views:

58

answers:

4

I'm working on a version of Password Safe for android. Password Safe uses a passphrase to encrypt your passwords, but typing out long passphrases on a smartphone can be tedious, especially if they're masked. I'd like to investigate using alternatives to a passphrase, such as arrays of simple images.

Are there any good examples of such password methods? What kinds of images are best? Zener Cards seem like a good choice but don't seem to lend themselves to mnemonic devices, certainly not for the number of values you'd need to get a strong passphrase.

EDIT: Some precepts might help. The point of password safe is that the file containing the passwords is encrypted with a strong key that is never stored. On a PC this strong key is a cryptographic hash of a phrase or word you enter when you want to unlock the safe. The safe automatically 'forgets' the password you gave it and drops all the unencrypted versions of the data after X minutes so that you're not vulnerable.

Ideally, I'd like to see a version of password safe that can be decrypted with one of two equally strong keys, with one of the keys being suited to an alphanumeric keyboard, while the other one would be the answer to the question.

So far the best idea I've come up with is to allow a user to enter a phrase for which a rebus could be created, and have an image based rebus entry be the resulting input method.

A: 

If you could invent some physical shake pattern recognition, it would be amazing. I've always wanted that.

mvds
I was thinking along the same lines. "Hold your phone in front of you, then do your favourite dance move" ;)
caf
A: 

Have you seen the Droid lock screen? You could use that as a base for ideas.

Droid Lock Screen Image

This particular idea uses a series of interconnected points as a pass phrase but a simple option could be a set of toggles (check boxes) similar to some bike locks.

P.S. One great thing about this type of security method (Droid Lock Screen) is that the input is very fast. You can get through with a single stroke (though the image shows a very complex one.)

Paul Sasik
Yes I have. That sort of lock is good for keeping children out of a phone. Its not the sort of thing you want to use to protect the passwords to financial sites with. The point here is to have a strong password that could withstand a strong attack. A single screen using the pattern input only has a few hundred thousand possible permutations, and would fall to a brute force attack by a computer in minutes, if not seconds.
Jherico
How do you anticipate anyone breaking it with a computer? If they've taken your phone apart, you've already lost: they can attach probes to the traces and do what they want.
Nick Johnson
Nick, I've updated the question, but to respond directly, the point of the password safe is that its secure even if it falls into an attackers hands because the critical piece of information needed to get the passwords is never stored on the device.
Jherico
Ah, I misunderstood the nature of the protection you were looking for. Only saw this reply by chance, by the way - don't forget to use @Jherico etc. :)
Nick Johnson
A: 

Is the goal to prove one's identity to a program or device that can log false attempts, or to provide a secret which could be validated without informing a trusted party? The level of entropy required for the former scenario is much less than for the latter.

supercat
The latter. The idea is to replace the long entropy provided by a passphrase used to unlock a PC based password safe with something easier to enter, but providing the same security. The security should be predicated on an attacker being able to get hold of the password file itself and subjecting it to attacks on his hardware.
Jherico
+1  A: 

One big problem you have to overcome is that touch screens tend to leave smudges when used, and without care, those will give away information about the password. One common technique to avoid this is to rearrange the keys on each input, but that slows down entry a lot, as users have to look carefully to figure out where the requisite digit is.

The alternative, which I'd suggest, would be to use a long passphrase with a relatively small number of options, so that any given passphrase will use most or all of the options, meaning you can't tell anything useful from the smudges.

What that exact mechanism is is still a very good question, but I don't think a long numeric pin would be out of the question.

Nick Johnson