A Password Extension for Improved Human Factors
Date: January 1982
Publication: Computers and Security, Volume 1, Number 1
Page(s): 54 - 56
Publisher: Elsevier Science
Source 1: http://dx.doi.org/10.1016/0167-4048(82)90025-6 - Subscription or payment required
To maximize both the difficulty of guessing passwords and also the ease of remembering passwords, we use a fairly large keyspace (64 bits) and a very long “passphrase” (up to 80 characters). The phrase is hashed into the key, which is then stored in encrypted form. The hashing necessarily includes one-way encryption. Since the phrase is long, one would expect a large keyspace for the actual phrase as well as for the hashed phrase. Since the phrase is meaningful to the owner it should be easier to remember.
One way to hash the pass-phrase is to encrypt it using DES block-chaining and a standard key. The last block of the encrypted chain is the hashed result. This procedure insures that every bit of the hashed result is a function of every bit of the phrase; also, assuming the presence of DES hardware, it is every efficient.
In order to protect the user (in a timely way) from password theft by simulation of the log-in system, the system should reply (to correct password entry) with a recognition phrase known only to the user (and the system). This recognition phrase can be stored in encrypted form, using the (hashed) password as the key.
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.