Hitoshi Kokumai

3年前 · 1 分の読書時間 · ~10 ·

ブログ作成
>
ブログ Hitoshi
>
Cryptography and Expanded Password System

Cryptography and Expanded Password System

HTEDI4Z JUTE 4 GIOZIUSPRR SJL E320 T9 14 G0 AKT |NGERS THOU JEI0E1 P93 IIQN SOLMPUICL Wh SVERL T 1G SKY YR YR) £1 mn BINT $C HL AKRETES WIC 1 IAT 2 BAITEBOVY YP 2302 POTOLOIORTL AUP OPVRNTI LIMOS LK 84 Tn CH03 1) )F ANPRCYGADL 1 LMELORD JT IORI PNSIRIQ] 7 VDE TOTAIGRL 1 GRINCAL TUARNP RANE 790 7CA TN | AC RCH FLTOQANPY | WAS 189) J ERCATNDN 1 LUT | TMNT J41YEORBNG 7 IVEK TRACGLDS 11 112031 78 HT ALD 170TH) Sn HTS 161891 KI ROCL TRRICATONE J T08 1 64XT Lie? 7X §L MEVRRBMCA Xm 84) 70.11 C430579100TVFVA 1452071 VOLT 1GL PV vi88.4 0377 AMV 1 Y3CY S99 LAL KOOL P83 JAR IPF [C91 SCA CA) EDT RPBE 76 1 GK BOA KT 1D 14 TYRANT TL TR BOL SN TN 994411 © TI QF KPAVRONT TEA DUK 06 SN VAC TROY ZOU ON LG IGINOT 2X8 TENE dr WY) 7439 36R1OHMGVI LR) Tf KC LAB KARBOCCY PION] 26 TV AVES Sut w 2 4 4 LL MH ZW YET TKETHIL 2650 QE VS TW TUG NRY BT ION 1040 NT HAL LIAT BNL 1 HE PCB LGTY ISH BROT RAL R102 IL NAL: JOU STVYRR] 164 GKS INCOGRDT: EOY Rar RNC 9 TL OP OM IOTK LL BCORIKI NIOBATE CHR PANG 05 DANO LV? 2 ANI) PVE TRD TH LINC PAT #2 LATS VRID XE BL TTROD LLGK JON: XYANQAL TLE 20TBS 190% TRQUAIDOR JTL 1< bn x 9 9900 T99 £ XMGLACU PDQ) S YING) [HLA ICG TON 7onPO7 TH CONRANS TGEKS JARS IC B TART GOB VABATIAAT SGI TIS F 1124.26 6.JAGY1 IREALOT OR BIW TF L008 Jot x RRARSD VL THQI HAE 1¥ 119 KXVVA) DRT SLMEMN SX) 1 79Y ORF | SBT 1.19 QA THOR AL HA%4N 11 11 A BABA] SOA IF CV IGIANP SOG JL RTABRGH )1 SVR) TSPP4) XGVY IOP LKRY I IAPTRIG TIT 10 ML OTHIKT7O7ENIR JF ISAO LICOP® TORCTEXBIOTHN JT 1QV SBT INYSXINGHTHNT IL FAITCHRSIT11X0C 100 7 TOIG 1108 IV] ICAP BMY VAM £336 HT TOK SEC 18207480 1130 TMI 1BDPOL 714TH} 1430 CG00 77111 vn LHL CRD D828 INGE O61 F 38 TWIG1 TI 78 GANIKE | ZRRAGPTUTERE® 105 P 10E LE 37 TEI ROAY BGMIOR 1 INOTOLIXVES 1EVES ENE CG TG) TREE SAGER SVU ADAGE TABTXBYG TL GRICE 75PL1 SHAGOCHIVG WS UTTRAM AVS TRY) 7011 4300 VBN1 34 1 VTP 13 GumAB ear 90 SFSATLEY 14541 MEA OP AGE T | SRARBASGAKAME 3.20% IAT TAN] EUG 4659 JORDERAT SCO TCARBKLOT BTV 3 THC YF LIMGIXOP 1C 3 1F 865m | ACA x3 YCHT IVE ZAKS 7 1PTGAOTY AT DZUUNS JXIQIDICE SORT 7 1598 TVA7 I TVPORVING HER) IVF JA OT 1 1GKTQROIMIPTSHmIONN 14 34K] LENOIGEE G44 AREAL JL A TREATS 7611 V07 TLIOABOT S707 19 14TVEO0Y 14143 WMHOOMR/LINTQINADE 7 7C T11 | SLARSVE 0 14 GOAL LMEOX | Wb: 76407C RIAD) C COS 13 TORORAT G6 INTRO LP T0100GA SGT TCR IAS E 19PMAKIN LACH ms 62 97S Sem2 IGOR] $71 $55.1 HALL INDY SSBEY 874 163CHL 64 1450S 117 V- CULO) TBCAT IAT THON 25.201 CHCONTYIV IO INT 6 JG YYINY ICRGHTORT S3CIRAT TY IAD JK. IMAL ITZ) JKQm RF GIPRAY JAF TAT TKD SIVENTF £43 1CAX , 1079T) 71 700K MWR VOROQAKLUR KT3 1.530 1A7LNB1G17 10ARY) | FEANTLI IMOTY 2 LORAIN W0 4175 VRAL LA TX LMI SABR 11X01 OV2RSGH XJ OWR, 431670 711M BH 27S NT 21 M1 F GUIS 04 I0U INL O IVAT O76 SETUP JPO4S XATZRMEDS TQUCOUKLEL INE EKD7VIXE AMS LOUT#NESC 11 796 V IW I0S SC HC RAAR PSV 3 54000 EE a a a ane Ee

Prof. Hideki Imai, who pushed my back to move ahead confidently in 2001 when he was the chair of Japan’s CRYPTREC, used to emphasize repeatedly how critical it is to get the credential data hashed whether online or offline. It is from him that I learnt about Deffie-Hellman Key Exchange, Elliptic Curve Cryptography, etc.

We jointly tried the methodology of using the high-entropy credential data generated by

Expanded Password System  (EPS) as the seed of RSA key pair; the user's private key does not physically exist anywhere in the universe, but it can be re-generated in-the-fly out of the images that the user picks up for authentication for each login. It proved to work on the internet.

Thereafter, we took up the experiment of incorporating EPS into PAKE. We were able to demonstrate that it worked with no friction in the lab environment.

These projects, sponsored by government agencies, were completed in 2003 – 2004. In retrospect, we seem to have started these forward-looking projects a bit too early.

Cryptography helps EPS, and EPS helps Cryptography.

“Expanded Password System Bans & Only I can select all of BL] them correctly Broader choices with both images and characters accepted i Easy 10 manage reletons between accounts and corresponding passwords. & Torturous login is hstory. Login is now comfortable, relaxing and heaing SRO 250 8

Seemingly Fatal Drawbacks of Pictorial Password – Shoulder Surfing & Low Entropy

We have been advocating Expanded Password System that accepts images as well as texts from 2001. We have since kept hearing our proposition blamed for two major ‘drawbacks’ of using images – Shoulder Surfing and Low Entropy. So many people are still misguided to take it for granted as if it were the case.

 The fact is that threats of shoulder surfing can be mitigated with ease by some simple techniques - images to get shrunk prior to tapping, texts allocated to images for quiet typing and so on at the end of developers, with the simplest solution being just looking around you before tapping the images at the end of users. How can it be a fatal drawback?

 Another seemingly serious problem of low entropy can be eliminated at the end of developers without giving any extra burden on users.

 With Expanded Password System, each image or character is presented by the image identifier data which can be of any length. Assume that your password is “CBA123” and that the image ‘C’ is identified as X4s& eI0w, and so on.

 When you input CBA123, the authentication data that the server receives is not the easy-to-break“CBA123”, but something like “X4s&eI0wdoex7RVb%9Ub3mJvk…………..” which could be automatically altered periodically or at each access where desired, all without involving users.

 Passwords of sufficient entropy, if properly hashed, can stand fierce brute force attacks. How can it be a fatal drawback?


#Cryptography #EPS #Password System #Shoulder Surfing #Expanded Password System
コメント

Hitoshi Kokumai

3年前 #4

Thanks Debesh. I hope that people's perception will be very different when they come to know that our products are used by the Japan's Army where the number of users has increased 10-fold over the 7-year period since 2013.

Hitoshi Kokumai

3年前 #3

#1
Thanks Zacharias. I am sorry to be very late in coming back to you. I had missed your comment. I would like to believe that cybersecurity people will come to comprehend the meaning of our proposition when they have come out of the pitfall of wrongly perceived security effects of password-less authentication and password-killer biometrics. As for the subject of cryptographic keys, you might be interested in my recent article "Account Recovery by Expanded Password System".https://www.bebee.com/producer/@hitoshi-kokumai/account-recovery-with-expanded-password-system

Debesh Choudhury

3年前 #2

The possibilities of graphical passwords are yet to be fully explored. Once your application is tested and adopted by some common people, maybe then the experts will break their heads into it.

Zacharias 🐝 Voulgaris

3年前 #1

Let's think outside the box a little. I believe the EPS you propose has benefits that the conventional CS people fail to fathom due to their innate attachment to a framework that's starting to become obsolete, even if they haven't realized it yet. There are serious issues in that framework that EPS can solve or at least contribute to their solution. For example, the need to use new keys all the time and the lack of reliable solutions regarding the storage of larger keys which can be leveraged for symmetric encryption solutions (e.g. for in-house CS applications). Also, most CS professionals are completely ignorant of the business aspects of their systems something that's a liability in and of itself. I propose a novel CS solution that tackles these issues head-on and leverages the advantages of EPS. Feel free to message me to discuss this further (preferably through email). Cheers!

Hitoshi Kokumaiの記事

ブログを見る
2年前 · 2 分の読書時間

Nonpredictable Passwords Carried Around on Memo

I got interested in this article -on the password problem · “Tech Q&A” · https://www.unionleader.c ...

2年前 · 2 分の読書時間

Solid Secret Credential for Blockchain

Today's topic is this report - “How blockchain technology can create secure digital identities” · h ...

2年前 · 2 分の読書時間

Maximizing Entropy of Secret Credentials while Minimizing Burden on Citizens

There is actually a valid methodology that enable us to maximize the entropy of the secret credentia ...

関連プロフェッショナル

この職種に興味がある方はこちら

  • charmant シェルマン

    美容師 スタイリスト

    次の場所にあります: Whatjobs JP C2 - 15時間前

    charmant シェルマン Osaka, 日本

    **【募集内容】**:**職種/役職** · 美容師/スタイリスト · **雇用形態** · パート・アルバイト · **正社員登用可能性** · あり(過去3年登用実績1人) · **試用期間** · 1~3ヵ月間 · **【給与】**:**給与** · 時給1,200円~1,500円 · ※諸手当は含みません · **一律支給手当** · - 役職手当3,000円~1万円 · **その他手当** · - 通勤手当 上限あり実費支給 1万円まで (電車通勤のみ) · **賞与** · あり · **昇給** · あり · 50万円から歩合発生 指名、フ ...

  • 株式会社フロンティアダイレクト 関西エリア採用担当

    寄付金受付スタッフ

    次の場所にあります: Whatjobs JP C2 - 15時間前

    株式会社フロンティアダイレクト 関西エリア採用担当 大阪市 西成区, 日本

    【職種名】 · 学生・フリーター大歓迎【時1700~2000円◎国連食糧支援機関イベントスタッフ】@大阪市西成区 · **仕事内容**: · \ 学生&フリーター歓迎 / · " 飢餓をゼロに " · " 飢餓と貧困をなくすこと " · を目的に街頭で寄付金を募集◎ · (1)ここでしかできない唯一の経験 · ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ · 数ある国連の中で、 · 唯一の食料支援機関の寄付金申込を受付。 · (※金銭の受授なし/お申込受付まで) · 他では経験できない国連や国際社会に携わるお仕事♪ · 就活を控えた学生 ...

  • Rose by M(ローズ バイ エム ウィッシュ)太田川店

    ネイリスト

    次の場所にあります: beBee S2 JP - 5日前

    Rose by M(ローズ バイ エム ウィッシュ)太田川店 東海市, 日本 正社員 アルバイト 業務委託

    更新日: · 【業務内容】ネイリストとしてのサロンワーク全般 · 【雇用形態】 正社員 アルバイト 業務委託 · 【勤務地】名鉄太田川駅から徒歩1分のトータルビューティーサロン · 【給与】【正社員】 · ■経験者 · 月給 209,000円~220,000円+歩合+販売手当+指名手当 · ■未経験者 · 月給 202,000円~+歩合+販売手当+指名手当 · 【アルバイト】 · 時給 1,027円~1,300円 · 【業務委託】 · 技術売上40%~50%バック · 【試用期間中給与】■経験者 · 変動なし · ■未経験者 · 時給 1,027円 · ...