Cryptography and Expanded Password System

Prof. Hideki Imai, who pushed my back to move ahead confidently in 2001 when he was the chair of Japan’s CRYPTREC, used to emphasize repeatedly how critical it is to get the credential data hashed whether online or offline. It is from him that I learnt about Deffie-Hellman Key Exchange, Elliptic Curve Cryptography, etc.

We jointly tried the methodology of using the high-entropy credential data generated by

Expanded Password System  (EPS) as the seed of RSA key pair; the user's private key does not physically exist anywhere in the universe, but it can be re-generated in-the-fly out of the images that the user picks up for authentication for each login. It proved to work on the internet.

Thereafter, we took up the experiment of incorporating EPS into PAKE. We were able to demonstrate that it worked with no friction in the lab environment.

These projects, sponsored by government agencies, were completed in 2003 – 2004. In retrospect, we seem to have started these forward-looking projects a bit too early.

Cryptography helps EPS, and EPS helps Cryptography.

Seemingly Fatal Drawbacks of Pictorial Password – Shoulder Surfing & Low Entropy

We have been advocating Expanded Password System that accepts images as well as texts from 2001. We have since kept hearing our proposition blamed for two major ‘drawbacks’ of using images – Shoulder Surfing and Low Entropy. So many people are still misguided to take it for granted as if it were the case.

 The fact is that threats of shoulder surfing can be mitigated with ease by some simple techniques - images to get shrunk prior to tapping, texts allocated to images for quiet typing and so on at the end of developers, with the simplest solution being just looking around you before tapping the images at the end of users. How can it be a fatal drawback?

 Another seemingly serious problem of low entropy can be eliminated at the end of developers without giving any extra burden on users.

 With Expanded Password System, each image or character is presented by the image identifier data which can be of any length. Assume that your password is “CBA123” and that the image ‘C’ is identified as X4s& eI0w, and so on.

 When you input CBA123, the authentication data that the server receives is not the easy-to-break“CBA123”, but something like “X4s&eI0wdoex7RVb%9Ub3mJvk…………..” which could be automatically altered periodically or at each access where desired, all without involving users.

 Passwords of sufficient entropy, if properly hashed, can stand fierce brute force attacks. How can it be a fatal drawback?