Abstract
The average user has between 90–130 online accounts [17], and around \(3\times 10^{11}\) passwords are in use this year [10]. Most people are terrible at remembering “random” passwords, so they reuse or create similar passwords using a combination of predictable words, numbers, and symbols [16]. Previous password-generation or management protocols have imposed so large a cognitive load that users have abandoned them in favor of insecure yet simpler methods (e.g., writing them down or reusing minor variants).
We describe a range of candidate human-computable “hash” functions suitable for use as password generators - as long as the human (with minimal education assumptions) keeps a single, easily-memorizable ‘master’ secret - and rate them by various metrics, including effective security. These functions hash master-secrets with user accounts to produce sub-secrets that can be used as passwords; \(F_R(\)s\(, w) \longrightarrow y\), which takes a website w and produces a password y, parameterized by the master secret s, which may or may not be a string.
We exploit the unique configuration R of each user’s associative and implicit memory (detailed in Sect. 2) to ensure that sources of randomness unique to each user are present in each F. An adversary cannot compute or verify \(F_R\) efficiently since R is unique to each individual; in that sense, our hash function is similar to a physically unclonable function [37]. For the algorithms we propose, the user need only complete primitive operations such as addition, spatial navigation or searching. Critically, most of our methods are also accessible to neurodiverse, or cognitively or physically differently-abled persons.
Given the nature of these functions, it is not possible to directly use traditional cryptographic methods for analysis; so, we use an array of approaches, mainly related to entropy, to illustrate and analyze the same. We draw on cognitive, neuroscientific, and cryptographic research to use these functions as improved password management and creation systems, and present results from a survey (n = 134 individuals, with each candidate performing 2 schemes) investigating real-world usage of these methods and how people currently come up with their passwords. We also survey 400 websites to collate current password advice.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Preventing this, in most password managers, requires users to terminate the manager each time after use. Users may be unaware of this or disregard it because of inconvenience, which once again lowers its security [25].
- 2.
- 3.
Beyond careful design, these also included side-channel defenses e.g., the paper material was designed to degrade within a few weeks, ensuring that obsolete codes would not be used, and “lost” manuals would lose value quickly.
- 4.
All images have demonstrably high priming “strength” [31] i.e. our images are already embedded in the user’s mind (familiar places that they can navigate mentally).
- 5.
See [11] for a detailed proof.
- 6.
Cracking means an adversary with access to password hashes, has found a collision.
- 7.
In practice, the time taken to find a password’s hash depends on the alphabet used, degree of parallelization, hardware specifications such as processor flops, etc. [8].
- 8.
Some of which are proven to last in memory 17 years without repeated rehearsal [11].
- 9.
Assuming an appropriate threat actor – imagining an adversarial ‘evil’ sibling with occasional read-only access to your living space is a useful rule of thumb.
- 10.
Assuming character entropies are independent. We do not consider dictionary attacks, character frequencies etc. as these would require a large number of passwords to be statistically valid, and due to unique user memory configurations R we cannot computationally generate large numbers of passwords.
- 11.
Assuming the alphabet is indexed from 0.
References
Alexa: The top 500 sites on the Web. https://www.alexa.com/topsites
Baddeley, A.D.: Human Memory: Theory and Practice. Psychology Press, London (1997)
BestReviews: Which password managers have been hacked? - Best reviews, July 2018. https://password-managers.bestreviews.net/faq/which-password-managers-have-been-hacked/
Blanchard, N., Gabasova, L., Selker, T., Sennesh., E.: Cue-Pin-Select, a Secure and Usable Offline Password Scheme (2018). ffhal-01781231
Blocki, J., Blum, M., Datta, A.: Naturally rehearsing passwords. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 361–380. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-42045-0_19
Blocki, J., Blum, M., Datta, A., Vempala, S.: Towards human computable passwords. arXiv preprint arXiv:1404.0024 (2014)
Bogdan-Martin, D.: (2019). https://www.itu.int/en/ITU-D/Statistics/Documents/facts/FactsFigures2019.pdf
Buys, B.: Estimating password crack times. https://www.betterbuys.com/estimating-password-cracking-times/
Chakravarthy, A., et al.: A novel approach for password authentication using bidirectional associative memory. arXiv preprint arXiv:1112.2265 (2011)
Cybersecurity Ventures: New report finds 300 billion passwords will be at risk by 2020 (2017). https://cybersecurityventures.com/300-billion-passwords/
Denning, T., Bowers, K., Van Dijk, M., Juels, A.: Exploring implicit memory for painless password recovery. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2615–2618 (2011)
Eastlake, C.: “Schiller.” Randomness requirements for security, June 2005. https://tools.ietf.org/pdf/rfc4086.pdf
Florencio, D., Herley, C.: A large-scale study of web password habits. In: Proceedings of the 16th International Conference on World Wide Web, pp. 657–666 (2007)
Fung, E.: Hash functions. https://www.cs.usfca.edu/~ejung/courses/686/lectures/05hash.pdf
Gedeon, K.: Popular password managers can get hacked: should you keep using them? March 2020. https://www.laptopmag.com/news/popular-password-managers-can-get-hacked-should-you-keep-using-them
Google, H.P.s.: Online security survey Google/Harris poll, February 2019. http://services.google.com/fh/files/blogs/google_security_infographic.pdf
Guardian, D.: Uncovering password habits: are users’ password security habits improving? (Infographic), December 2018. https://digitalguardian.com/blog/uncovering-password-habits-are-users-password-security-habits-improving-infographic
Hamid Moradi, J.W.G.B.: Entropy of English text (1998). http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.92.5610&rep=rep1&type=pdf
Hardwick, J.: Top 100 most visited websites by search traffic (as of 2020), May 2020. https://ahrefs.com/blog/most-visited-websites/
Jonathan: Beyond password length and complexity, May 2019.https://resources.infosecinstitute.com/beyond-password-length-complexity/#:~:text=Password Length, numbers and 0.2 special characters
Komanduri, S., et al.: Of passwords and people: measuring the effect of password-composition policies. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 2595–2604 (2011)
Kotrlik, J., Higgins, C.: Organizational research: determining appropriate sample size in survey research appropriate sample size in survey research. Inf. Technol. Learn. Perform. J. 19(1), 43 (2001)
Loterre. https://www.loterre.fr/skosmos/P66/en/page/-SQ2MHWHN-Q
Mazurek, M.L., et al.: Measuring password guessability for an entire university. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, pp. 173–186 (2013)
O’Flaherty, K.: Password managers have a security flaw - here’s how to avoid it, February 2019. https://www.forbes.com/sites/kateoflahertyuk/2019/02/20/password-managers-have-a-security-flaw-heres-how-to-avoid-it/
Paul, E.: Black. 2004. Ratcliff/obershelp pattern recognition. Dictionary of Algorithms and Data Structures 17 (2004)
Press, O.U.: The Oxford 3000. https://www.oxfordlearnersdictionaries.com/about/oxford3000
Python Software Foundation, P.S.F.: 7.4. difflib - helpers for computing deltas (2020). https://docs.python.org/2/library/difflib.html
Ruthu, R.: Github, code reference, July 2020. https://github.com/debayanLab/trenchcoat
Schacter, D.L., Chiu, C.Y.P., Ochsner, K.N.: Implicit memory: a selective review. Ann. Rev. Neurosci. 16(1), 159–182 (1993)
Schneier, B.: (2014). https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html
Shi, Z., Shi, M., Li, C.: The prediction of character based on recurrent neural network language model. In: 2017 IEEE/ACIS 16th International Conference on Computer and Information Science (ICIS), pp. 613–616 (2017)
Smith, A.: Americans, password management and mobile security, August 2020. https://www.pewresearch.org/internet/2017/01/26/2-password-management-and-mobile-security/
Stats, D.: RSA Challenge, June 2020. http://stats.distributed.net/projects.php?project_id=8
Stolyar, B.: Apple unveils the most popular iphone apps of 2019, December 2019. https://mashable.com/article/apple-most-popular-iphone-apps-2019/
Suh, G.E., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: 2007 44th ACM/IEEE Design Automation Conference, pp. 9–14. IEEE (2007)
Toponce, A.: Strong passwords need entropy (2011). https://pthree.org/2011/03/07/strong-passwords-need-entropy/
Wikipedia contributors: list of most-downloaded Google play applications – Wikipedia, the free Encyclopedia (2020). https://en.wikipedia.org/w/index.php?title=List_of_most-downloaded_Google_Play_applications&oldid=962291709. Accessed 5 July 2020
Winder, D.: Ranked: the world’s top 100 worst passwords (2019). https://www.forbes.com/sites/daveywinder/2019/12/14/ranked-the-worlds-100-worst-passwords/#54064d4869b4
WordFence: Password authentication and cracking, June 2018. https://www.wordfence.com/learn/how-passwords-work-and-cracking-passwords/
Yan, J., Blackwell, A., Anderson, R., Grant, A.: Password memorability and security: empirical results. IEEE Secur. Priv. 2(5), 25–31 (2004)
Zetter, K.: It’s insanely easy to hack hospital equipment, June 2017. https://www.wired.com/2014/04/hospital-equipment-vulnerable/
Zhang-Kennedy, L., Chiasson, S., Biddle, R.: Password advice shouldn’t be boring: visualizing password guessing attacks. In: 2013 APWG eCrime Researchers Summit, pp. 1–11 (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Cryptographic Security
A Cryptographic Security
Given the limitations imposed by the very nature of algorithms optimized for humans (which are intentionally difficult to represent on a computer) these methods cannot be used directly; we use approximate, illustrative calculations to indicate the likelihood of a given scheme satisfying some property.
When an adversary attempts to guess a user’s password for random accounts after seeing \(m/\lambda \) other random (account, password) pairs for the same user, a hash function \(h_R\) is considered UF-RCA (Unforgeability Under Random Challenge Attack) secure if a poly-time adversary can guess a new (account, password) pair with negligible success probability. [6]
For any hash function \(h_R(s,w_i) \longrightarrow y_i\) the adversary attempts to either guess s, or guess \(y_j\) for some \(w_j\), based on knowledge of \(C = \{(y_1,w_1),(y_2,w_2),\) \(\dots ,(y_n,w_n)\}\) where \((y_j,w_j) \not \in C\). The probability of correctly guessing the output (hash) for website \(w_j\) without knowing s, i.e., \(P( (y_j,w_j) | y_j = h_R(s,w_j) \wedge (y_j,w_j) \not \in C )\le \epsilon \) for any probabilistic polynomial time adversary.
1.1 A.1 Pre-image Resistance
Given only \(h_R\) (public hash function) and \(h_R(w,s_k)\) (a password), pre-image resistance requires that it must be computationally hard to deduce \(s_k\), the subkey, and s, the master secret. Note that R is unclonable in our setup.
Memory Palace: Given the hash, every alternate letter is either (Sect. 4.1):
-
\(l = \mathbb {S}(x,y)\) where \(\mathbb {S}\): sum and x, y are two letters
-
a diagonal mapping of l on the keyboard
Every letter l in the subkey depends on two other letters x, y such thatFootnote 11:
The probability of guessing x and y given l is \(P(x,y | l) \le \frac{1}{13} (0.0769) \text { or }\) \( \frac{1}{14} (0.0714)\) based on 13–14 pairs of s(x, y) for every l. This reveals nothing about the permutation, e.g., \(a_i+b_i = b_i+a_i = c_i\), where \(a_i\) is the index of the letter a. In this case both ab and ba are candidate permutations for c, as are 13 other letter-pairs such as cz, no etc. So, every character of the hash depends on several possible letter-pairs in the previous text (confusion). Taking into account letter-pair permutations, the probability space increases such that: \(P(x,y|l) \le \frac{1}{26} (0.0385) \text { or } \frac{1}{28} (0.0357)\). The adversary now guesses the underlying letters with \(\le 4\%\) probability. If all (x,y) and their permutations are discovered, the user’s subkey is discovered. However this does not reveal other subkeys due to sources of randomness within the function, as elaborated in Appendix A.
Song Password: Passwords generated by this method had no identifiable words from the English language, or local languages. The title word of the song for the examples used in Step 3 in the description of Song Password formed a maximum of 10% of the song lyrics. An adversary has to undo several layers of confusion based on R, such as shifting characters to different positions, removing characters etc., which leave no identifiable words from the English language, or local languages in the final password, to deduce s from the hash. It is also computationally hard to predict characters that may have been removed due to character shifts before deletion that do not preserve letter frequencies or word patterns.
Scrambled Box This method is strongly resistant to pre-image attacks (a public S-box degrades gracefully). Given the S-box and the password, each character c in the S-box corresponds to a unique coordinate set (x, y) which in turn is the index xy of an alphabet. If the letter maps to a single-digit index, y may be a digit from the index of the next alphabet. Due to the vast number of possibilities for each character mapping in the password, we propose that finding s given the user’s S-box, w and h(s, w), is computationally infeasible.
Internal Sentence: Here, \(s_k=s\) is a “unique” word, and \(h_R(s,w)\) is a sentence including s and w. A frequency analysis of words will suggest a candidate s, and w is publicly known. Passwords resulting from this hashing method carried high entropy, but most passwords (138/202) with 4–17 words, included between 1–12 words from the 3000 most frequently used English words [27] and thus are not UF-RCA secure, as with n (account, password) pairs for the same user, a “unique” s can be deduced with word frequency analysis. Combined with word permutations a large number of candidate passwords can be produced with negligible computational effort. However this method is still weakly collision-free - long sentences without specified one-way mappings of (subkey \(\longrightarrow \) word combinations) result in a low incidence of \(h_R(m')=h_R(m)\).
1.2 A.2 Collision Resistance and Randomness
An adversary cannot even compute or verify \(h_R\) efficiently, since R is unique to each user. In that sense, our hash function is similar to a physically unclonable function [37]. Our analysis suggests that given a password y, guessing m, \(P(h_R(m) = y) \le \epsilon = {2^{-78}}\) in the average case (length 11.83), as analysed at the end of Sect. 5.3. (Most of our functions are also strongly collision free; details omitted for brevity.) We refer readers to [4] for the security of Cue-Pin-Select.
We observe a variety of sources of randomness for each R. Understanding and manipulating this randomness is an interesting problem for future research.
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Rooparaghunath, R.H., Harikrishnan, T.S., Gupta, D. (2020). Trenchcoat: Human-Computable Hashing Algorithms for Password Generation. In: Krenn, S., Shulman, H., Vaudenay, S. (eds) Cryptology and Network Security. CANS 2020. Lecture Notes in Computer Science(), vol 12579. Springer, Cham. https://doi.org/10.1007/978-3-030-65411-5_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-65411-5_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-65410-8
Online ISBN: 978-3-030-65411-5
eBook Packages: Computer ScienceComputer Science (R0)