if your account were compromised; keep in mind, in this scenario contact could not be established with you through your account, since it may be under the control of someone else. However, many Wikipedia users do not disclose their real-life identities, or disclose little enough of them that it may be difficult to establish their identity.

This is not a replacement for having a strong password, nor for registering an email address for your account. You should still do everything you can to prevent your account being compromised, including using a strong password and remembering to log yourself out when using a computer others may have access to. If you have one, it may also be helpful to post your PGP public key. But even with the best of precautions, your account could become compromised, for instance, via a trojan horse or a brute-force attack on your password. This is intended to be a last resort.

How

[edit]

The idea is to use cryptographic hashes; you choose a secret string known only to yourself, put it through a one-way hash function, and publish the result somewhere. As the result is a hash, nobody can easily work backwards from the hash to the secret string; hence, if you give the secret string to someone and they hash it and the hash turns out to be the same as the one published, it is very strong evidence that the person giving the secret string is the same person who originally published the hash. An attacker compromising an account presumably would not know the secret string.

Syntax

[edit]
{{User committed identity|hash|hash function used|background=CSS color|border=CSS color|article=grammatical article for the hash function}}

Italicized text should be replaced with appropriate input, or its parameter should be removed. Parameters are represented by 'parameter=value", and separated by vertical bars |.

  • Replace "hash" with the hash produced from your secret string. The implicit name of this parameter is "1" (see numeric parameters).
  • The "hash function used" parameter, if not included, defaults to SHA-512. (This hash function is recommended.)
  • The "background" parameter, if not included, defaults to #E0E8FF (light blue, see Web colors#Hex triplet)
  • The "border" parameter, if not included, also defaults to #E0E8FF.
  • The "article" parameter, if not included, defaults to "a". The other likely value is "an".

If your hash is "ef7c4c55a176bd20ed558aaefde21c4803080195" using SHA-1, and you want a light orange box with a black border, use the following code

{{User committed identity|ef7c4c55a176bd20ed558aaefde21c4803080195|SHA-1|background=#FC9|border=#000}}

to produce

Committed identity: ef7c4c55a176bd20ed558aaefde21c4803080195 is a SHA-1 commitment to this user's real-life identity.

Choosing a good secret string

[edit]
  1. Your secret string should not be easy to guess. If you haven't openly declared your real-life identity on Wikipedia, then any string specifying your real-life identity is a good secret string. If you have openly declared who you are, your secret string should specify more information that wouldn't be easy to guess. If your string is easy to guess, then the fact that you know the string may not be very persuasive. For example, a string of 'joe' will be way less convincing than 'My name is Joe Schmoe, and I can be contacted at: joe@schmoe.com'
  2. Your secret string should specify enough of your identity that, if the string were revealed, you could unambiguously prove you match that identity. For instance, your secret string could include a telephone number or email address at which you can be reached.
  3. Try not to choose a secret string that represents your identity that could go completely out of date. So, for instance, it may be bad to choose a string that specifies only your telephone number as your number might change.
  4. If you want to change your secret string, do so, but keep track of all your old secret strings. It is best to reveal all of them if you ever want to confirm your identity, as this will establish that you are the same person who used your account from the first moment the committed identity was published.
  5. Your secret string should not be short: at least 15 characters. A dedicated attacker could, by brute force, try strings until they find your secret string, but if your string is long enough, that attack would take too long to be practical. If your string is 15 characters long, there are around 1027 strings of that length, or an octillion (and that's just counting alphanumeric strings with spaces).
  6. Your secret string should not only contain an email address, name or phone number, but should contain hard to guess components. "jsmith@hotmail.com" for example may be vulnerable to both dictionary attacks and the database of email addresses from hotmail leaking, enabling attackers to check 'only' those hundred million names against all published hashed identities, which is computationally much easier than the above would indicate.

Getting the hash

[edit]

Be sure to note the exact string you enter into the form, in case you need to use it later. It is important that this string be both easily remembered exactly by you and hard to guess by any intruder - if an intruder knows the secret string, then this is useless. One's username is public and guessable; one's password is not a good choice either, as in the event of a compromised account, the password may have been guessed.

On unixlike systems the md5sum, sha1sum, sha224sum, sha256sum, sha384sum, and sha512sum programs are provided in the GNU Core Utilities. Windows users may use one of the methods mentioned below, or those who have PowerShell installed can generate a hash using the following command. Provide your secret phrase in the location indicated:

[bitconverter]::tostring((new-object security.cryptography.sha512managed).computehash([text.encoding]::utf8.getbytes("Secret phrase here"))).replace("-", "")

It is recommended that SHA-512 be used, as recent cryptographic research has cast doubt on the longterm viability of using SHA-1. The template defaults to SHA-512 if the hash function parameter is omitted. For security, you should only use locally executed programs, or client-side javascript, to create your hash. Examples of such hash calculators include jsSHA and HashCalc 2.01.

Compromised identities

[edit]

In case your account is compromised, to make use of your committed identity to someone and prove you are the same person who originally controlled the account, give a trusted user the exact secret string you originally entered into the box. They can then compute the appropriate hash of that same string and verify that it is the same result and that you are who you say you are.

Once you've established your identity, and set up a new account or regained control of the original account, you'll probably want to create a new hash as now someone (possibly multiple someones depending on who and how you told the secret string to) else knows the secret string.

See also

[edit]