CaRP should have a (good or well enough)-large effective password space to resist humanguessing attacks.
Animal Grid’s password space can be increased by combining it with a grid-based graphical password, with the grid depending on the size of the selected animal. Click-A-Secret (CAS) (in which/during which/in what way/in what) a user clicks the grid cells in herpassword. Animal Grid is a combination of Click Animal and CAS. The number of grid-cells in agrid should be much larger than the alphabet Size. To enter a password, a Click Animal image isdisplayed first. After an animal is selected, an image of nÃ– n grid appears, with the grid-cell sizeequaling the bounding rectangle of the selected animal.
Each grid-cell is labeled to help usersidentify. For example 4Ã–5 grid when the red turkey in the left image was selected. A user canselect zero to multiple grid-cells matching her password. Therefore a password is a sequence ofanimals interleaving with grid-cells, e.
g., p = “Dog, Grid<2>, Grid<1>; Cat, Horse, Grid<3>”, where Grid<1> means the grid-cell indexed as 1, and grid-cells after ananimal means that the grid is figured out by/decided by the bounding rectangle of the animal. Apassword must begin with an animal. Once the bounding rectangle of the selected animal isidentified, an image of nÃ– n grid with the identified bounding rectangle as its grid-cell size iscreated and displayed.
If the grid image is too large or too small for a user to view, the grid imageis scaled to a fitting size. The user then clicks a sequence of zero to multiple grid-cells that matchthe grid-cells following the first animals in her password, and then gets back to the Click Animalimage. For the example password given (before that/before now), she clicks a point inside grid-cell<2>, and then a point inside grid-cell <1> to select the two grid-cells. The (numbers that describe a location) of user clicked points on the grid image (the original one before scaling ifthe grid image is scaled) are recorded. The above process is repeated until the user has finishedentering her password. The resulting sequence of coordinates of user clicked points, e.g., “AP<150,50>, GP<30,66>, GP<89,160>, AP<135,97>, .
..” where “AP<x,y>” represents the point with coordinates <x , y> on a Click Animal image, and “GP<x , y>” represents the point with coordinates <x , y> on a grid image, is sent to the (verifying someone’s identity) server. Using the ground truth, the server recovers the first animal from thereceived sequence, (grows again/gives life to again) the grid image from the animal’s boundingrectangle, and recovers the clicked grid-cells.
This process is repeated to recover the passwordthe user clicked. Its hash is then calculated and compared with the stored hash.