> <i>It also gives you deniability: If a judge or policeman orders you to hand over your password, you can plausibly say that you don’t actually know it</i><p>The UK law requires that you make the encrypted data intelligible. Since you have encrypted data there's a pretty good chance you have the software to decrypt it. "They" don't want the password, they want the data.<p>Failing to make the data intelligible (whether that's failing to provide the passphrase or whatever) carries a 2 year prison sentence for some people, with possibilities for a 5 year sentence for others.<p>tl:dr - this does not prevent law enforcement from getting the password.<p>Also, using this to guard against rubber hosing is stupid. People prepared to use torture will do so, whether there are laws preventing it or if it's going to provide any useful evidence or not.<p>----
EDIT: META:<p>Extremetech articles are really lousy. The self-posting by the author of a poorly written article is a problem; the heavy ad load is another problem, but I find it hard to believe that there isn't a vote ring up-voting these lousy articles.<p>A quick glance shows that about 90% of Mrs Ebastian's subs are to articles that they've written, for their employer.
Some clarification/speculation: This is a method of authentication, not encryption. The trained sequence is not used to unlock/decrypt your data. In the multi-factor authentication scheme, this is probably best thought of as "something you are", and might be used along with something you have (RSA token, physical key, RFID badge) and something you know (encryption password, secret handshake). The threat model in the paper talks about protecting physical access and ensuring the person is watched by a guard.<p><i>"Threat model. The proposed system is designed to be used as a local password mechanism requiring physical presence. That is, we consider authentication at the entrance to a secure location where a guard can ensure that a real person is taking the test without the aid of any electronics"</i><p>Many of the comments I see here tend to assume that this is directly applicable to protecting a remote system such as logging in to a website. Perhaps with adaption this could be a useful technique for authenticating into a website, but as far as I know no authentication scheme can protect against an intruder with a gun to your head forcing you to log in. Instead, the use case here is to prevent someone who has stolen your ID badge and forced you to give up your PIN from being able to get access to the top-secret bunker.
Quite the login method:<p>1) Tell me who you are, so I can load up your secret 30 character "password" from some database (the fact that this needs to be stored in a retrievable way makes this entire system insecure)<p>2) Here's one random sequence of 30 characters. Look at it for a little bit, ok now try to reproduce it from memory.<p>3) Repeat several times (not stated how many).<p>4) One of those attempts was your specific password, let me check to see if you did significantly better at it than the other (random) ones.<p>==========================<p>EDIT: Upon re-read, it sounds like 2-4 are a bit different:<p>2) Play a long sequence of characters "Guitar-Hero" style. The computer will "slip-in" the true password and watch to see if you do better on that section.<p>Still storing the password in the clear and still susceptible to being watched several times and finding the "common" sequence.
This is basically the same method I use for laptop hard disk encryption. I don't remember the password, but I typed it so many times my fingers remember exactly the pattern to type. Kind of like playing a piano.<p>Several times i've been drinking and am unable to remember how to log into my machine, because I can't replicate the pattern and don't remember the password. After 15 minutes of concentration it comes back.
> <i>If a judge or policeman orders you to hand over your password, you can plausibly say that you don’t actually know it</i><p>Surely for this system to help in allowing you to plausibly say that, you'd have to reference this system (or equivalent) and demonstrate that it is indeed used for the authentication the police want access to. And in that case, surely the police could just say "in that case, please authenticate for us"?
So all the clever people have concluded that this system is useless, because you can pull a gun on someone and force them to play the game. Not to mention: it's not even that much entropy! So let's all just forget about it move on with our lives, right?<p>No. Of course not. What this system provides is a unique -extra- method of authentication. I really doubt this is meant for putting this on your laptop in place of a password scheme. But you might use something like it as part of multi-factor authentication, e.g. into a secure facility. Remember all those movies where somebody's eyeballs are removed/replaced/copied in order to fool a retina scanner? I can't comment on how plausible that is, but I can certainly tell that if it were this system, they could not have broken it, period. I think that's pretty useful don't you?
Some critics are getting hung up on the hard-to-understand details, or zeroing in on a few stretch claims about potential usefulness in certain situations. There is still novelty and innovation here. It is a different way to train, prompt, and evaluate authentication attempts.<p>Even if not perfectly resistant to all kinds of coercion, or ideally strong in an information-theoretic sense, its weaknesses in various dimensions are different than more traditional systems. It is thus suggestive of other potential directions in the design space, leveraging other aspects of human memory/behavior.<p>It bears some similarity to systems which add the timing of a person's typing as an added authenticating factor.
Beside the title being misleading (it's a 30-symbol password, not 30-character, as "character" implies printable ASCII to most people), the math doesn't quite make sense:<p><i>Before running, the game creates a random sequence of 30 letters chosen from S, D, F, J, K, and L, with no repeating characters. This equates to around 38 bits of entropy</i><p>So that's 6 choices for the first character, and 5 choices for each of the next 29 gives us log2(6*5^29) =~ 70 bits of entropy. Does anyone know where this 38 bit figure came from?
This is interesting in regards of the brain, but not so much when it comes to waterboarding cryptoanalysis... I mean, instead of asking for the password, they'd ask you to play the game: same difference, right? Or am I missing something?
This proves Authentication, not key storage that enables encryption/decryption. Per the paper, for authentication "a participant is presented with multiple SISL tasks where one of the tasks contains elements from the trained sequence." Hence the system must already know the secret password. If that system is your laptop, then the feds already have the key when they seize it and don't need to resort to rubber hose or its russian variant thermal-rectal cryptography.<p>Also, the paper assumes physical presence of a live human at some terminal for authentication. At the point that you can make assumptions about who is operating your authentication system, biometrics seem to be a far faster and more reliable authentication system. Both those limitations,however, could change with further research.
>The most important aspect of this work is that it (seemingly) establishes a new cryptographic primitive that completely removes the danger of rubber-hose cryptanalysis — i.e. obtaining passkeys via torture or coercion.<p>Does not compute. If there is a mechanism by which you can authenticate, you can be coerced into authenticating through that method.<p>The paper covers this of course:<p>>Coercion detection. Since our aim is to prevent users
from effectively transmitting the ability to authenticate
to others, there remains an attack where an adversary
coerces a user to authenticate while they are under adversary control. It is possible to reduce the effectiveness of this technique if the system could detect if the
user is under duress.<p>I take issue with the the article suggesting it's completely resistant to coercion. A system that detects duress... interesting I guess but seems like a stretch.<p>>This equates to around 38 bits of entropy, which is thousands/millions of times more secure than your average, memorable password.<p>Really? Playing around with KeePass briefly, it seems this is comparable to a 6 character password that includes upper, lower, numeric, and special characters. I wouldn't consider that very strong. Besides the fact that it appears you're not entering the password exactly, but only (if I'm understanding correctly) "good enough".
This is pretty awesome, but the following is noteworthy:<p>> creates a random sequence of 30 letters chosen from S, D, F, J, K, and L, with no repeating characters. This equates to around 38 bits of entropy<p>Which is not so bad for certain applications, but certainly isn't the 180+ bits you'd have in a true random 30 character password.<p>I wonder what applications they have in mind where this password system could be used.
Obligatory xkcd: <a href="http://xkcd.com/538/" rel="nofollow">http://xkcd.com/538/</a><p>Only this time you'll have to log-in/decrypt on the spot rather than cough up your password.
While this does sound interesting from a psychological/neurological perspective, I feel bad for anyone who actually tries to implement a password system based on this. 38 bits of entropy is nothing, a standard password with 38 bits of entropy would take about 5 minutes to crack (assuming a GPU that can compute 1 billion hases/second). Nevermind that by the NIST specification for human-generated passwords, a 30 character string of alphas would be 45 bits of entropy.
Also, as some others have pointed out, storing people's unique strings in the clear invalidates any strength this scheme could hope to achieve.<p>Source: <a href="http://en.wikipedia.org/wiki/Password_strength#Human-generated_passwords" rel="nofollow">http://en.wikipedia.org/wiki/Password_strength#Human-generat...</a><p>Conclusion: Interesting psychological experiment, not actually backed by any appreciable crypto knowledge.<p>Edit: disregard my NIST comment, someone linked the paper used to get the 38 bit figure, <a href="http://bojinov.org/professional/usenixsec2012-rubberhose.pdf" rel="nofollow">http://bojinov.org/professional/usenixsec2012-rubberhose.pdf</a>.
They had me until this part . . .<p><pre><code> Authentication requires that you play a round of the game —
but this time, your 30-letter sequence is interspersed with
other random 30-letter sequences.
</code></pre>
Which makes it sound to me like your password could be deduced from a single (failed) login attempt, and then reproduced after a session in the trainer.
On the topic of courts: There is a US court case in the 11th circuit where a federal judge, in fact, ruled that people are not required to give up their encryption passwords under the 5th amendment. It isn't a supreme court case however.<p><a href="http://www.techrepublic.com/blog/tech-manager/personal-data-encryption-it-and-the-fifth-amendment/7467?tag=nl.e019" rel="nofollow">http://www.techrepublic.com/blog/tech-manager/personal-data-...</a> "Last week in San Francisco, a federal court for the first time ruled that the Fifth Amendment of the U.S. Constitution — the right to not self-incriminate — protects against “forced decryption.” The judge, from the 11th Circuit in San Francisco, ruled that a Florida court violated a defendant’s rights when its Grand Jury gave him the choice to either reveal his TrueCrypt password or go to jail."
Nitpick: This is not unbreakable crypto. This is more of a more secure key storage mechanism. Perhaps also a good defense against phishing attacks.<p>And it's not unbreakable. For starters, this system absolutely requires that the passwords be stored in the clear.
It may not be even close to unbreakable or torture-free as the author implies, but this encryption system (or similar approaches) could work to tighten some classic security flaws with passwords.<p>For instance, this could prevent employees of a large corporations from writing down or sharing a password with a coworker, or even spelling out their password over the phone to a bogus "support engineer" -- although probably fingerprint/eye/face recognition systems are more practical and easy to implement than a "guitar hero" learning session. But then the OP method has an advantage over those: you can change your implicit-learned password easier than your face or fingerprint...
I don't see what's new here. I already use muscle memory to remember my passwords. I am awful at rote memorization, but when I train my fingers to perform a 12 character password dance, everything is fine and I can remember the password for a long time.<p>The good thing about memorizing passwords this way is that it doesn't matter how random the password is - totally random letters, numbers and symbols or a sentence are the same when it's a keyboard dance.<p>As long as you have a keyboard anyway...<p>I have to find a keyboard to figure out half of my passwords when setting up my phone.
Isn't there a slight problem whereby someone denies knowing the password, you just put them in front of the keyboard and just ask them to type something? Due to it being a subconcious memory, it 'just happens'.
This explains why I could never remember my locker combo, but could unlock it if you handed me the blasted thing. Same goes for pin numbers. The second I think of what the real number is I lose it...
Does this mean the system will have to store your password as plain text? I more trust myself to choose a secure password than any service to keep the plain text password secured.
Crypto? This is a solved problem:
<a href="http://www.halfbakery.com/idea/ATM_20handshake_202" rel="nofollow">http://www.halfbakery.com/idea/ATM_20handshake_202</a>
Wouldn't it be better to lock a system up after X number of failed attempts and then require another unknown person to also login, perhaps even remotely?
This is a sensationalist headline, and this is not a strong password length. Based on the information in the article, this is really equivalent to a "strong" 5-character password - not very secure.<p>It's not "30-character unbreakable cryptography", you can crack it in minutes on your phone or desktop.<p><i>Technical details:<p>The article actually says that each 'character' you learn is one of only 6 possibilties - for only 2.5 bits per character and total entropy of 38 bits.<p>To see how woefully little entropy this is, if you code, try writing a program that counts to 2^38 - or on a 32-bit system go through the 4.2bn possible values of an integer 64 times. That's how many possible keys there are in a 38-bit password. It really just takes minutes - certainly far less than the 45 minutes the article says it takes to learn this password!</i>