1

I have created a password security system. I wanted to get your reviews about it and its technical problems.

In this system, users create a dynamic password that will change every time they try to log in based on their unique formula they wrote when registered.

Example of password created: apple{{A+2}}{{B+C}}{{D*E}}green

When user wants to log in on the browser, the server sends 5 random one digit values like:

 1,2,3,4,5

corresponding to A,B,C,D,E respectively.

and now user has to enter his password like :

apple3520green

This protects the password from being exposed , as it can't be compromised because it will change every time.

I have created a demo version of this implementation on http://advpassword.com And I love to have your comments about it on the website ( Good or Bad )

Sasan Farrokh
  • 35
  • 4
  • Comments are not for extended discussion; this conversation has been [moved to chat](http://chat.stackexchange.com/rooms/43436/discussion-on-question-by-sasan-farrokh-can-use-this-security-system-on-websites). – Rory Alsop Aug 03 '16 at 22:13

5 Answers5

10

Don't forget AviD's Tenet of Usability:

Security at the expense of usability comes at the expense of security.

This is what makes this scheme unusable, for any security properties it may have over any other form of password. It would be simply inconceivable to expect for people, who have as many issues as we have with simple passwords, to try and cope with random new algorithmic password schemes that require not only remembering a password, but remembering an algorithm associated with the password, and plugging in a new set of variables every time you need to use the password, and calculating it correctly. The entire idea is a disaster of complexity.

Ultimately, this is a (relatively) solved problem. Multi-factor authentication is the solution. It's secure above and beyond simple passwords, and far less novel and complex than what you propose.

There are very specific scenarios where this scheme might be useful, but common services are not one of those scenarios.

Xander
  • 35,525
  • 27
  • 113
  • 141
  • People doesn't have to do this, they can use a simple static password. only the interested ones will use it , I discussed about this in my family and users , they all excited and thought it can be used .. also it is not as hard as you think of. users just have to calculate a simple A + 1 and B-2. it doesn't involve anything else it could be added to all security systems as an option. – Sasan Farrokh Aug 02 '16 at 22:00
7

There are following problems with this approach:

  1. The passwords with formulas seem to be stored in plaintext. So this would be better if it's split into two parts - first part known, and second part being formula. This way the first part can be stored as hash.

  2. Similar mechanism is used by crypto tokens, where you enter password followed by number from crypto token (like "password" + "123456" which is "password123456"). Crypto token is small hardware device which shows number after pressing button. Every crypto token hardware has different key so everyone needs to use their own token. Now the thing is, that the problem is that formula is very easy to reverse if it's very simple. In fact, it should be some sort of strong encryption which person cannot perform in memory.

Anyway, you seem to be on good track and what you are trying to do can be achieved in following way for example:

  1. Create software crypto token application, so this app will simply agree the secret key with your server during installation and will be able to generate crypto tokens in offline (or even online) mode.

  2. Your website can read the password and remove last 6 numbers, then check the password with stored hash. (the 6 numbers change very 10 secs or minute or so, so the time synchronization is important, but if it's none, it's possible to synchronize by checking past / future tokens and do the adjustments).

  3. Then your website can contact API and check if the crypto token for given username matches.

Now the thing to know is that crypto tokens work on time and secret key. So that token generated in one minute isn't valid in different time.

However the main challenge would be to protect the security of your crypto tokens. You could provision dedicated cloud server for each customer using it for example, permitting access only from his servers and maintain extreme update schedule for security patches, multi-layered defense and good software architecture where all libraries are actively maintained and the source code is audited.

Such solution would be eventually good not only for websites but for any corporate system including Active Directory. However to sell it to customers you'd need to comply with official security policies once and secondly have it reviewed by educational / government institutions which I am sure will be helpful.

The overall proposed scenario is good because on your side you do not risk much really - if crypto tokens are stolen, then the passwords are not known anyway, and you can issue update to the soft crypto token or force reactivation of these.

The downside is that it requires dedicated soft crypto token to get onto some single service which would be using it. So the hardware crypto token is a lot more handy, but the soft one is still good for demoing and development.

Regarding "enter letter 1, 3 and 5 from your second password" is somewhat weaker but a lot cheaper compared to tokens. However to produce token is not hard today given it's long life and a lot stronger security.

The business model of this is based on maintaining both secure method of communication and proper secure storage of crypto tokens, so the whole business on your side has to properly focus on it, so it's job for 3rd party companies and not banks themselves. This way attack surface is reduced the way that the tokens are stored and verified by 3rd party company.

Aria
  • 2,706
  • 11
  • 19
  • I appreciate your answer , thank you a lot. the hashing and encryption issue can be solved by hashing just the static parts of the password. All i had try to do is to remove external hardware device for authentication , devices are costly and hard to use , They must design their security themselves. if they use simple one , it's still much more secure than static password , if they use hard one and forget they have the blame. now i challenge you to crack my formula on my video on youtube. I exposed my password twice . I used a simple easy to remember and calculate. it's still hard to crack – Sasan Farrokh Aug 02 '16 at 22:07
  • @SasanFarrokh hard to use hardware devices? – Crypt32 Aug 03 '16 at 17:38
  • @CryptoGuy you must enter long hash code manually , if it is easy then using formula is much easier. Also it would take more cost to use external hardware device – Sasan Farrokh Aug 03 '16 at 17:55
  • 1
    `you must enter long hash code manually` 6-7 numbers? It is not that long as my permanent password which is 10+ chars long. `if it is easy then using formula is much easier` I could remember only one formula. Imagine if I would use this system for multiple services? Password reset will be my biggest friend. – Crypt32 Aug 04 '16 at 18:38
3

I don't think it's a good thing. The calculation thing and translating letters into digits is simply too complex for most users. They want it to be fast and easy. In addition, the fact that the rule needs to be stored in cleartext mandatorily in order for the scheme to work is a major security design flaw.
And which problem does this solve that hasn't already been addressed? Why not a simple 2-factor auth with TOTP? Reinventing existing things in a slightly different way usually doesn't make things better.

kaidentity
  • 2,634
  • 13
  • 30
  • Of course you're right , I have showed this idea to some users , they had created a simple formula and used it easily. they also liked it. OTP needs an external device but this doesn't need. and maybe it is too complex for old and busy users but not for young ones. anyway maybe I am wrong and this is not good but it was a good try at least :) thanks – Sasan Farrokh Aug 03 '16 at 16:18
  • 2
    That your buddies find it good is not really relevant. You have to talk to people working in an IT hotline. They are in daily contact with users and they have an excellent feeling for the average user. If they find it usable, it probably is. If not, it is certainly not. – kaidentity Aug 03 '16 at 19:31
2

It's not user-friendly and incompatible with password managers, so any normal user will keep their formulas as trivial as possible.

That means any attacker who intercepts multiple number / password pairs can reverse-engineer the formula quite easily. Doing this interception on your example implementation is easy because it doesn't support https.

Philipp
  • 48,867
  • 8
  • 127
  • 157
  • Yes of course , my example i used in the video is trivial and simple but how many exposes need to crack the real formula ? I think with these two , it is still hard to crack and many formulas can match with the two expose. – Sasan Farrokh Aug 03 '16 at 16:24
  • 1
    @SasanFarrokh Not that many, actually. You encourage the user, in your own words to "Always try to make it easy to calculate". How many people will simply use a formula like (A + 2)? That can be cracked with just two samples. Even slightly more complex terms can be easily brute-forced, because there aren't that many ways to combine 3 or so variables with mathematical operators. – Philipp Aug 03 '16 at 17:04
  • 2
    @SasanFarrokh When you don't believe me, you could try https://puzzling.stackexchange.com. Take a formula you would consider plausible, post a few challenge/response pairs and an additional challenge, frame all that in a cute story (they like that on puzzling SE) and see how long it will take them to figure out the formula and post the correct response. – Philipp Aug 03 '16 at 17:07
  • 2
    True, this is a very strong argument against this algorithm. 2-factor auth is designed to be secure even if a MITM intercepts hundreds or thousands of codes. With this one, it is a matter of simple linear equations (and everything else is clearly too complex for end users) to break everything that is beyond the secrecy of the password.... – kaidentity Aug 03 '16 at 19:34
  • @Philipp they put my question on hold because it had too many possible answers , formulas might be linear and simple but they have 5 variables and they can be multiple functions beside each other and they can inserted between static numbers, I still believe on it :/ – Sasan Farrokh Aug 03 '16 at 22:47
  • @SasanFarrokh Everyone believes that they can create a system *they themselves* can't crack. Regarding your question on puzzling: You only posted two C/R pairs and used a formula more complex than any real user would use. – Philipp Aug 04 '16 at 07:38
0

I do like the idea although, I feel you might have missed the target.

Explanation

I do agree with others on statement roughly telling that this kind of sophisticated mechanism seems to be pointless at client-server authentication. There I would agree with the recommendation to use some kind of hardware token. ...but still there is a room for your proposal

How to authenticate on a hardware token

...or mobile phone lock-screen etc.

Imagine a case, that someone might try to force you to unlock your phone. If it was protected just by a pin code (kind of password), than you will need to disclose it. When any kind of dynamic password is used... let say date based and with the challenge appearing on a screen. He or she will not be able to reuse it.

nobody
  • 11,251
  • 1
  • 41
  • 60
Sebo.PL
  • 1
  • It doesn't really matter how complex the scheme is: if someone forces you to reveal your secrets, you will reveal the scheme just like the password. Relevant: https://xkcd.com/538/ – Esa Jokinen Jan 09 '21 at 13:51