There are two problems with a password. The first is that you can forget it. The second is that you know it and someone else can get you to cough it up. As any hacker knows, people are usually the weakest link in any security system. We're trusting, gullible, and, if trickery fails, there's always blackmail or violence—the term for this sort of coercive code-cracking is rubber hose cryptanalysis.
But what if you weren't able to tell someone else your password, even if you really wanted to? What if it was a secret even to you? No amount of the rubber hose treatment would be able to extract it. It sounds like an impossibility, but in a paper that will be presented at this week's USENIX Security Symposium, a team of computer scientists and neuroscientists working together have created just such a password.
Comments