Half a croissant, on a plate, with a sign in front of it saying '50c'
h a l f b a k e r y
Experiencing technical difficulties since 1999

idea: add, search, annotate, link, view, overview, recent, by name, random

meta: news, help, about, links, report a problem

account: browse anonymously, or get an account and write.

user:
pass:
register,


                 

Password fragment check

Just which password is it?
  (+1)
(+1)
  [vote for,
against]

I have many passwords at different levels of security and for different purposes.
Occasionally I don't remember which one I've used for a particular login, and go through the insecure process of trying them all until one works. I don't think I'm alone in this.
This is insecure because it means an unscrupulous or hacked site (or a man in the middle attack) could learn all my passwords by the simple expedient of not letting me log in.

Some sites offer a password reminder service of some description, but of course that opens up another insecurity.

To prove that a site is beyond reproach, a login could allow partial password entry - which doesn't allow logging in, but does reveal whether you're on the right track. This might involve the first few characters of the password, about 4 characters total.
For this to be secure, it needs not to simply be the first 4 characters. Instead, the user would choose some manipulation which can be applied to all their passwords - for example, change case of the letter at a position, add or remove a character, switch character orders etc.
Furthermore, the fragment would ideally be hashed on the user's own computer before transmission, the hash should be relatively short (say, 20 bits : less than one in a million false-positive rate), and salted per user.

In this way, one could try to work out which password it was without transmitting them all.

Example: Suppose my password is carrotcake123
(Yes, this isn't particularly secure - the example is better for that.)

Suppose my chosen manipulation is to drop the first character, switch the next two and swap case of the last, or use the symbol @ if it's not a letter. 12345... -> 324@. This is unique to me but is the same for every site I use.
So the password fragment for this is rarO.

I can't log in to the site... well was my password applepie123?... I enter pplE...computer says no.
well was my secure password Plum&apricot_pie?... I enter ulm@ ...computer says no.
well how about that old carrotcake password?... I enter rarO... computer says "Could be".
So then I can enter that without having compromised any other accounts.

Loris, Jun 10 2010

Vague password of great length Vague_20password_20of_20great_20length
[phoenix, Jun 10 2010]


Please log in.
If you're not logged in, you can see what this page looks like, but you will not be able to add anything.



Annotation:







       But if you, the hacker, has control over a compromised web site you will know one of my passwords and probably also the manipulated version of it and also the manipulated version of one or two of my more secure passwords I use for other sites. Knowledge of the manipulation and these fragments may allow you to guess the password for the more secure sites.

Also, I'm not sure how the UI would work. Would you be given the option of typing in the full password or the test fragment?
hippo, Jun 10 2010
  

       What would be helpful would be if sites would simply allow users to specify a string to display as a password clue, and ask users not to put anything stupid there. In your case, if you have seven passwords numbered 1-7, your clue could be something like "password six" or, if you wish to avoid letting anyone know that you use the same password on multiple sites, you could give a number or string which, when munged via your favorite (secret) method, would yield a number 1-7. Even something as simple as a six digit number in which the second digit was 1-7 to indicate your password might be reasonable.   

       An approach like you describe would allow someone to try a brute-force attack to find the hash, and then privately run a dictionary attack against that hash, only sending the server the passwords that match it.
supercat, Jun 10 2010
  

       Also, even if you give up your passwords, it doesn't mean you use the same username elsewhere. Furthermore, the hacker still doesn't know where "elsewhere" is.
phoenix, Jun 10 2010
  

       What [supercat] said. Your "bunker" acually provides a default for certain attacks.
4whom, Jun 10 2010
  

       Although [supercat]'s proposal reduces security too. If I know [supercat]'s password on my (compromised) web site I'll also know that the clue is "password six". Then I know if I log in as [supercat] anywhere else and see the same hint then I'm in.
hippo, Jun 10 2010
  

       I have a *password formula* which I adhere to and therefore rarely can foget a password.
xandram, Jun 10 2010
  

       //But if you, the hacker, has control over a compromised web site you will know one of my passwords and probably also the manipulated version of it and also the manipulated version of one or two of my more secure passwords I use for other sites. Knowledge of the manipulation and these fragments may allow you to guess the password for the more secure sites.//   

       Passwords (at least for secure sites) arn't stored in clear. They're hashed to say 160 bits, and the result stored. Similarly, the clue would also be hashed - but to a much shorter length. So no, if a site was hacked the hacker wouldn't know these things.   

       //Also, I'm not sure how the UI would work. Would you be given the option of typing in the full password or the test fragment?//   

       After you'd got the password wrong, or if you specifically requested it, you'd be able to type in partial passwords in to an alternate entry box, limited to 4 characters (or whatever). If the submitted hash matched that stored, you'd be told you were probably on the right lines.   

       //An approach like you describe would allow someone to try a brute-force attack to find the hash, and then privately run a dictionary attack against that hash, only sending the server the passwords that match it.//   

       Hence my proposal of a very short hash - actually shorter than the password fragment. (4 chars ~=80 million possibilities) Sure you can work out every possibility, but which is correct? - The hacker still wouldn't know. Also, since the password has been manipulated in some undefined manner, they can't spot any pattern for a dictionary attack, and don't even get much improvement on any brute-force approach.   

       //Also, even if you give up your passwords, it doesn't mean you use the same username elsewhere. Furthermore, the hacker still doesn't know where "elsewhere" is.//   

       If you use different usernames, you've got the same issue for those as for passwords. Most people reuse their usernames for this reason (amongst others.)
Where this doesn't apply they're often auto-generated in some manner involving your real name, and/or listed somewhere and easily discovered. The hacker can very quickly try all your passwords against every site of interest to them. They don't really care about the failures. But if they can get into your email account, there's all manner of options. Your account on any site which can be requested to reset your password is then compromised, for instance.
  

       //Your "bunker" acually provides a default for certain attacks.//   

       I don't know what "bunker" you're referring to.   

       ...   

       I have added an example to the idea.
Loris, Jun 11 2010
  


 

back: main index

business  computer  culture  fashion  food  halfbakery  home  other  product  public  science  sport  vehicle