[null and void]

Interesting.

Although I am always a little skeptical about any claim to uncrackability.

[Da Coyote]

“...Turing Award (the equivalent of a Nobel Prize in computer science)...”

Given the completely besmirched reputation of the word “Nobel”, ‘twould be better for the Nobel prizes actually requiring intellect and achievement (physics, medicine, etc) to be renamed. The peace and literature prizes have reduced the reputation of the present name to the equivalent of “Yugo” in the automotive world.

[Errant]

Zero Knowledge Proof sounds like a Zero-Sum Gain, IMO...

[mikrofon]

The Internet is consistent proof of the existence of Zero Knowledge...

[DannyTN]

Making an attacker have to intercept multiple tests, would definitely make it harder.

The downside is that now when I forget my password, and don’t realize I forgot my password, I’ll be sitting through multiple tests before I realize what I no longer know.

[DannyTN]

Making an attacker have to intercept multiple tests, would definitely make it harder.

The downside is that now when I forget my password, and don’t realize I forgot my password, I’ll be sitting through multiple tests before I realize what I no longer know.

[quimby]

“I think zero knowledge proofs are one of the most amazing notions in computer science,” Pass said. “What we have done is to combine it with another notion — that it’s easier to prove that a computation can be done correctly than it is to actually compute it.”

This isn't new. algore used this method in the eighties to prove global warming.

[Red Badger]

Sounds like ‘20 Questions’.

Is it animal, vegetable or mineral?

Is it bigger than a breadbox?

Can you put it in your pocket?.......

[Wuli]

what they are saying could maybe be said as the following

it might be more secure for your bank to NOT ask for a “password” but to somehow crypticly ask, and you cryptically answer, your “security questions” - the ones you set up with them for the questions they would ask to confirm it was you who was admitting your forgot your password

[ShadowAce]

[I want the USA back]

“Instead of insecurely typing the password for your bank account, you just prove to the bank that you know the password.”

And how does my bank KNOW I’m right? It has to KNOW my password.

So if my password is “0bama is a jerk”
will it ask me what the 4th word is? And I type ‘jerk’?

Will it ask me how many A’s in the password? and I type 3?

Splain some more.

[Talisker]

Take zero knowledge proof, subtract any verification at all, and you have liberalism.

[vrwc1]

So instead of typing in my password to access my account, I have to answer 10 questions first? No thanks.

[2 Kool 2 Be 4-Gotten]

Why reinvent the wheel. For me the best security is “something I have” combined “something I know”. This is how my SSH security works as well as my one time password generator.

For example I could have my private key and I has a passphrase to unlock my private key. So if you had my private key you’d still need the passphrase (which doesn’t traverse the network but is only used locally). If you had my passphrase you’d still need my private key. It’s not perfect security but way better than simple passwords.

Or, perhaps even better, a one time password generator program. I enter my passphrase and it spits out a one time passsword that I use one time, and then is no longer valid. Again I need to remember a passphrase to open up the one time password generator but that passphrase remains local to my machine.

[dfwgator]

The answer is 42.

[Cyber Liberty]

I have to think some more about it, but it has to be better than “What is the name of your first pet?” “My first pet was a fish...?”

[Alas Babylon!]

To prove you have been in my house, I might ask you what color my cat is.

I think it was Benjamin Franklin who said, "In the dark, all cats are grey."

Still, he was referring to the benefits of older women. That was from his 1745 publication, Advice to a Young Man on the Choice of a Mistress

Seriously, how about using a pass phrase, as opposed to a password. A pass phrase could be a sentence in a book you're fond of, say, a 1745 publication by Benjamin Franklin (grin) or a song lyric. However, to avoid a dictionary attack, alter some letters. So for example, the phrase "In the dark, all cats are grey." could be written as "1n th3 d@rk, @ll c@t$ @re gr3y." The longer the better. Use spaces just as you would when writing the sentence.

[dayglored]

I'm not sure I see why this is so novel. Let's say the idea is to assure my bank that I am who I claim to be, namely the owner of the bank account I wish to access.

What is a password, but an indirect assurance that I am who I claim to be? Okay, here's my thought process...

1. What my bank wants me to prove is that I'm the owner of the account. I can't do that from home, but I can submit a password that only the account owner knows. The password is not me, but it's something I know.

2. So big deal, this Zero Knowledge says I'm NOT going to send the password, but instead I'll answer a set of questions, say, "What color is the front door of the bank?" and I answer "green"; "What's the max MPH that my car's speedometer can indicate?" and I answer "120"; and so on...

I really don't see the difference, categorically. It's just a set of questions instead of one question ("What's the password?"). That is, it's just asking for a series of simpler "passwords", instead of one tough password.

So what am I missing, that makes this approach fundamentally different, and worthy of a Turing prize?