Jul 26 2011

Podunk Cryptography

""){ ?> By Woody Evans


Forgive me, I am no code breaker.  But it struck me some time ago that we do passwords the wrong way.

We’ve witnessed the steady uptick in password requirements online since we got online big-time in the 90s, and it seems the upticking might morph into ways of “doing security” that are potentially much more intrusive, and much more sinister than “security theater”.  Witness this week’s NPR story (All Tech Considered, 25 July) about privacy and account hacking that pointed to what I see as only less-than-excellent choices — “stronger” passwords, objects (arphids?), or biometrics.

Stronger passwords means longer passwords, and/or passwords with increasingly novel characters.  Will debit card readers eventually require 9 character PINs with at least one in Cyrillic?  I reckon, post-singularity, we’ll have to use infinitely long passwords.  Objects keys are interesting, as is RFID.  But since being burned by thumbdrives earlier in the Century (and 5” floppies, diskettes, CDRs during the last) the notion of trusting a thing I tote to bear data I need seems not so robust.  And biometrics is where I don’t want to go — but, no doubt, it is where we will go. Retina, gait patterns, voice timbre, and even good old fingerprint recognition are abundant these days, and all are trending up.

Now it occurs to me that before we get too far ahead of ourselves, we should re-imagine ways to improve the simplest option.  Passwords aren’t weak, they’re just
dumb.  I propose smart passwords that we’ll here call “phasekeys”.

A phasekey isn’t a string of characters.  Phasekeys are formulae.

When you create a new account, you set a username, and you might still give the system personally identifying information (anything from a birthday, a maiden name, a fingerprint scan, whatever).  But the password section asks for an initial PIN or character string of some kind plus a mathematical operation.

You put in a password of “2000yippie” and select an operation like “multiply by x” to get a phasekey of 2080*x (2000259161695 is 2000 and the numerical correspondances of each letter in yippie: 25,9,16,16,9,5; the string of numbers is added to get 2080), where “x” is determined at each new login.  Upon each login, a user would determine the value of x.  The phasekey has 3 blank forms, where the login has just one.

Login:        podunk.cypherdellic
Password:    2000yippie
x equals:    4

Phasekey:    8320

This is a simple illustration of the idea, but you can imagine much more baroque operations.  Longer passwords with “special characters” acting as actual operators (“bbq^2” comes out to be 441) and more sophisticated choices in the “x equals” field (9x-[the cube of the second character]) would make breaking into an account really hard.  Phasekeys are also simpler, in that you can start with an intuitive password with real words and numbers.  You don’t even have to use special characters.  You could use “password” and still be safe.

Phasekeys are different from passwords because they describe movements and operations rather than static strings of characters.  They make “passwords” into a whole other category of thing by giving them some set (if changing and changeable) treatment.

Now it may be the case that all phones will shortly come with built-in biometric locks.  When you wink at it, it wakes up and sighs… when somebody else winks at it, it barks “Back off, Smurfette” in its best Warren Ellis.  The pros and cons of ubiquitous biometrics can be debated.  The uses and abuses will be myriad, funky, and surely sometimes fun.  But before we slip too far down that slope, let’s try a bit of phase-space tantra on a good old standard tool.  Let’s meta the password.

Attn cypherpunks: is any of this remotely realistic?

  • By ENKI-2, July 27, 2011 @ 6:13 am

    Regarding whether or not it is realistic: in one sense, it is quite realistic, because it’s done all the time by computers. UNIX uses trapdoor passwords, which encrypt the plaintext lossily by interpreting the characters as meaningful (in a more nuanced way than you described).

    In another sense it is entirely unrealistic. Human beings often can barely remember their passwords (or type them correctly), let alone perform elaborate mental math on them! Furthermore, slightly more elaborate variations of the idea you proposed above may run into the halting problem (the login system asks you a question that cannot in fact be solved because it involves infinite loops, or comes up with one and never asks you for your password because it’s stuck in an infinite loop searching for the answer to compare yours against). Finally, performing mathematics on strings is something that computers are very good at, and as such, storing a representation of the mathematical properties of a string is much less safe than storing (say) a hash of the string (which cannot be feasibly reversed except by brute force, and ideally cannot be feasibly brute-forced either).

    The problem with passwords (and biometrics, and dongles, etc.) is not with the technology, but with the people. Arguably it also has to do with capitalism: it benefits corporations to market their tech as solving all sorts of security problems with no effort on the part of the customer, even if this encourages the customer to expend no effort in being secure.

  • By Woody, July 27, 2011 @ 8:15 am

    I think the trick is to set a formula known only to the user, and force a bot to work backwards — not to guess a ‘password’ but to have to workout a rendering of a password based on an unknown treatment. Like picking up a phone and expecting to call your sister when you know neither a) her new married name or b) her phone number.

    Here’s a kind of version of how this might look on QR code:

    You can’t untangle the image without knowing what operations were used to tangle it?

  • By ENKI-2, July 28, 2011 @ 5:49 am

    The thing is, for it to work, two things need to be true: the computer performing the authentication needs to know the mechanism, and you need to be able to perform it quickly. So, if the machine performing the authentication is rooted everyone’s password is worthless (which is not the case in current password-secured systems, with the exception of ones run by Sony or other ‘security professional’ idiots who somehow managed to get the job without learning about the security best practices in place since the 60s, because in well-secured systems passwords are stored as hashes and cannot be trivially reversed no matter whether or not the encryption algorithm and key are known), and if the machine doing the authentication is not rooted, any attacker still has fairly low constraints for operations when attempting to guess the function the user is applying (and can maybe guess it in a few tries listening to the connection).

    This is not to say that a system like the one you propose could not be implemented. It could. It’s just that without existing security precautions it would be far less secure than normal password protection, and with existing security precautions it would not be more secure than normal password protection (and would be a lot of extra work for both the programmer and the user).

  • By Woody, February 29, 2012 @ 2:17 am

    Let me try in this way (& I do humbly ask for patience): There is an infinite number of mathematical operations that would leave you with the result “4”.

    Setting a password of 4 and one (and only one!) operation that produces 4 is the idea.

    You’d need a machine that could do an infinite number of operations (-1, maybe) to solve a password that is tied to one and only one specific operation.

    Or something like that…

Other Links to this Post