Anonymous (nobody@replay.com)
Mon, 12 Oct 1998 18:27:41 +0200
> I remember reading something somewhere (here?, sci.crypt?) about an
> authentication method that has the user select a number of faces .. this
> unique combination of faces is the user's key, essentially.
>
> It seems to me that if there were enough faces available to choose from,
> a user could select faces (easier to remember than long unrelated
> 'phrases' it seems) .. if each face has a number assigned to it, we can
> hash the numbers of all the chosen faces to obtain some bits for keying
> a cipher.
The 256 bit keys supported by the AES ciphers are probably a lot larger
than are needed today. The cipher has to be good for decades, and if
quantum computers work, a 256 bit key is like a 128 bit one. But until
then, 128 bits should be plenty. That's still a pretty long passphrase.
It's not easy to get 128 bits of entropy out of a choice system. If you
simply present the user a set of, say, 16 faces and let him choose the
one he's memorized, you only get four bits. So you'd have to repeat this
process 32 times, which is a large number of faces to memorize.
If you have a "police artist" program with different choices for eyes,
nose, mouth, etc., you get more bits per face, but probably not 128 bits'
worth. If you had seven features with, say, 8 choices each, that's only
21 bits. You'll have to repeat it 6 times.
Also keep in mind that you can't let the user choose which face he'll
memorize, it has to be assigned randomly from among all faces. Otherwise
his choice might be guessed.
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:15:21