Posted on 09/03/2013 9:35:49 AM PDT by null and void
Although I am always a little skeptical about any claim to uncrackability.
“...Turing Award (the equivalent of a Nobel Prize in computer science)...”
Given the completely besmirched reputation of the word “Nobel”, ‘twould be better for the Nobel prizes actually requiring intellect and achievement (physics, medicine, etc) to be renamed. The peace and literature prizes have reduced the reputation of the present name to the equivalent of “Yugo” in the automotive world.
Slightly off topic, see tagline...
Zero Knowledge Proof sounds like a Zero-Sum Gain, IMO...
The Internet is consistent proof of the existence of Zero Knowledge...
Making an attacker have to intercept multiple tests, would definitely make it harder.
The downside is that now when I forget my password, and don’t realize I forgot my password, I’ll be sitting through multiple tests before I realize what I no longer know.
Making an attacker have to intercept multiple tests, would definitely make it harder.
The downside is that now when I forget my password, and don’t realize I forgot my password, I’ll be sitting through multiple tests before I realize what I no longer know.
This isn't new. algore used this method in the eighties to prove global warming.
Agreed, but many of the Nobel Prizes wimped out on the revolutionary, or controversial science things. When they gave it to Einstein, it was for the photo-electric effect, not relativity, either special or general.
Meta questions for authentication have been used for years. One of the prime problems with passwords is currently requiring passwords that cannot be remembered, even with “security” hints. More than seven letters, upper and lower case, with a number and a symbol...If it is a password that is used infrequently or lost good luck! Writing them down is becoming a necessity, violating the physical security of the password in favor of the electronic security.
This is interesting stuff.
DK
So in a sense, wouldn’t this be like directly using those “secret” questions to gain site access instead of simply to retrieve or reset p/w’s?
It’s Tuesday.
You don’t have to know your password. You just have to prove that you should know it.
Sounds like ‘20 Questions’.
Is it animal, vegetable or mineral?
Is it bigger than a breadbox?
Can you put it in your pocket?.......
I think this is just a personalized version of the Eliza idea. Can a computer hold a conversion with a person that is indistinguishable from another person? Can you think of something about a piece of information about a person that does not require disclosing the original info? Oddly enough that is the prime question in reincarnation, because once you disclose the type of information you will seek, people that want to deceive will target that type of info.
The bottom line is always from that great line...three people can keep a secret...if two are dead.
DK
what they are saying could maybe be said as the following
it might be more secure for your bank to NOT ask for a “password” but to somehow crypticly ask, and you cryptically answer, your “security questions” - the ones you set up with them for the questions they would ask to confirm it was you who was admitting your forgot your password
Ref. my point ;)
It's not going to ask you for your password, but it's going to ask you about your password. And if I've forgotten it again, I'll be answering the questions wrong.
It's not going to ask you for your password, but it's going to ask you about your password. And if I've forgotten it again, I'll be answering the questions wrong.
“Instead of insecurely typing the password for your bank account, you just prove to the bank that you know the password.”
And how does my bank KNOW I’m right? It has to KNOW my password.
So if my password is “0bama is a jerk”
will it ask me what the 4th word is? And I type ‘jerk’?
Will it ask me how many A’s in the password? and I type 3?
Splain some more.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.