Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security Software Technology

Unbreakable Crypto: Store a 30-character Password In Your Subconscious Mind 287

MrSeb writes "A cross-disciplinary team of US neuroscientists and cryptographers have developed a password/passkey system that removes the weakest link in any security system: the human user. It's ingenious: The system still requires that you enter a password, but at no point do you actually remember the password, meaning it can't be written down and it can't be obtained via coercion or torture — i.e. rubber-hose cryptanalysis. The system, devised by Hristo Bojinov of Stanford University and friends from Northwestern and SRI, relies on implicit learning, a process by which you absorb new information — but you're completely unaware that you've actually learned anything; a bit like learning to ride a bike. The process of learning the password (or cryptographic key) involves the use of a specially crafted computer game that, funnily enough, resembles Guitar Hero. Their experimental results suggest that, after a 45 minute learning session, the 30-letter password is firmly implanted in your subconscious brain. Authentication requires that you play a round of the game — but this time, your 30-letter sequence is interspersed with other random 30-letter sequences. To pass authentication, you must reliably perform better on your sequence. Even after two weeks, it seems you are still able to recall this sequence."
This discussion has been archived. No new comments can be posted.

Unbreakable Crypto: Store a 30-character Password In Your Subconscious Mind

Comments Filter:
  • "Reliably better" (Score:5, Interesting)

    by FireballX301 ( 766274 ) on Friday July 20, 2012 @04:39AM (#40709121) Journal
    How many standard deviations above 'random guessing' are we talking about? Over how many trials? And 2 weeks is fine, but what about 6 months to a year?

    I still prefer 80+ character passphrases lifted from song lyrics whenever possible. If you know the song well enough it's impossible to crack, and the search space is still large among people who know you like that particular song
    • I still prefer 80+ character passphrases lifted from song lyrics whenever possible. If you know the song well enough it's impossible to crack, and the search space is still large among people who know you like that particular song

      I highly doubt that the search space is large enough. You cannot memorize many song texts (no more than a few thousand, and I'm being optimistic here) and it is easy to predict from background information which songs you know and like. Given that, plus the fact that it is highly likely that you will start your passphrase at a word boundary, it looks awfully easy to break your 80+ character passphrase using a customized dictionary attack.

      Passphrases from books might fare better, assuming that you have a few

    • I like irreversible hashes generate passwords for me salted with wherever I am.

      sha1('mypassword'+'slashdot.org')

      Tada. Or if you're really paranoid.

      sha512(md5(rot13('mypassword'+'slashdot.org');

      Even sha512("") is just 0x cf83e1357eefb 8bdf1542850d66d8007d620e4050b5715dc8 3f4a921d36ce9ce4 7d0d13c5d85f 2b0ff8318d2877 eec2f63b931 bd47417a81a538327af927da3e

      Good luck cracking that in your or my lifetime.

      echo "Hello Worldslashdot.org" | sha512sum
      78dce89143430dbbda805 9e7cc12a90c9d8f95090972579cb11bc23d119f7bea9f5

      • by Joce640k ( 829181 ) on Friday July 20, 2012 @06:48AM (#40709691) Homepage

        There's numerous flaws in your plan, but that's beside the point.

        The whole point of this system (which you missed) is that it's secure against rubber hose cryptanalysis (aka $5 wrench cryptanalysis).

        • by hlavac ( 914630 )
          Can you do SHA512 in your head? I can't, dammit!
        • Parents described flaws: Like only characters being 0-9 a-f? Such a crypto function can be known/modified without you knowing?

          It's not really secure against the decrypt it or people you know die cryptanalysis, only the don't tell us and people protected by the encryption will live but not you situation.

        • Comment removed based on user account deletion
        • The rubber hose cryptanalysis won't be able to get you to *tell* them the password, but I see no reason why they couldn't get you to *reveal* it by playing the game.

          Since it's subconscious, you won't even know that you're revealing it.

      • As the salt is known and fixed, it'd still be fairly efficient when bruting a large number of passwords at once as would be obtained from a stolen database. A trivial change would make life substantially harder for an attacker: change sha1(mypassword+'slashdot.org') to sha1(mypassword+username+'slashdot.org')
      • Shifting by 64 would result in uppercase letters like A turning into control characters and BELs.

    • by Yvanhoe ( 564877 )
      The search space is incredibly small. You better add one or two unrelated words to that if you want to have a chance.
    • Re:"Reliably better" (Score:5, Interesting)

      by errandum ( 2014454 ) on Friday July 20, 2012 @06:08AM (#40709507)

      That is not true. It has been proven that passphrases can be weaker than passwords, simply because words usually follow each other in an ordered pattern.

      You'll be safe from brute force attacks, but not any attack that adds intelligence to the mix. And if the person cracking your password knows it uses music lyrics you love, you'll be even more at risk since it only has to test for the songs you like.

      What you just described is NOT safety.

      • Re:"Reliably better" (Score:5, Interesting)

        by djmurdoch ( 306849 ) on Friday July 20, 2012 @07:01AM (#40709775)

        But the brute forcer also has to try all sorts of stupid variations:

        One ton O'Mara
        Feel the beat from the tangerine
        Scuse me while I kiss this guy
        I can see Deirdre now Lorraine has gone

        • Re:"Reliably better" (Score:4, Informative)

          by girlintraining ( 1395911 ) on Friday July 20, 2012 @10:17AM (#40712613)

          But the brute forcer also has to try all sorts of stupid variations:

          An 8 character password using ASCII printable characters only has 5,595,818,096,650,401 possibilities. I'm guessing less than that number of songs have been written... even with variations in lyrics. Even with a thousand variations per song, and a trillion songs to seed the password cracker... you're still looking at a few minutes, perhaps an hour, to crack your password. Your keyspace is pathetically small.

          Length does not increase entropy.

          • by kbolino ( 920292 )

            An 8 character password using ASCII printable characters only has 5,595,818,096,650,401 possibilities

            GP was talking about 80 character passwords (not 8), which even if we assume a low entropy of 2 bits per character still gives you 160 bits of entropy. If you throw odd spellings, capitalizations, number substitutions, and in-jokes into the mix, you can significantly increase that number, but 160 bits still puts you well above

            Length does not increase entropy.

            Yes it does.

            Let X and Y be independent and identi

      • Deftones and many genres of music have lyrics which don't follow normal language ordering. How about the song scatman - not many actually like it but the lyrics easily burn into your head.

    • But you don't get around the extraction by torture. You can tell someone your password is the first verse of God Save the Queen, but what you've got here is actually a form of biometric password, but instead of a finger print, it is instead using the unique process by which you learn a given task, a kind of 'brainprint'. You can still be coerced to enter the password, having been brought to the location. But would you be able to enter the password under duress?

    • Not just that, but for rubber-hose methods - have your victim go through the login a couple times, if you can access a remote login - record. Or even over the shoulder recording of a couple logins (well placed security cam) to get the desired sequence?

      Seems like this has quite a few flaws.

      As for the music lyrics, add quotes from movies/books and poems, and you have an even nicer space to go through. Especially if you can think of (to you) sensible and regular mutilations of the words.

    • by jgtg32a ( 1173373 ) on Friday July 20, 2012 @08:00AM (#40710493)
      I know your password,

      Thank you for being a friend
      Traveled down the road and back again
      Your heart is true, you're a pal and a cosmonaut.

      And if you threw a party
      Invited everyone you ever knew
      You would see the biggest gift would be from me
      And the card attached would say, thank you for being a friend.
    • by Geoffrey.landis ( 926948 ) on Friday July 20, 2012 @08:50AM (#40711247) Homepage

      How many standard deviations above 'random guessing' are we talking about? Over how many trials? And 2 weeks is fine, but what about 6 months to a year?

      You're missing the point. They're missing the point. It's easy to make one password secure against guessing it in a million years of trying.

      But I don't need to remember one password. I need to remember thirty passwords (for my most important stuff, plus another fifty for sites I visit once or twice), all different, and a large subset of which have to be changed every 60 days. If it takes "a 45 minute learning session" for "the 30-letter password to be firmly implanted in your subconscious brain" this is purely out of the question.

      And if the answer is "well, just use the the one password because it's unguessable and you can use it for everything"-- yeah, what could possibly go wrong?

      Fail.

    • Somehow, I can't picture playing Guitar Hero to access my bank machine.
  • by alphatel ( 1450715 ) * on Friday July 20, 2012 @04:40AM (#40709123)

    This 30-character sequence is played back to the user three times in a row, and then padded out with 18 random characters, for a total of 108 items. This sequence is repeated five times (540 items), and then there’s a short pause. This entire process is repeated six more times, for a total of 3,780 items.

    Replace 'character' with 'note' and it's clear subjects were tortured with Philip Glass for 80 hours and won't soon forget.

  • by Anonymous Coward on Friday July 20, 2012 @04:40AM (#40709125)

    State Security forces you to play this game?

    • by Dr_Barnowl ( 709838 ) on Friday July 20, 2012 @05:12AM (#40709289)

      The game only works if the machine knows what your password is, so that you can succeed at playing that sequence better.

      Which reveals the flaw in the scheme ; currently, the computer you are logging into doesn't need to know your password - it stores a hash instead. With this scheme, the machine needs a way to recover your password as plaintext, so that it can test you on it. Which means that if you can sieze the system itself, you can get into it, you just need to extract the password and train someone else to know it.

      • by Junta ( 36770 )

        Shared secrets are not insecure. Applied incorrectly they are insecure.

        When a given pairing is unique (i.e. the credential authenticates exactly one endpoint to exactly one other endpoint), then a breach of the level of acquiring the password data is likely going to yield nothing more than you already have: free reign over the system holding the data. In this case, the authenticator selected the characters randomly.

        Shared secrets generally allow something that's impossible with one-way hashes: Being inher

    • Homey don't play that game.

  • by Chrisq ( 894406 ) on Friday July 20, 2012 @04:40AM (#40709127)
    The "cross-disciplinary team of US neuroscientists" came up with the most original excuse ever for why they were spending all their grant money on games consoles and all their time playing games.
    • Re: (Score:2, Insightful)

      by Anonymous Coward

      I can't stand idiots like you, who always act as if games were an "excuse" or "waste of time", when they are the MOTHER of all education, art, sports and entertainment.
      There is no better way to explore something new, than games. That's what they are there for.
      It's things like school as we know it, that is a waste of time and deeply utterly wrong.

    • How on Earth did the parent get modded "Informative"? Funny, yes, informative, no.

      • Re: (Score:3, Funny)

        Mods occasionally rate a funny post as something else to boost that person's karma rating, since Funny doesn't give a karma boost.

        ...or at least that's how it used to work, something might have been tweaked in the moderation system since that was true.
  • by Anonymous Coward on Friday July 20, 2012 @04:41AM (#40709135)

    Log in or else!

  • by kasperd ( 592156 ) on Friday July 20, 2012 @04:42AM (#40709145) Homepage Journal
    It sounds like the way this works, the server will need to know what the password is in order to produce the combined sequence. Doesn't that make it weaker than ordinary passwords? And if you repeatedly get the same random sequence, over time you'll learn that as well. OTOH if you get different random sequences, then it would be possible to extract the original sequence. Did I miss something here?
    • Sort of - there are caveats.

      There are a few ways to do this.
      Pretending that it's for the moment typing a letter in response to some other letter.
      If the correct response to a stimulus 'A' is 'a' - then the server can take a response to a randomly chosen phrase -
      AQRGS, and then get response fqrgs, and hand both of these over to an authentication server, which determines the match.

      Or, it can contact an authentication server, which deals with both the exact challenge to be sent, and verifies the response.
      In som

      • by realityimpaired ( 1668397 ) on Friday July 20, 2012 @05:11AM (#40709279)

        Or, it can contact an authentication server, which deals with both the exact challenge to be sent, and verifies the response.
        In some apps, this may be a valid way to do things.

        Not really... if I want to crack your password, all I have to do is send a few requests to the authentication server, and look at the challenges it responds with. Find the sequence of 30 characters that's repeated in all of them, and there's your password.

  • by mwvdlee ( 775178 ) on Friday July 20, 2012 @04:53AM (#40709191) Homepage

    Their experimental results suggest that, after a 45 minute learning session, the 30-letter password is firmly implanted in your subconscious brain. Authentication requires that you play a round of the game

    I'm assuming I'll still be automatically logged out after 5 minutes of inactivity, cannot recover but will have to change my password when forgotten and passwords will expire every month?

    Also; the research suggests users will have to perform better on the injected "password" sequences than random sequences... how will they deal with top players that get a perfect score every time for the entire sequence?

  • Up, left, left, left, down, up, down, up, right. Got it.

  • by cvd6262 ( 180823 ) on Friday July 20, 2012 @04:57AM (#40709217)

    up-up-down-down-left-right-left-right-B-A-start

  • 38 bits of entropy (Score:2, Insightful)

    by Anonymous Coward
    Only 38 bits of entropy because there's only 6 choices for each of the 30 characters. Yeah a Tesla GPU can chew through that in a day. I'd post the relevant XKCD comic but I'm pretty sure everyone here knows what it is already.
  • by art6217 ( 757847 ) on Friday July 20, 2012 @04:58AM (#40709225)

    The system requires that you copy-write a short random message by hand, but at no point do you actually remember the subtleties of your individual writing style, like the ballpoint pressure or distribution of the shape of "o"s, meaning it can't be presented as a plain sequence of letters and it can't be obtained via coercion or torture i.e. rubber-hose cryptanalysis. The system, devised by Anonymous Coward, relies on implicit learning, a process by which you absorb new information, but you're completely unaware that you've actually learned anything; a bit like learning to ride a bike. The process of learning the password (or cryptographic key) does NOT involve anything, as your writing style is likely already precisely and intricately shaped for years.

    Without a human specialist, a dedicated OCR software would need to be developed, though...

  • How does the scheme prevent ``play this game or I'll kill your family''?
  • Who has 45 min to learn a new password? I can't see a company willing to
    pay someone for 0.75hr just to learn a password.

    -AI

    • Who has 45 min to learn a new password? I can't see a company willing to pay someone for 0.75hr just to learn a password.

      -AI

      Well then I suppose you would find a company who finds no point in protecting their most valuable asset (people) from losing their second most valuable asset (information).

      Maybe the senior executives would sing a different tune if you showed them that 75% of their current workforce passwords were cracked in 45 seconds or less.

      • by Corbets ( 169101 )

        Who has 45 min to learn a new password? I can't see a company willing to
        pay someone for 0.75hr just to learn a password.

        -AI

        Well then I suppose you would find a company who finds no point in protecting their most valuable asset (people) from losing their second most valuable asset (information).

        Maybe the senior executives would sing a different tune if you showed them that 75% of their current workforce passwords were cracked in 45 seconds or less.

        Or they just might figure that people who lack the capacity to memorize a reasonably complex password may not, after all, be all that valuable of an asset.

      • Who would allow a truly secure system to have static passwords - most require a change once a month. Now it costs 9 hours a year, or 0.5% of your entire payroll costs just to learn the passwords. Since the sequence must be played back using a large string of random sequences in which the password sequence is embedded, I presume that would probably take at least 2 minutes to be of both necessary and sufficient length. Let's presume that you only have to log in twice a day (when you arrive, and when you com

      • Passwords are like religion: some people see the need for them in every aspect of life and would prefer they be ever more complex, forcing the user to memorize and supplicate to them.

        Passwords are way overrated. This would neither increase nor reduce security issues, merely exchange sets. On the other hand, Guitar Hero might become extremely popular.
      • by BVis ( 267028 )

        Well then I suppose you would find a company who finds no point in protecting their most valuable asset (people)

        HAHAHAHAHAHAHAHAHAHAHA... oh wait, you were serious, let me laugh even harder...

        To the vast majority of companies out there, you are not an asset, you are a liability on a balance sheet. Nobody can ever work hard enough to justify their salary, no matter how pathetic or insulting that salary is. You are less valuable than the office furniture.

        Maybe the senior executives would sing a different tu

  • it can't be obtained via coercion or torture â" i.e. rubber-hose cryptanalysis

    Correct me if I'm wrong, but I fail to see how that could be true. How could you NOT be forced to play the authentication "game" by torture or coercion? wtf?

    • by jamesh ( 87723 )

      it can't be obtained via coercion or torture â" i.e. rubber-hose cryptanalysis

      Correct me if I'm wrong, but I fail to see how that could be true. How could you NOT be forced to play the authentication "game" by torture or coercion? wtf?

      How are you going to type your password... if you have no fingers?

      • Very slowly. With your tongue. On the super-grimy keyboard from the public kiosk in the lobby.

        So why don't you just make things easier for everybody and log in before Mr. Nibbles gets hungry? *display bolt cutters*

  • by ItsIllak ( 95786 ) on Friday July 20, 2012 @05:14AM (#40709305) Homepage

    Passwords are clearly a very bad idea - they just don't work for any number of logical, social and practical reasons. So it's great to see real thought going into alternatives. Although I think the overhead of 45 mins learning and other issues with this are a problem, I think the general premise must have something in it that would work well.

    The fact we can recognise that we know something, even if we can't repeat it - e.g. you know if someone sings the wrong lyrics to a song even if you can't remember them yourself - MUST have some solution to this problem embedded in it somewhere...

    • Wouldn't biometrics already be a better solution if you want an authentication routine that strong? I mean to bypass multiple input biometrics (fingerprint + some other bodily feature) you'd have to kidnap the user. And if you already have the user under your control, you can probably force any strong password out of him.
    • by Hatta ( 162192 )

      My passwords work just fine. What's wrong with yours?

  • by Arancaytar ( 966377 ) <arancaytar.ilyaran@gmail.com> on Friday July 20, 2012 @05:19AM (#40709323) Homepage

    Authentication requires that you play a round of the game — but this time, your 30-letter sequence is interspersed with other random 30-letter sequences.

    This requires the password to be stored in clear in the system. I think the brain is more trustworthy than that...

  • by aglider ( 2435074 ) on Friday July 20, 2012 @05:45AM (#40709423) Homepage

    We need to recall the password after 1 year or even 2.
    Please, go on with the tests!

  • How are you supposed to protect a password that you don't even know? It seems to me if someone knew how the system worked, they could trick an unsuspecting user into divulging their password without the users knowledge. This is obfuscation, nothing more.
  • Completely broken. (Score:4, Insightful)

    by bakuun ( 976228 ) on Friday July 20, 2012 @06:48AM (#40709697)
    A few readers have commented that the system will need to know your unhashed password. This is clearly bad, but there are even worse flaws.

    A 30-character password sounds awfully strong (60^30 combinations if upper/lower-case chars and numbers are used). However, from the article: "Authentication requires that you play a round of the game — but this time, your 30-letter sequence is interspersed with other random 30-letter sequences". This means that the number of characters is irrelevant, really. What matters is the number of "30-letter sequences", and since you need to play them all, they will need to be limited. How many? 10 would probably too many to play, but will still only be the equivalent of a single-digit password. This system will be trivial to crack with brute-force guesses.

    Even worse, repeated "login attempts" will reveal which sequence is the correct one - simply check which sequence repeats between tries.
  • How does your subconscious know which password to use? How many 30-bit passwords can be "implanted"?

    Incidentally, the fact that the password is known is really not an issue, if you consider it simply another factor of security. I wouldn't want to play a damned game every time to log in anyway, but if I only occasionally used an account and this was used to verify the system I was on, that would be fine. Call it the Rumsfeld system: you log in with something you know, and something you don't know you know.

  • So yeah, how'd you type this in a login prompt?

    • by azalin ( 67640 )
      No boss, I'm not playing Guitar Hero/Portal/Diablo, I'm trying to log into the network...
  • Seriously, does nobody play Beatmania/IIDX here?

    If I'm not mistaken, the only way the system checks whether you know the password is to ask you to play a pseudo-random "game", which they presume a person trained with the passphrase will play better. ...

    And I guess the authors haven't ever got pwned by an expert IIDX player.......

    (Just search Youtube for videos. If you think 45 minutes is enough for you to play better than them, you're terribly mistaken...)

If A = B and B = C, then A = C, except where void or prohibited by law. -- Roy Santoro

Working...