This conversation is closed.

## Passwords can become 70% more Effective

Passwords currently lock a system from a hacker. But what I propose is the use of "large primes" that unlock the password for the user, the keys only known by the user----not stored in the computer---and the keys initially generated by
simply English phrases the user can remember. Thus, the password, a composite---even if known by the hacker can not be unlocked as it would be a huge composite unfactorable. If "Alice" types in "Eddie ate tickets in 733." And "Joe lives for marshmallows." The PC would generate two large primes to represent each message and create the password---an immense compposite number. Assuming no key logger was watching, the PC was clean. Eve who listens in later and gets the password can't break it because the English phrases and the prime equivalents were not stored, only the composite, which Eve can't break. Alice breaks it later to get into her machine by typing in the phrases and the machine finds that these are the two primes and unlocks her machine.

Related Talks:
• #### Kitty Hawk

• +1
Nov 24 2012: Why not just use a better password (http://www.explainxkcd.com/2011/08/10/password-strength/) and not store the result?
• #### Geoffrey Nicoletti

• 0
Dec 2 2012: Lesley: How do we make a password too hard for a hacker but easy for the nervous user? The password must be an immense number that can only be factored by 2 primes ( that are huge also)...only two numbers will work and no algorithm helps the hacker solve it in weeks let alone minutes. But how is this going to be easy for the user? The two primes represent two small phrases only the user knows. Each letter represents a variable digit that gets locked and the number of letters generates the iterations and the number of words further complicates it internally so that the small phrase might generate a 40 digit prime (Fermat formula). Even if the hacker were to know all of these algorithms he still doesn't know the original English phrase so...he is lost. This password revolution means no longer does it unlock; instead the password now has to be unlocked.
• #### Lesley Rickard

• 0
Dec 2 2012: My bank uses a virtual keyboard for the entry of passwords - maybe this would be an easier way forward? Only someone watching the screen would know what had been selected (I think!)
• #### Geoffrey Nicoletti

• 0
Nov 24 2012: Kitty Hawk and Jean-Charles Longuet:

Thanks for the conversation...to Kitty: see the latest "Wired" on the death of the password. I must admit I don't know what you mean "password not logged" because what you type in has to be compared to some data in your PC or it doesn't constitute THE password, even if it is not in a file of .pwd...it is somewhere or what you type is as wrong as anything else. So is my password, but being a trapdoor min e won't unlock---knowing it.
Jean-Charles....again, thanks. I couldn't imagine I had something original but just haven't heard of anything like my trapdoor password. But no... it is not merely harder, not merely long that counts. What counts is you can't factor the composite. Brute force and dictionary stuff may help due to hash, but my trapdoor means only two numbers will break the composite and finding them without a known algorithm....only different primes are in my proposal...and only two for a huge number. There is no known mathematical rule that can reverse my process....trapdoor.
• #### Jean-Charles Longuet

• 0
Nov 24 2012: Well, something similar to your suggestion is already in place on most systems for years. Prime number are not used, but when a password is provided the first time, what is stored is not the password by itself , but a hash : a kind of "fingerprint" of it. Afterwards, every time you log in, the same computation is done on what you just typed and compared to the fingerprint of the original password. It they match, it means the password is correct.

So, the critical part is the choice of the password : dictionary attacks can find out all common passwords (from "123456" to any known language word), and brute-force attacks can find out all short passwords. So just use long enough passwords, as pointed out by Kitty...
• #### Geoffrey Nicoletti

• 0
Nov 24 2012: Mickey:

That is why 70% effective. If your machine is clean, not being watched, then the hacker attacking looking in later may get the 256 bit password but not worth trying to unlock it but if you are typing and a key logger is inside, well that is the 30% time my idea doesn't help. The phrase Alice uses doesn't get logged so my idea is good most of the time. Unlocking, factoring because you know the phrase, is never logged.
• #### Mikey Lee

• 0
Nov 24 2012: Sorry, I don't really get it. So Alice can get into her computer by typing those phrases. But if Eve listened and got those phrases, couldnt she also get into the computer by typing in those phrases?

If so, what makes this more secure than a password? A phrase should be easier to remember, for both user and hacker
• #### george lockwood

• 0
Nov 23 2012: American business has told the military that better security costs too much! Should things that need extreme security even be on the net?