I was thinking about the 1983 movie WarGames and how the computer personality of “Joshua” acted like a human. The first time you asked it a question, it responded with a question or didn’t give a complete answer. However, if you asked the computer the same question a second time, you got the information you were after.
Today’s passwords will soon become obsolete, according to computer experts. They are insecure not only because people choose bad ones and write them down, but because of brute force cracking as well.
My idea is this: have the computer say all passwords are wrong, at least the first time they are entered. To gain access to the system, you must enter the correct password twice in a row.
This would instantly double the processing time required by a bruteforce hacking attempt, while at the same time not making much for difficult for the user. Assuming the user knows their password, all they need to do is enter it twice. Simple enough. A person guessing at the password, however, would need to enter every guess twice - and since the computer responds exactly the same way even if the password is correct (but only entered once), the cracker may never even know the computer is set up with this sort of system. In this case, it would be impossible for the cracker to get in with their traditional bruteforce crack, no matter how much time or processing power they had.
Keep in mind that this is only an idea. I realize it might not be practical, since I’m not sure how it would help with people breaking md5sums or password hashes. Once you have access to the stored password, there’s no telling what you can do with it.
But go along with me and consider this: the user has to enter a series of passwords, perhaps two or three of them, with the computer responding in the same way (”invalid password”) after every entry. For example, my password might be “mice”, “eat”, “cheese”, entered separately but consecutively and in order.
It would be virtually impossible to break such a password using brute force.
Yet since I know the password, it only takes slightly longer - and it might even be the same, considering I could choose simpler passwords this way rather than a more complex password (with symbols and numbers) the traditional way.
If password security becomes a problem, I think this is a great idea. And remember, you read it here first.
The real urls:
Security Focus - It security news
Security News Portal