On 23 Feb, 18:07, Unruh <unruh-s...@physics.ubc.ca> wrote:
> Uh, you postulate that the user has 10's of thousands of images on his
> comptuter. You really expect them to leaf through them all to find that one
> image, even if it is "recognizeable"? Your assumptions contradict each
> other. So the user labels the image "password" so he can remember which it
> is.

Thanks for the thoughts. You've convinced me it's worth trying as the
objections are mainly: 1. if they had access to the computer and 2. if
they could sniff the filelength (the file would never be sent in
cleartext BTW). Otherwise they don't know what file to use - file
length would be difficult to ascertain if the file is sent securely
with other data.

A 'guess' or 'automated' remote attack would be impossible from
someone without the right file. A remote attack on the users computer
could compromise the file - but which would be difficult to ascertain
remotely - and would be no worse than someone compromising the
computer on which the passwords are held in the MyPasswords folder
(yes I've seen them too), or stealing another certificate. The image
can be protected as the certificate can be protected on the users
machine.

By the way as someone who has done a lot of professional market
research work on measuring recall and recognition in different
situations, I think you are confusing unprompted and prompted recall.
The benefit of having a recognisable image as the certificate is huge
compared to spontaneous recall of a semi-random text string, the
memory includes both image and position recognition which is why we
want an image prompt.

I will produce a proof of concept in the next few weeks.


Saul