TED Conversations

This conversation is closed.

Passwords can become 70% more Effective

Passwords currently lock a system from a hacker. But what I propose is the use of "large primes" that unlock the password for the user, the keys only known by the user----not stored in the computer---and the keys initially generated by
simply English phrases the user can remember. Thus, the password, a composite---even if known by the hacker can not be unlocked as it would be a huge composite unfactorable. If "Alice" types in "Eddie ate tickets in 733." And "Joe lives for marshmallows." The PC would generate two large primes to represent each message and create the password---an immense compposite number. Assuming no key logger was watching, the PC was clean. Eve who listens in later and gets the password can't break it because the English phrases and the prime equivalents were not stored, only the composite, which Eve can't break. Alice breaks it later to get into her machine by typing in the phrases and the machine finds that these are the two primes and unlocks her machine.


Showing single comment thread. View the full conversation.

  • thumb
    Nov 24 2012: Well, something similar to your suggestion is already in place on most systems for years. Prime number are not used, but when a password is provided the first time, what is stored is not the password by itself , but a hash : a kind of "fingerprint" of it. Afterwards, every time you log in, the same computation is done on what you just typed and compared to the fingerprint of the original password. It they match, it means the password is correct.

    So, the critical part is the choice of the password : dictionary attacks can find out all common passwords (from "123456" to any known language word), and brute-force attacks can find out all short passwords. So just use long enough passwords, as pointed out by Kitty...

Showing single comment thread. View the full conversation.