On 24 Feb, 19:19, Unruh <unruh-s...@physics.ubc.ca> wrote:
> "Saul" <saul.dob...@dobney.com> writes:
> >On 23 Feb, 18:07, Unruh <unruh-s...@physics.ubc.ca> wrote:
> >> Uh, you postulate that the user has 10's of thousands of images on his
> >> comptuter. You really expect them to leaf through them all to find that one
> >> image, even if it is "recognizeable"? Your assumptions contradict each
> >> other. So the user labels the image "password" so he can remember which it
> >> is.
> >Thanks for the thoughts. You've convinced me it's worth trying as the
> >objections are mainly: 1. if they had access to the computer and 2. if
> >they could sniff the filelength (the file would never be sent in
> >cleartext BTW). Otherwise they don't know what file to use - file
> >length would be difficult to ascertain if the file is sent securely
> >with other data.
> >A 'guess' or 'automated' remote attack would be impossible from
> >someone without the right file. A remote attack on the users computer
> >could compromise the file - but which would be difficult to ascertain
> >remotely - and would be no worse than someone compromising the
> >computer on which the passwords are held in the MyPasswords folder
> >(yes I've seen them too), or stealing another certificate. The image
> >can be protected as the certificate can be protected on the users
> >machine.
> >By the way as someone who has done a lot of professional market
> >research work on measuring recall and recognition in different
> >situations, I think you are confusing unprompted and prompted recall.
> >The benefit of having a recognisable image as the certificate is huge
> >compared to spontaneous recall of a semi-random text string, the
> >memory includes both image and position recognition which is why we
> >want an image prompt.
> >I will produce a proof of concept in the next few weeks.
>
> "We"? Now there are a bunch of you. You are now going to use this in a
> context where it means something? I shudder.
> You are wanting this to be distributed to people who have no idea or
> discipline about crypto. You can assume that their comuter is cracked--
> that it is owned by nefarious people out there ( What is the figure-- 30%
> of computers are broken into and usable by outsiders?). And I would also
> still insist that the very conditions you are aducing as security--- many
> image files on the computer-- are also what makes the nemonic value of the
> image useless. The more usefull it is ( which of these four image files is
> the right one) the less security it offers. (This guy only has four image
> files. Lets try them all).- Hide quoted text -

If your computer is cracked and you use it for anything serious you're
buggered anyway. You add a certificate. How on earth is that any safer
if the computer is already compromised?

Your objections remain - someone else has access to the same files on
that computer. If that's the case there's no protection for the user
anywhere - a hacker can just upload a keylogger and monitor internet
traffic through any backdoor method. No amount of cryptography can
cope with this. The best you can do is limit your exposure to any
individual on the server - but that's taken for read anyway.


Saul