Slashdot Mirror

← Back to Stories (view on slashdot.org)

Scientists Release Working Prototype Of CAPTCHA-Based Password Assistant

Posted by timothy on from the holding-out-for-retinal-scans dept.

An anonymous reader writes "Last year Slashdot ran a story on scientists from the Max-Planck-Institute for Physics of Complex Systems in Dresden, Germany developing a novel method to improve password security. A strong long password is split in two parts; the first part is memorized by a human, and the second part is stored as a CAPTCHA-like image of a chaotic lattice system. Today, after a year of work, the same group at Max Planck Institute released a working prototype online, where everybody can try this technology to encrypt files (Java plugin required)."

5 of 86 comments (clear)

  1. Re:um by Anonymous Coward · · Score: 3, Informative

    Actually, this is better -- it prevents brute-force attacks unless you have a very, very good method of solving CAPTCHAs. Even if you can solve the CAPTCHA, though... there's no guarantee that you'll get a good CAPTCHA based on the password you're trying.

  2. Re:Requires self-signed applet with full privilege by Anonymous Coward · · Score: 4, Informative

    Plouf - we need these permissions in order to read the files :-)

    As far as self-signed goes - we did not want to spend $500 on a chunk of bytes :-) Please trust us :-))

    Konstantin

  3. Re:is there any good analysis in the year since? by Anonymous Coward · · Score: 1, Informative

    Rather than attempting to personally evaluate the paper, not being an expert in this area, it'd be interesting if a third party has done some analysis, even preliminarily, on the system, so we can rely on more than the authors' own views. The paper itself was published in a somewhat strange venue for a new cryptosystem, Europhysics Letters, which isn't really a problem, but doesn't provide strong assurance that cryptography experts have vetted it, either (but perhaps they have elsewhere?).

    Delirium - this is exactly why we post in on Slashdot - to get it evaluated :-) If you want to get it done - do it youself (did you see the Fifth Element movie ? :-)

    Konstantin

  4. Re:Interesting by Anonymous Coward · · Score: 2, Informative

    Cdxta: This is exactly true - the purpose of the algorithm is to introduce something that in your language would be described as false positives.

    Konstantin

  5. Re:A better mousetrap? by Anonymous Coward · · Score: 1, Informative

    "You can't get better than a regular password"
    Congratulations, you drivelled your way to a +5 insightful.

    Here's some recent news:
    - we discovered fire -- we can do better than cold!
    - we discovered the wheel -- we can go faster than walking!
    - we discovered shelter -- we can be drier than soaked when it rains!

    Seriously. No really. Seriously.
    A regular password? "12345" is one of the most common ones.
    Letting a 3 month old baby on your keyboard will produce a better password.
    Letting your cat walk over it will produce a better password.
    Picking random words from a dictionary will produce better passwords.
    Using your s.o.'s birthdate will produce a better password (and may prevent a source of relationship worry). It is really hard not to do better than a regular password. Even Spaceballs recognised how bad regular passwords are.

    Anything we do for better passwords will actually result in (slightly) better passwords -- the state of "regular" passwords is that sorry.
    The interesting question (that the researchers approached creatively) is how to improve passwords in a human-friendly way.

    Your comment is just wrong on so many levels, it's scary.