Secure UI: 9-Block Phishmarks

When I originally came up with the idea of phishmarking, I was thinking of using fractal patterns.  Unfortunately, fractual patterns are rarely simple symmetrical designs so they are more difficult to remember.  So while I was looking for a different approach, I remembered Jared Tarbell's 9-Block Pattern Generator at which basically does what quilt makers have been doing for ages but with simple shapes that can be used to build a shape that is easy to recognize even at small size.

It uses following 16 shapes, rotations, colors, inversion, and some rule for symmetry to generate astonishing number of designs.

Below is my implementation of 9-block phishmarks being used in browser toolbars.  Note that phishmarks are anti-aliased because the display area on the toolbar was too small.  Cool, eh?

Pretty and Safe!

BTW, Jared told me that 9-block pattern generation algorithm can be used without a license although his Flash code is under GPL.  Jared also has other interesting graphics generators that could be used for phishmarking although I am not sure about licensing.  For example, Bone Piles and Combinatorial Critters are pretty interesting although they will require more real estate and more complex coloring schemes.

9-block quilts are very interesting although not enough to make me want to take up the sewing needle.  Heh.  Anyway, if you want to find out more, here are some links to get you staretd:


To be more precise about how many unique patterns can be generated, above implementation uses 17 bits for the pattern (3 bits for the middle shape and 7 bits each for corner and side shapes) plus foreground and background colors.  Taking limits of human vision and color restrictions, I would say this implementation of 9-block phishmarks can generate around a billion easily recognizable unique patterns.  That's enough, I think, against phishing.

If not, adding a few more shapes will be enough to assign a unique design for every single person on earth.  Hmm.  Wouldn't it be interesting to assign one to each last names so they can be used as 'house' symbols?

Update #2:

Please read the post about PassMark patent that could affect this and other phishmarks.