mgraffam@idsi.net
Wed, 14 Oct 1998 15:35:20 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 14 Oct 1998, David R. Conrad wrote:
> I recall reading in an essay by Kurt Vonnegut, Jr. (or perhaps in the
> introduction to one of his books) that he has virtually no memory for
> faces _whatsoever_. So this is a method that will have a small subset of
> the population who simply cannot use it (just as a method involving colors
> could be unworkable for people with certain forms of colorblindness).
Yeah, I figured that there would be a small subset of people whom a
scheme like this would not work for.
Currently, because of patent problems with faces, I'm looking at
overlaying a grid onto some image. The user then selects grid blocks and
these are hashed and radix64 encoded into a usable token for pasting
into existing applications. There are problems with this approach, but
I'm just looking to get an application together for testing the interface,
and the usability of the method itself. In the end, there are better
ways for merging a method like this it into applications.
> (There are just under 13 bits of entropy (~12.92) per word chosen from the
> list, so fourteen words would be a hair over 180 bits.)
Yeah, I've used similar methods .. The problem is that most people
aren't going to want to type 14 words, even if they can remember it.
I have a pretty decent memory, and I can type pretty well. I have several
high-entropy passphrases, and during a busy day I get tired of typing
them and re-typing them due to my occasional mistakes and all the rest
to do simple things like make modifications to documents or read email.
I imagine that people who find remembering passwords difficult, and
who don't type quickly and accurately tend to get frustrated more than
I do. I am vigilant about security measures, to the point where hitting
F6 to lock my console is _really_ automatic .. to the point where if I
turn my chair to dig around if a file cabinet, or change a CD on my
stereo at home I still lock it. It's just a habit. Other people are less
vigilant, and I doubt many of them would want to deal with 14 word
passphrases.
We must remember that those of use on this list are the guys that care
about security and are maybe just a bit paranoid (ok, very paranoid :)
and are very protective of our privacy. Many of us probably find
memorizing long strings easier because we do it often.
We aren't a very good sample of people to use for judging the usability
of things like this.. precisely because we'd use them even if it were
far more difficult.
> But there's another problem which just occurred to me.
> With a standard password/passphrase you can avoid showing it as it's
> typed, but picking images would have a lousy (or great, depending on your
> attitude) shoulder-surfing potential.
Yeah, this is a problem. A friend that is coding the GUI with me bounced
that off of me. We don't plan on highlighting the points on the grid
(well, we'll have an option allowing it, but by default it is off) so
this will make shoulder-surfing a bit more difficult. By changing the
mouse cursor to a thin cross hair and using a large number (and therefore
small) of grid-blocks this should make it very difficult to pick up
unless the attacker were literally hanging right on your shoulder.
Using a medium sized grid (40*30) we get just over 10 bits of entropy
per block selection, requiring a user to remember the location of
13 blocks for 128 bits of key. With a monitor resolution of 1024x768
this can be displayed easily and picking the blocks is faster for
me than typing a passphrase with a comparable number of characters.
A friend of mine is faster with the mouse (novice computer user). If
the user wants to scroll around the image a bit, or has a larger
resolution the grid size can be made larger, with little loss in the way
of speed, and with an increase in entropy for the system, allowing the
user to select fewer blocks to begin with.
There is another advantage to a visual method. It can be harder
to write down the secret, or even impossible. If it is based on something
like facial recognition, and the faces change their position it becomes
hard to convey the secret to something with words, and if you write down
hints on a piece of paper these will be less damaging if an attacker gets
ahold of it. This doesn't work for the grid-method as described above,
but it is one major advantage over explicit words, as I see it.
Michael J. Graffam (mgraffam@idsi.net)
http://www.mhv.net/~mgraffam -- Philosophy, Religion, Computers, Crypto, etc
"Let your life be a counter-friction to stop the machine."
Henry David Thoreau "Civil Disobedience"
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
iQCVAwUBNiT8/QKEiLNUxnAfAQH0rwQAxgOOaqgLLsPNHIRqksthHaRcusweR/gg
ksi2Gxji5WSaaBuDY3UsazwcdYC3dThdLxe8vi95EAr4IpHN0ZpL16MhMdneaM3E
MMslJKoq7dHct+EgIHBMoEvmSx1/ef8+FN+J1l9GKXW6IJIwgANR3wpkPU3WMG7L
EHgweduOppE=
=3Ohk
-----END PGP SIGNATURE-----
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:15:21