SHORT passwords can be made as safe as more convoluted ones thanks to a new
digital protocol that makes them impossible to crack. The protocol could be used
with wireless devices such as cellphones.
Long passwords are difficult to remember, so most people tend to use short
words like a pet鈥檚 name. But short passwords are easily cracked simply by
running through all the combinations with a high-speed computer.
To get around this problem, Rafail Ostrovsky at Telcordia Technologies in New
Jersey and Jonathan Katz at Columbia University in New York have devised a
simple scheme to make short passwords almost foolproof. Their protocol uses
mathematical functions to convert a short password into a more complicated
one.
Advertisement
If you want to check your bank account over the Internet, for example, you
tap in your password. Your computer then uses a mathematical function to
transform the password into a longer string. The protocol takes bits of this
string and another mathematical function creates a new string that it sends to
the bank. The bank performs the reverse mathematical operation on the message,
checks the result with the password on its files and replies confirming your
identity.
The strength of the system is that the password is never transmitted and the
mathematical functions do not have to be kept secret because they can鈥檛 be
solved in reverse without knowing the answer. 鈥淭he mathematics are based on an
existing problem that has so far never been solved, so the system is very
secure,鈥 says Katz, who is due to present the scheme this week at the Eurocrypt
2001 meeting in Innsbruck, Austria. However, the password will have to be set up
in person when opening a bank account.
鈥淭his research provides the first highly efficient solution that is
rigorously proven to be secure,鈥 says Oded Goldreich, a cryptographer at the
Weizmann Institute of Science in Rehovot, Israel.