[4182] in cryptography@c2.net mail archive
Re: Strengthening the Passphrase Model
daemon@ATHENA.MIT.EDU (Markus Kuhn)
Wed Feb 10 14:13:41 1999
To: cryptography@c2.net
In-reply-to: Your message of "Tue, 09 Feb 1999 19:00:28 +0100."
<199902091800.TAA11531@replay.com>
Date: Wed, 10 Feb 1999 10:34:37 +0000
From: Markus Kuhn <Markus.Kuhn@cl.cam.ac.uk>
> Some incremental improvements might be possible with a more sophisticat=
ed
> generator, for example one which knew parts of speech and could produce=
> grammatically correct (if nonsensical) sentences. But it is still
> doubtful that anything with 64-90 bits of entropy is going to be easily=
> remembered.
No matter what you do, you will not get around the fact that the average
human brain has a long-term memory write bandwidth of a bit less then 1
bit/s. You should always warn the user that they now have to spend at
least three to five concentrated minutes on memorizing this phrase (and
not wasting bandwidth by accidentally learning anything else during this
time). You can help the user to memorize the phrase my playing some
small training game that requires entering the phrase a couple of times.
There is a lot of literature under the keyword "superlearning" out there
that discusses how soft music and hypnotic light patterns can help
somewhat to bring the brain into a trance-like state where the long-term
memory write capacity is a bit better than 1 bit/s, and some of these
things can also be built into user interfaces. There should also be a
mechanism that repeats the high-entropy password training every day for
three days (which requires of course that the password is stored in
recoverable form somewhere during this time interval ...). With such a
user interface design, users are much more likely to be able to
practically deal with maximum security passwords.
If you expect your users to easily memorize a true 90-bit password, then
you should think a bit better about user interface support than just
"Reenter passphrase:". Normal user-selected passwords have hardly more
than 30-40 bit entropy (best measured by birthday paradox experiments),
which is why dictionary attacks work so beautifully.
Markus
-- =
Markus G. Kuhn, Computer Laboratory, University of Cambridge, UK
Email: mkuhn at acm.org, WWW: <http://www.cl.cam.ac.uk/~mgk25/>
