Slashdot Mirror
Let Your Theme Song be Your Password
An anonymous reader writes "The latest proposed solution to the fact humans suck at using passwords properly is to let people use digital objects, like mp3s, photos or videos instead. A file is hashed into a unique, secure string that acts as the real password. A paper on the idea was put forward in a recent Usenix conference on hot topics in security, and a Firefox extension that implements the idea is available too."
"Your honor, the defendant has a musical password which was not authorized by us! By using it on more than one computer, he has distributed it illegally. We demand $700,000 in damages."
setting next to bums, there's an open seat, hope that isn't pee
If you can use an MP3 as a "password" you may as well just go the whole nine yards and use a damn key file.
This is stupid and redundant.
Maybe I am just way off here, but it sounds like what they want to do is to create a unique hash ("secure string") from a file on your computer.
Well that would seem to mean that you have to possess the file first. So how does that not reduce password complexity down several orders at minimum? I know I probably have 3 million files at least on my system right now, but that is far less permutations than a 20 character password with "unprintable" characters (above 128 in ascii).
I just don't see how this is not easier to defeat than a strongly created password. Easier for the user, but not an increase in security.
I can see this being relatively secure if you use files you've either created yourself (.ogg of you humming backstreet boys or something equally unlikely, image of you doing something unlikely etc.)
"In the end, there is simply no weapon more devastating than the truth, delivered in just the right way." - tnk1
There's no cure for user stupidity, so if users are encouraged to use songs as passwords there'll be lots of users that'll use their favorite song as their password even though they downloaded it from iTunes or an specific pirate group (i.e. lots of people can have the exact the same song with the exact same encoding) and announce to the world what is their favorite song in the social networking profile.
Instead, users should be encouraged to record whatever rubbish with their microphones and use it instead. Stuff like ambient noise and voice tone would make such signature unique even if the user puts very little effort in it. Heck, it could be a record of a fart.
Just choose /dev/random as your password and you'll have perfect security!
Yes, your posting is somewhat unusual.
XML is like violence. If it doesn't solve the problem, use more.
TrueCrypt had an option like this. The best thing, in my opinion is to use a password and files. (Yes, multiple files).
My favourite system was to set up a TrueCrypt volume with a hidden volume. You have two passwords, and a set of files on a CD. The normal volume is opened with a password and all the files on the CD. The hidden is with the passoword and a selection of the files (I called them 0-9 so it ended as a 'pin' of sorts).
This means two things to know, and one to have, plus plausible deniablity, which isn't bad.
-- Lattyware (www.lattyware.co.uk)
Truecrypt can use ANY file as a keyfile - I use a curiously appropriate digital photograph...
Hmm, I wouldn't want to be the sysadmin to recover a lost goatse "password picture"!
Think about one of your favourite songs, poems (e.g. "Hey Jude" by The Beatles)
Now take the first letters of the refrain or the first verse (e.g. "Hey Jude, don't make it bad") and you get "HJdmib"
If you like, translate it a little bit into "l33t speak": HJdm1b
And you have a great password that you can remember easily.
EDUCATE your users!
Well if that is going to be the case, than my kung fu is strong.
All security needs some way to identify a person to a computer, which should be as hard as possible to fake. Biometrics rely on unique (but not unfakeable) biological traits of a person, passwords rely on knowledge which hopefully nobody else has - they however rely on custom hardware to get this biological data (e.g. fingerprint scanners) - which makes them wholly unsuitable for the web.
One possible replacement for passwords is security keys, which now relies on not letting anybody else get access to a certain file. The fact that those, by themselves, are not secure enough (as getting a file once now opens up the whole world it's used on) is why most key-based authentication systems allow you to protect the key itself with a passphrase. It can still be more secure as you can prevent the servers from accepting passwords so they cannot be so easily brute-forced but if somebody gets the keyfile, bruteforcing the passphrase is perhaps even EASIER as he can do it on his own machine where it cannot be logged by the target.
Replacing the key with a picture or a sound file won't help much - unless you can protect access to the file... which leaves you right back where you started. Even if you just send a hash based on it (so it cannot be ripped from a server) anybody who gets the file (and knows what file to get) has all your access.
And now... there isn't even a pass phrase to protect it.
The fundamental problem of all security remains - the identifying information needs to be limited to a single person. Whether that is something in his head you try to stop others from guessing or brute-forcing, or something about his body or a file on his computer - there is still no real way to make sure it cannot be faked.
You could come up with a billion variations on the theme. KDE has the option to lock the screen if a bluetooth device is out of range, and unlock it if it comes back into range (I'm sure other desktops/OS's have similar tools) - now you rely on an object (like a cellphone) being owned by a certain user and hard to get without that person noticing - but you're back to why we don't use fingerprint scans to log onto websites. Users need trusted hardware for it to work (trusted by the service provider I mean) - the only way to prevent any old scanner with a picture of somebody's thumb (and who has never taken one of those by accident ?) - that are not common and are expensive. Even if you could make it trusted, when you cannot see the user, you cannot be sure his hardware isn't compromised. Even if you lock the hardware with a secret key (DRM style) you still cannot prevent it being fooled with a picture of somebody's thumb (and who hasn't taken a few of those by accident over the years ?)
Ultimately, we won't really have better security until we crack the problem of identifying a person who is somewhere else. Even the most draconian approaches won't work, if you require a webcam stream of the person - that won't be impossible to fake either, in fact since nobody could monitor all of them, all of the time, moving the cam or sending back a recording will be ridiculously easy.
In short this is just another attempt to come up with a better kind of keyfile - and frankly, it's not even as good as the ones we have - and nobody has really grokked a better way to solve the identity of a distant person problem yet.
Unicode killed the ASCII-art *
It's an interesting idea, but what happens when you lose the file? Basically you are up the proverbial creek with no way back.
Suggesting you can get the file back off some p2p network is misleading. You have no guarantee that the file is exactly the same as the copy you had. So you are limited to files that you alone have. If you are careless with backups, or unthinkingly resample your MP3 or photo, then say goodbye to your unique hash.
It's all possible, but users of it would really need to get in the habit of considering, and treating, a particular file like a unique and valuable key. To be protected and kept secure at all costs. Once they do that it becomes easier for a third party to identify the file amongst all the others they may have.
Except that's a very weak password.
I think I'll use Sting's "Let Your Soul be Your Pilot", with slightly altered lyrics.
Escher was the first MC and Giger invented the HR department.
In practical scenarios, this idea actually reduces key space needed to be searched in comparison to passwords. Why the users clueless enough to not handle passwords properly would handle music-based passwords better?
And you don't have to use your Facebook profile's picture to be obvious. I bet that majority of passwords will be Eminem or Rihanna MP3 clips downloaded from some p2p networks (most people don't even know how to produce and compress their own sound file); there are also certain songs that are significantly more popular from others. So there will be lots of identical passwords that are easy to guess.
A good password should be as random as possible. This is far from random. You get all sorts of hints from the public information about global music market and the password data is based on publicly available audio data. In addition, if you know your victim, you can even make more correct guesses as to what songs did that person choose.
Or an mp3 with a randomised seed embedded.
Sounds like it's just an attempt at hiding the keyfile on your USB key or whatever in amongst other files. Cute, but no silver bullet.
Real security comes through methods we're already familiar with, two-factor authentication, a USB key with a keyfile stored on it (or one of those security token things) coupled with a password stored only in your head.
"Believe it or not, I'm walking on air, I never thought I could be so free. Flying away on a wing and a prayer, who could it be... believe it or not, it's just me..."
They say the mind is the first thing to
This will obviously lead to abuse of dolphins on drugs, for extracting images from peoples brains!
Yeah, that's great, let's bloat (the already bloated with hundreds of them) Firefox more, because we can't live without them, right??
Let Firefox eat our RAM, like God once said:
[...] Day 3: and God created the RAM and saw that it was good [...]
Day 4: And god created Firefox and said to the human: Create extensions, bloat Firefox and make the RAM use 100% of its power - that's why I created it, right?
At least it wasn't autonomously, prole!
Caesar si viveret, ad remum dareris.
Heck, it could be a record of a fart.
So you're saying I should record the latest radio hit and encode that?
No, "password", "fluffy", "rover", etc are VERY weak passwords. HJdm1b is just a bit weak, but it's stronger than a lot of passwords, and not too long that someone will write it down.
I've always seen passwords as a bell curve. Weak passwords are obviously weak. Very strong (not necessarily long) passwords have a high risk of being written down by users, so they're just as weak. There's a section somewhere in the middle of passwords that aren't common words, aren't bruteforced quickly, but can be remembered without recording them, and I'd say HJdm1b falls in there somewhere...
No, very weak is "hjdmib". He a bit more than doubled the characters that needed to be searched. Obviously, throwing a few symbols in there would be nice, and even better would be some bytes outside of the domain of ASCII, but hey, you can't have it all. Though really, why not use "H3y Jud3, d0n't m4k3 11 b4d"? It has almost all of that, plus a good length.
-Devin Jeanpierre
This is already implemented in the gringotts package. [Link to homepage seems broken).
Although I haven't investigated, it may be possible to reduce the number of files to use in an attack by studying file system access times.
God: An invisible friend for grown-ups.
My song is my passport. Bad, Bad Leroy Brown. Verify Me
Of course I didn't RTFA... why would I do that? You really are new here aren't you? Don't let my UID fool you.
Something tells me a significant portion of the people who'll ever use this will pick "White and Nerdy" by Weird Al' as their theme song... which would kind of invalidate the whole system :>
No, but I did throw granola at a deaf person once
Or an mp3 with a randomised seed embedded.
Wouldn't that completely defeat the point (i.e. making the "password" memorable)?
All intents and purposes. Not intensive purposes.
Easily cracked:
Everyone would use the hash of the garbage file! ;-P
Because the user doesn't control the hashing algorithm used for passwords. If you do that on a typical Unix box with good old DES crypt, the hash is only on the first eight characters, and your password is no different from "H3y Jud3". And "H3y Jud3" is easily found using a dictionary attack -- in fact, john the ripper's out-of-the-box rules has "l/ese3[:c]" as one of the single crack rules, and "Hey Jude" is most definitely in cracker lists which tend to include all popular movies and songs.
Contrary to popular belief, substituting letters with numbers in 31337 speech doesn't do much to improve password security. It takes slightly longer to crack, but not enough so that you should feel much safer.
If the sole reason for this is to make the password "memorable" then they've done worse than just stick with passphrases.
There's just not THAT many mp3's out there.
Stupid question, sigh.......
Johnny Mnemonic did it first!
Yeah, I feed the trolls. Can't help myself. Sorry.
Same goes with last.fm. It would become every cracker's favorite website, you can see the most played songs of every user.
I posted this a few days ago, but my "password" is not a music, is any file.
Religion: The greatest weapon of mass destruction of all time
Every one of us would choose William Shatner's, "Lucy In The Sky With Diamonds".
--- What?
is wait for you to whistle or mumble the song you just used to authenticate?
what about the song you're always humming or singing because you use it so often to auth?
wheres my laser microphone when i need it.
Good people go to bed earlier.
You might give credit where credit is due:
http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-500.pdf
That's brilliant. I'm sure that no hacker in the world has ever even heard of 'l33t speak', let alone considered that you might be using it in a password.
Awesome, how many people will hash a song on their hard drive only to find they need to login to their bank/facebook/twitter account at work or at a friends house... "What was my password again? Oh crap". If people find it too inconvenient to remember a sequence of 12 letters, perhaps they should take their online security a little more seriously.
Let your song be your password...
Maybe I'm missing something, but how can a file-based password -- being an object that actually exists on your computer (thus accessible to anyone with physical access to your computer EVEN FOR A FEW MOMENTS) -- be MORE secure(?!) than something that does NOT actually exist anywhere but in your mind only?
.INI files, etc. (i.e. nothing that could possibly be "edited" or modified in any way.) This reduces the number of files potentially usable as "password files" by several orders of magnitude.
Consider:
1. many people access their bank accounts, their PayPal accounts, etc, using their computer.
2. only static (unchanging) files can be used for passwords. This means no executable files that might be upgraded as a result of a new version of an application or security patch being installed, no parameter files,
3. to login to you bank account you only need to use the correct picture or song file, etc. Someone with physical access could easily scan all the image and song files, etc on your computer (i.e. all those that could potentially be used as a password file (which as stated is not that many really)) saving the "password hash" for each to, say, a USB stick that could then be taken to another computer and used in a trivial intelligent brute force attack on your bank account.
What's worse, what about potential file loss/damage? (Hard drive crash and no backup? So sorry! You're literally farqed unless you can somehow re-download that same hard-to-find image/sound you downloaded from, um, what was that damn web site where I got that file from again HOW many years ago???)
A password that exists only in your mind can never be lost or stolen or otherwise recovered by someone with a few minutes (seconds?) of physical access to your system.
Yes, yes! I know about the argument that if someone has physical access to your computer then all bets are off, but that argument doesn't apply in this scenerio IMO. Physical access to your system only gives them physical access to the data on your system, but not to your bank account, etc.
IMHO the best way is to use something like Password Safe for storing all of your 12-16 character (including numbers and special characters) passwords, whose 256-bit twofish encrypted password database is protected by a very long pass-PHRASE "MASTER" password that only exists in your mind and nowhere else.
"Fish" (David B. Trout)
It's about time something like this became a reality for every day users, hell hollywood has only been toying with this idea for how long? I know it was in J. Mnemonic as well as a couple others....to bad its early yet and my brain hasn't soaked up enough coffee to be useful.
This is Slashdot! Give me the latest gadget, bug, or OS project! This ain't english class so don't confuse the two!
When I teach security and passwords, I recommend the same approach. I ask my students to use a catch phrase they often use on a personal level.
Then, I make them use the first letter of each of the words in that phrase.
Finally, any of the words that be substitute for a number, we do it too.
So, for example: I can't believe this works for that! Would become Icbtw4t now if you are allowed to add a non-alpha-numeric character, go for Icbtw4t@ :)
I doubt a dictionary would have that.
But then again, who knows! :)
I suppose by "typical" you mean "old", since typical Unix machines these days use MD5 or better.
Because the user doesn't control the hashing algorithm used for passwords. If you do that on a typical Unix box with good old DES crypt, the hash is only on the first eight characters, and your password is no different from "H3y Jud3". And "H3y Jud3" is easily found using a dictionary attack -- in fact, john the ripper's out-of-the-box rules has "l/ese3[:c]" as one of the single crack rules, and "Hey Jude" is most definitely in cracker lists which tend to include all popular movies and songs.
On the other hand, if /etc/shadow is already available to the attacker (i.e. the attacker has gained root privileges), weak user passwords is your least concern.
GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
I'll just use "Never gonna give you up" by Rick Astley. I'm sure everyone's forgotten that song by now, right?
abc123. thanks jackson 5!
I would have - if I had known about this document. Thanks for the link, it is VERY interesting to read. (mod parent up please!)
If a hacker is making thousands of unnoticed attempts to log into a system or running rainbow tables against a hash table, weak passwords are not the primary problem with the system in question.
Nerd rage is the funniest rage.
There are so many reasons this is a horrible idea...
Aside from all the normal vulnerabilities to phishing and such, first and foremost, a good authentication system requires 3 things, something you know (a password), something you have (an ident card), and with today's technology, something you are (biometric scan). Since everyone doesn't have an iris scanner on their laptops yet, we typically settle for the first two (though fingerprint scanners on laptops are becoming ubiquitous).
This proposal takes away the something that you know, leaving only the something that you have. It makes it essentially the same as key based authentication for ssh. It's secure, but I don't distribute my laptop's keys for a reason. If it gets stolen, your private key is compromised and you scramble to pick up the pieces. If it was used more frequently, and from multiple physical locations, that increases the likelihood of it being compromised since it's always got to be with you
I'm really fond of some of the two way authentication systems that some banks are using now. My bank is pretty lame, it just shows me a picture with some text that I've selected beforehand. I've read online where other banks will actually send an sms to your cell phone, and you have to enter that SMS to log in. The poor man's RSA token, if you will.
Check out my sysadmin blog!
The solution to authentication is something like the IronKey (a hardened USB drive for storing passwords) but with asymmetric crypto.
So you would go to Gmail, gmail would send a challenge that goes to the browser. A library on your browser would send the challenge to the USB device. The USB device would respond by signing the challenge asymmetrically, and that signature would route back through the browser to Gmail. Then you have 1 authenticated session until you destroy it. For sake of convenience imagine the implementation as using PGP -- public key, private key. Gmail has the public key, your USB device has the private key.
This is great since you could read your webmail on a friend's computer, or post Slashdot comments without leaving behind a persistent authentication token (barring a fake logout screen). Or there could be a keylogger on your home computer but it wouldn't be able to scrape persistent passwords and pass those on.
The only reason that humans don't use asymmetric security is that we're too stupid. Otherwise if we wanted high security we would be looking at screens of cyphertext and reversing the one-way function (a^b=c) in our heads. Given that we're too dumb, why not do not put our authenticator on a device that goes on a keychain with our other keys? (And you could make a backup just like with your other keys.)
I can't wait until /. posts the next stupid idea for replacing passwords (my favorite ice cream is LBtHrbjCi) so that I can copy-paste this comment again until I get early enough for +5.
If you need text styles to communicate then you don't have a message.
Thankfully "typical UNIX" is dying, replaced by Linux/FreeBSD with MD5 crypt, or OpenBSD with bcrypt (which is what everyone *should* be using.)
What was that Jiminy-Cricket??
"Let Your Theme Song be Your Password, and Always Let Your Conscience Be Your Guide"
How amazed would you be to suddenly find that you just forgot what I wrote and you needed to reread my post.... again.
Or a key file. Whatever's easiest :)
"(barring a fake logout screen)"
So actually you could have the device authenticate that the logout has occurred as well with an embedded LED screen.
The main thing though is to switch to asymmetric keys, imo.
If you need text styles to communicate then you don't have a message.
I'm a frequent farter, that suits me best.
not using files, but I do use music to create passwords...or at least pw that I want to be very secure.
I use guitar chords, pick a phrase from a song, and make the chord name/fingering the password.
ex: E022100A*02220D**0232
*=a string you don't hit. Use any special char for it.
can be as long as you feel like typing and it's easy to remember (if you play guitar, would work for just about any other instrument I would imagine)
Yes,. a themesong will be better, for now, than most passwords. However, authenticating people by information does not avoid theft of ID. The major issue IMO is that information can be copied ad nauseam and usually without the "owner" being the wiser. To authenticate someone you should have something physical (and not connected to wiring through which it can be attacked or monitored) and ask that the human using it do some simple operation with the physical thing or its outputs to authenticate. This will ensure too that authenticating oneself will be a conscious act, which makes theft harder. Selection from outputs is one example of such a simple operation. Picking an order of the information ("I will put my pinky in first, then left ring finger, then right thumb") instead or as well can also be recalled, if people do it all the time. Think about how you open a car door with a keypad; people remember how to do that, in large numbers. The schemes for avoiding distributing something(s) physical, like captcha or
machine tokens, keep failing. As long as the recognition for a physical person is easy to duplicate, this will remain so. Physical devices on the other hand, combined with some other operation known to the holder, can be very hard to fake, will always be costly to fake a lot of (advantage of physical something), and can also hold a lot more information than a human memory for passwords. But the human needs to be able to present the combined
authentication token easily, and whatever is used, it needs to be easy for one person to have several of them convenient to hand.
My voice is my passport. Verify me.
An excellent way to create a password for non-english speaking people is to take an english word and write it the way it sounds to you in your native language. Example: password => pÃÃswÃÃrd
ThisReallyWorks -> TisRiliWÃrks
Now you're welcome to crack all my passwords.
Half the nerds and geeks I know would have the same sound as their login sound. The Imperial march from Starwars (vader's theme).
Doesn't this just prove that Star Trek already thought of everything? And if my reference is too obscure, perhaps somebody remembers "I am Kirok!" http://en.wikipedia.org/wiki/The_Paradise_Syndrome
I support the Slashcott and will not be reading or commenting from 2/10/14 to 2/17/14. Beta is steaming pile of dog shit
"My voice is my passport."
In Soviet Russia jokes are formulaic and decidedly non-humorous.
the thing that this "idea" doesn't take into account is what happens when let's say your harddrive dies or gets corrupted?
Imagine your one of those smartasses and take a sample from one or more songs, combine them together and use that mp3 as your password. Now you're harddrive dies and your don't have a backup of the file. How the hell are you going recreate the EXACT same file to recover your information? It's not like you'll be able to whistle the tune with perfect pitch to reproduce the file.
Face with that, people will probably do one of two things: either backup the file on a USB stick or the internet, or write down the HASH that the file produces so they can use that if this secure system allows you to enter it instead of the file.
Problem with the first part is now if someone hacks you computer or online file storage, they are almost guaranteed to get your password.
Problem with the second is that it defeats the whole purpose of using a file as a password and you're right back to the old ways.
As much as this "idea" sounds great on paper, it's just that, it sounds great on paper.
Passwords today are only insecure when people write them down or use really simple ones that any rainbow table could be used to brute force. If you use a good password that is easy to remember and never write it down, how the hell would someone get it? As far as I know, you can't hack someone's brain yet...... yet.
Even though this method doesn't really create terribly secure passwords, I imagine this is a large step up for most users. If you have 100,000 files in your computer and one was chosen at random (at random meaning NOT by a human being), that makes your password worth about as much as a 16 bit key. This is less than a 3 character randomly generated password.
If you want a strong password jammed into a tiny space (6 to 8 characters), generating one randomly -- from /dev/random or some other reliable source of entropy -- using the 94 or so printable characters is the way to go, but they tend to be hard to remember and easy to forget. The security lies in that fact that any permutation of any 8 printable characters as equally likely as any other. You are making a large key space for an attacker. The hashed version described by the article doesn't do this.
Personally, I like to use something a little longer but easy to remember. Using something like diceware will do this. It's mainly used for generating passphrases (used as encryption keys), which must be much, much stronger than passwords to be effective. With it, you can generate passwords that look like: "applefloorpin" or "cloudbrickyoung". If you used Diceware to get these, they are each worth at least 38.8 bits (12.9 bits per word). This assumes an attacker knows you used Diceware and knows the exact list you used. That's equivalent to 6 randomly generated printable letters, but its probably easier to remember and type.
Another way that I like (and I wrote a Perl program to do this) is to read in your /usr/share/dict/words list of words on your system. These generally have over 65k words in them. If you use /dev/random to select words at random, each word is worth over 16 bits. A three word password generated this way is worth the about same as an 8 character random garbage password. Change the case and throw in a [!@#$%^&*()-=] and you get a few more bits of security, if you like.
Personally, I think "applefloorpin" is easier to remember and type than "FfK%L7aO". And if you do it right, they are worth the same.
Anyway, if I wanted to try this music/image-file-to-password thing described in the article myself, a simple command like this will do it:
That's an 8 character password. Adjust the last command to make it longer/shorter.
Wouldn't using a song as a password be equal to screaming your password out loud?
No one else is a sex machine to all the chicks like me.
SJW: Someone who has run out of real oppression, and has to fake it.
My voice is my passport. Verify me.
...and what if you loose your 'password file'. You're probably expecting the website to have a 'Forgotten your Password' feature, like most websites. But think about it, how will they send you your 'Password File' or whatever the hell it's called. I suppose after clicking on 'Forgotten your Password' it could email your file to you, but think of the hassle. Fail...
Fortran is for pimps.
I think the problem to this is that not every file created is equal to that of your song. The song you have maybe from a CD or the internet, but if a byte within that changes for some reason, it may be hard to guarantee that the next copy will be the exact same. This is the thing about passwords is that every time they are the exact same, which is also their loophole.
let THE MD5 CHECKSUM OF your theme song be your password.
thats all this is doing, dont let them make it sound glorified.
Communism, its a party!
Well, even with your example, this might still be secure. If they buy it from iTunes, then their account information is also embedded into the file, which changes the hash.
Most people don't get why the integral of "e to the x" is so funny. Most math majors don't have a sense of humor.
Hi, my name is, WernerBrandis, my, voice is, my, passport, verify, me?
My book about LSD and Self-Discovery
Also on facebook as: DroppingAcidDaleBewan
As the Americans seem to keep forgetting, no security measure is perfect, and if someone it determined they will get through, the key is to make it such a painful, pointless & time consuming endeavor that people don't bother hacking it.
-Ours is the wisdom of Solomon, the magic of Merlyn, the fall of Icaris.
Hey, I have an idea!
You can hash your theme song and use that as salt!
Ignore this signature. By order.
An excellent way to create a password for non-english speaking people is to take an english word and write it the way it sounds to you in your native language. Example: password => pÃÃswÃÃrd ThisReallyWorks -> TisRiliWÃrks Now you're welcome to crack all my passwords.
It's a nice idea, though Slashdot doesn't like scandinavian characters. But not all systems accept characters outside a-z, and using too special characters can make you dependent on the keyboard layout.
True confidence comes not from realising you are as good as your peers, but that your peers are as bad as you are.
Not such a great password, really, since it's subject to a trivial dictionary attack.
I think it's safe to assume that most people don't have a "favorite poem", and most "favorite songs" likely come from a rather limited set -- let's say about 5,000 songs, which is probably excessive. You then have two options per song (refrain or first verse) and two styles (normal and "l33t speak"). That's only 20,000 additional possibilities on top of the normal password dictionaries, compared to the 56.8e+9 available six-character random alphanumeric passwords.
My recommendation is to avoid allowing any human input to bias the selection process. Instead, use a tool like APG to generate pronounceable, and thus memorable, random passwords, and simply assign them to each user.
"The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
If you like, translate it a little bit into "l33t speak": HJdm1b
And you have a great password that you can remember easily.
EDUCATE your users!
6 characters = "great password"? .... /facepalm
I adopt you as my user.
6 characters is not a good pass. Even ancient relic systems generally take up to 8. Modern systems (like your average user's Windows box. I hope it is modern. If they are still running Windows 95, just push them down some stairs with whoever let them run 95, it will save a lot of pain in the long run) will usually accept more characters than you care to type .
So instead of suggesting a method of generating and remembering short passwords, I suggest a method for generating memorable long passwords.
To do this take your original "Hey Jude, don't make it bad" and just use that as the password. That is even easier and it will beat brute force, dictionary, and rainbow tables.
I have been recommending things like songs, poems, and if you are the religious sort, lines of scripture as passwords for years. Length and memorability are both important. Whatever it takes to get them to accept damn long passwords.
Yes, I type my pass many times per day.
Yes, I am aware that everyone should have a good account locking policy.
Yes, I'm aware that some systems are just plain poor when it comes to what they will accept as a password. In this case you have a problem with your system not your user.
Yes, I would prefer if everyone could just use tongue scans for ID/pass, like in Paranoia.
If you are using the key file to protect, say a TrueCrypt file on your hard drive, the key file itself is on your hard drive, and someone has access to your computer, you're right. That someone has everything they need to pretty quickly (on order of hours or maybe days at best) get into your TrueCrypt drive. But, let's say you are using that md5sum to instead protect your login for a VPN or secure website. The attacker does not have access to your computer, so they don't know what files to test against. Further, the remote server might lock the account after 10 failed tries (or whatever). Of course, arguably, in such a scenario, you don't even need a password that is close to this strong - since they only get 5 or 10 tries before the account gets locked, a relatively weak password might be sufficient.
For something like a truecrypt volume, or any other system where an attacker can get potentially an unlimited number of tries, and can try a very large number of permutations very quickly, I think a keyfile is a pretty bad idea, unless the key file in on removable storage like a USB key or CD - and then that does still always leave the problem of losing (or having stolen) the media.
Personally, I favor mnemonic-device password generation techniques - things like deriving a password from the lyrics of a song, poem, or a favorite passage from a book (which you haven't advertised to the world, of course), etc. They may not produce the strongest possible passwords, but you should be able to generate something sufficiently strong to slow most attackers down.
You should try Internet radios. There is very much unknown, rare and special music there. You an listen to anything from white label underground drum & bass over Korean pop (avoid at all cost ;) to Afghani classic music. Of course there's crap too, but it's like with "real" radio: Who listens to them anymore?
I started to like shoutcast.com, and now have a fixed playlist of my main stations in Amarok which i can switch with global keyboard commands. I'm very happy with this setup.
Any sufficiently advanced intelligence is indistinguishable from stupidity.
Please!
Hell, I've been using something similar. What I do is have a text file w/ all my internet accounts that require a unique password -- you know, like online banking, online retailers, etc. I've even started doing this for less critical places (like here). What I do is make an md5 hash of a reasonably unique and one-time data source: "ps waux | md5". Then I store than in my list of passwords, then cut-n-paste when needed. Some sites need the resulting hash string pared down to fit.
Sure, it's not as *obscured* as hashing some random file for the password each time, but such a list of passwords is much easier to store and keep around intact, upload to an email account for using anywhere (in encrypted form, of course -- yay! for FireGPG), and for using an actual password manager.
I guess this may be good for the average computer user, as they tend to use bad passwords to begin with. It may actually help the general case, even in spite of the inevitable loss or changes of the source media files.
But really, does this need a presentation at USENIX? I think we all know the answer to that.
Say it with me...
Please!
*nod* This forum pleases me.
(P.S. -- My theme song: "You're the First, the Last, My Everything".)
Method of processing duck feet
Sing into your laptop's mic?
I can just see it now: Sitting at the board meeting, rapping a couple of lines of "Gangsta Bitch" to log on.
Have gnu, will travel.
Is it just an accident that Usenix is an anagram of Unisex? Or did somebody plan it that way?
You never really know how close to the edge you can go until you fall off.
Very true. You could also scribble something in Paint. This still doesn't increase the number of finite and easily detectable files on the person's computer. The total complexity of the the system is still relatively small. Also, how might we protect a computer that someone is physically sitting in front of? It seems really insecure and tedious to even give a list of all possible files on a computer.
sneakers
If we're thinking about using a file for a password, how do I go about entering it as a login from a library's computer system that doesn't allow attachment of USB devices? Seems to me the biggest problem with file-based passwords is you don't always have it when you need it-- type-it-in-yourself passwords don't usually have that problem. And the idea of entering a URL to find the file just means that the URL becomes the type-in password at that point, not the file. I like the idea of increased security, but not at the expense of usability...
Think about one of your favourite songs, poems (e.g. "Hey Jude" by The Beatles)
Now take the first letters of the refrain or the first verse (e.g. "Hey Jude, don't make it bad") and you get "HJdmib"
If you like, translate it a little bit into "l33t speak": HJdm1b
And you have a great password that you can remember easily.
EDUCATE your users!
Any memorable phrase can be used. Want to make it even harder? Open GIMP, create a picture with a gradient background, then using the text tool, write your new password into the picture. Save it out. Then make a MD5SUM of that picture. Let them try a dictionary attack on that MD5SUM password. Only 115.792089237e+75 possibilities to search and at 4 billion checks per second, it will only take just shy of 10 to the 58th power years to search the entire table.
I have a freeware program that does this with a password. You type the password in the box, double click to highlight it, and then press the F8 key (selectable). The password is converted into an MD5'ed length of choice (8 to 32) and placed back into the box.
Are computers any more accurate at identifying a person by the sound of their voice than it is at identifying the words the person is speaking?
The main problem with voice recognition (for conversion to text) is variability in people's voices from a synthetic "standard" voice. Even a single person has variation depending on health, mood, age, and other factors. But can those variances be used to identify the person, even if the contents cannot be recognized into text? This is an application of deciding that the sampled sound is not a match to the reference voice, rather than trying to determine what text words match the sound that was sampled, which seems an easier task - as long as those variances can be accommodated in the match.
The "voiceprint" recognition would probably be more accurate if tested against a single spoken sample. And if that sample were a special sequence, practiced on its own, that might be a lot easier to repeat consistently than common words put together into a passphrase. And since humans have special skills for singing, which even uses different parts of the brain than speaking, and singing has special structures (pitches, melody, rhythm, rhyme, etc) for singing a phrase exactly the same every time (and hearing that one did not do so), singing a "signature song" might be the best way for a machine to recognize the singer.
Has anyone tried this, to compare its effectiveness?
--
make install -not war
I think, is to just use a line from a song/movie/whatever as your passphrase. The bigger problem is that passwords are usually limited in length to a handful of characters.
Personally, I use Keepass to generate and manage extremely complex passwords for my important accounts, and use a lengthy but memorable passphrase to access Keepass. It's not perfect, but it's a relatively good balance between security and convenience for me.
https://www.eff.org/https-everywhere
But why on earth would I want to use something so unstandardized as these so-called "key files". I could just use my favorite song that I just ripped from a CD, or maybe the album cover that I just scanned. And five years down the road when my computer kicks the bucket, I'll just re-rip my songs and rescan my album covers, right? RIGHT???
I mean, every time I rip an album or scan a cover EVER I will of course get the EXACT same media results. EVERY media encoder will ALWAYS produce an IDENTICAL output no matter what the settings. And of course, backups are COMPLETELY useless.
Get up to date with the times!
Okay, so what about "Recently used files"?
Or, what happens when you edit the ID3 tags?
This is like keeping your password in a text file somewhere on your computer.. Only worse. :)
Oh yeah, who needs entropy anyway? This is the equivalent of the "what's your favorite color" security question.
Of course, I look forward to the day when I can get into 50% of Myspace accounts by selecting the latest Kanye West jam.
So what you're saying then is that people will be able to use songs they stole through BitTorrent and the like to protect other people from stealing their files. Nice.
I love how everyone's concentrated on using publicly-distributed mp3s as passwords.
With the emergence of camera phones I think it would be far wiser/easier to tell someone to go take a picture of their favourite pet or the like and use that picture exclusively for password purposes. Sure, some people may utilize that picture elsewhere but the likelihood of correlating the two remains quite low, I believe.
I don't see how a dictionary attack could counter that.
The King James version?
Actually, I often use passages of scriptures as seed material when generating keys. With a little solipsism, of course.
But if I copy and paste, that passage is now in the paste buffer in RAM, and maybe even swapped or cached to disk. So I need other sources, as well.
I have thought about massaging it with with a little program that randomly flips bits, as well, but you might need to be careful with the bit flipping. If the attacker knows the bit flipper you used, it might actually reduce the effective entropy. And then there's that business about getting the product into the key generator, again.
Now, using an MP3 or .jpg or .mov as one of several sources of entropy might be a good idea, too.
Just not as the only source, and definitely not as the key itself.
Interesting idea, just not well thought out.
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
My last password was Ca9PaGrNt7CcbMrL. If you google for it, you can see me typing it into the terminal running irssi rather than the terminal running sudo apt-get update.
Anyway, it only took 15 minutes to memorize by typing it over and over, and it has 95 bits of entropy. I don't see what the problem is with taking 15 minutes a month to memorize a new password (or whenever the wrong window has keyboard focus).
Heck, it could be a record of a fart.
Possibly a bit harsh as a decription of the current charts - but possibly fair...
Sara
Designer, Gamer, Macgrrl in an XP World
Oddly enough, I had a similar idea a few years ago. I took a photograph of my computer using my Nikon D70 with the image size set to the max value, stored it as RAW, and put it on a USB stick. I ran a hash on that photo to generate a "passphrase" and then kept the stick handy when I needed it.
The big problem I had was the file could be corrupted and then I'm hosed because the passphrase is not easily remembered. Or the stick could be easily lost (I just had two SD cards stolen from my luggage this weekend at O'hare for example). If the contents are important enough, I'd have to guard that stick with my life.
I'm just too lazy for that. Besides, I don't really have anything quite that important on my box.
You had six fingers on your right hand?
Someone is looking for you.
(rot13) rpbzbab@tznvy.pbz