easier authentication?

mgraffam@idsi.net
Mon, 12 Oct 1998 02:27:07 -0400 (EDT)

• Next message: David Jablon: "Re: easier authentication?"
• Previous message: Keith Lockstone: "Re: Avalanche Depth of hash functions"
• Next in thread: David Jablon: "Re: easier authentication?"
• Reply: David Jablon: "Re: easier authentication?"
• Maybe reply: Anonymous: "Re: easier authentication?"
• Reply: staym@accessdata.com: "Re: easier authentication?"
• Maybe reply: Enzo Michelangeli: "Re: easier authentication?"

I had to sign a number of documents today, and login/logout of systems
repeatadly .. and I soon became painfully aware of the problems of
using large passphrases to get enough bits to key modern ciphers.

I remember reading something somewhere (here?, sci.crypt?) about an
authentication method that has the user select a number of faces .. this
unique combination of faces is the user's key, essentially.

It seems to me that if there were enough faces available to choose from,
a user could select faces (easier to remember than long unrelated
'phrases' it seems) .. if each face has a number assigned to it, we can
hash the numbers of all the chosen faces to obtain some bits for keying
a cipher.

Does anyone know anything about this supposed method?

At 1.3 bits of entropy/character in English we'd need a just about 200
characters to key the AES.. I don't think English is gonna cut the
mustard. By varying the size of the faces available we can size the
bits of entropy per selection as needed.. with a practical upper limit,
of course.. navigating through billions of faces is obviously insane.

I'd like to get any information on how this is implemented in reality
(I think it was CIA that supposedly uses something like this), or any
idea anyone can come up with.. especially related to navigating
a large database of pictures for ease of selection in a
authentication-related environment. After I get some ideas together
I'll probably throw together a quicky implementation to lay on top of
PGP in order to get an idea for how well it works in practice, and
any improvements that could be made. Then I'll work on a general public
implementation.

Any ideas?

Michael J. Graffam (mgraffam@idsi.net)
http://www.mhv.net/~mgraffam -- Philosophy, Religion, Computers, Crypto, etc
"Let your life be a counter-friction to stop the machine."
                        Henry David Thoreau "Civil Disobedience"

• Next message: David Jablon: "Re: easier authentication?"
• Previous message: Keith Lockstone: "Re: Avalanche Depth of hash functions"
• Next in thread: David Jablon: "Re: easier authentication?"
• Reply: David Jablon: "Re: easier authentication?"
• Maybe reply: Anonymous: "Re: easier authentication?"
• Reply: staym@accessdata.com: "Re: easier authentication?"
• Maybe reply: Enzo Michelangeli: "Re: easier authentication?"