By Woody Evans
Forgive me, I am no code breaker. Â But it struck me some time ago that we do passwords the wrong way.
Weâ€™ve witnessed the steady uptick in password requirements online since we got online big-time in the 90s, and it seems the upticking might morph into ways of â€œdoing securityâ€ that are potentially much more intrusive, and much more sinister than â€œsecurity theaterâ€. Â Witness this weekâ€™s NPR story (All Tech Considered, 25 July) about privacy and account hacking that pointed to what I see as only less-than-excellent choices â€” â€œstrongerâ€ passwords, objects (arphids?), or biometrics.
Stronger passwords means longer passwords, and/or passwords with increasingly novel characters. Â Will debit card readers eventually require 9 character PINs with at least one in Cyrillic? Â I reckon, post-singularity, weâ€™ll have to use infinitely long passwords. Â Objects keys are interesting, as is RFID. Â But since being burned by thumbdrives earlier in the Century (and 5â€ floppies, diskettes, CDRs during the last) the notion of trusting a thing I tote to bear data I need seems not so robust. Â And biometrics is where I donâ€™t want to go â€” but, no doubt, it is where we will go. Retina, gait patterns, voice timbre, and even good old fingerprint recognition are abundant these days, and all are trending up.
Now it occurs to me that before we get too far ahead of ourselves, we should re-imagine ways to improve the simplest option. Â Passwords arenâ€™t weak, theyâ€™re just
dumb. Â I propose smart passwords that weâ€™ll here call â€œphasekeysâ€.
A phasekey isnâ€™t a string of characters. Â Phasekeys are formulae.
When you create a new account, you set a username, and you might still give the system personally identifying information (anything from a birthday, a maiden name, a fingerprint scan, whatever). Â But the password section asks for an initial PIN or character string of some kind plus a mathematical operation.
You put in a password of â€œ2000yippieâ€ and select an operation like â€œmultiply by xâ€ to get a phasekey of 2080*x (2000259161695 is 2000 and the numerical correspondances of each letter in yippie: 25,9,16,16,9,5; the string of numbers is added to get 2080), where â€œxâ€ is determined at each new login. Â Upon each login, a user would determine the value of x. Â The phasekey has 3 blank forms, where the login has just one.
Login:Â Â Â Â Â Â podunk.cypherdellic
Password:Â Â Â 2000yippie
x equals:Â Â Â 4
Phasekey:Â Â Â 8320
This is a simple illustration of the idea, but you can imagine much more baroque operations. Â Longer passwords with â€œspecial charactersâ€ acting as actual operators (â€œbbq^2â€ comes out to be 441) and more sophisticated choices in the â€œx equalsâ€ field (9x-[the cube of the second character]) would make breaking into an account really hard. Â Phasekeys are also simpler, in that you can start with an intuitive password with real words and numbers. Â You donâ€™t even have to use special characters. Â You could use â€œpasswordâ€ and still be safe.
Phasekeys are different from passwords because they describe movements and operations rather than static strings of characters. Â They make â€œpasswordsâ€ into a whole other category of thing by giving them some set (if changing and changeable) treatment.
Now it may be the case that all phones will shortly come with built-in biometric locks. Â When you wink at it, it wakes up and sighs… when somebody else winks at it, it barks â€œBack off, Smurfetteâ€ in its best Warren Ellis. Â The pros and cons of ubiquitous biometrics can be debated. Â The uses and abuses will be myriad, funky, and surely sometimes fun. Â But before we slip too far down that slope, letâ€™s try a bit of phase-space tantra on a good old standard tool. Â Letâ€™s meta the password.
Attn cypherpunks: is any of this remotely realistic?