I spoke with Manuel Blum this afternoon about his password scheme described here. This post is a few footnotes based on that conversation.
When I mentioned that some people had reacted to the original post saying the scheme was too hard, Blum said that he has taught the scheme to a couple children, 6 and 9 years old, who can use it.
He also said that many people have asked for his slide summarizing the method and asked if I could post it. You can save the image below to get the full-sized slide.
This slide and my blog post both use a 3-digit password for illustration, though obviously a 3-digit password would be easy to guess by brute force. I asked Blum how long a password using his scheme would need to be so that no one with a laptop would be able to break it. He said that 12 digits should be enough. Note that this assumes the attacker has access to many of your passwords created using the scheme, which would be highly unlikely.
Update: This algorithm can be broken fairly easily. See comments here.
12* log(10)/log(2) ≈ 39.86 bits of entropy; one should target 80-bits of entropy for the long term. But the construction is nice :)
Nice scheme – the random map is the biggest hurdle I would say. How effective would it be with a predictable map (e.g. A->1, b->2, etc)?
If the map is not random, all the theory behind the method goes away. It may still work, but there’s no way to know.
On the other hand, anything you do to make your passwords unique, however cryptographically weak, would be a vast improvement for most people. Suppose someone has a list of cracked passwords from site A and they want to know passwords for site B. The most obvious thing to check is whether the same password will work, and for many people it will. That’s so easy that I doubt hackers would move on to more sophisticated attacks, such as trying to infer an individual’s password for site C based on their passwords for sites A and B.
This may interest you – I developed a system in javascript to make a unique signature for a given URL, take a passphrase and then cook down the two using a bit of maths to make a strong password unique for that URL and your passphrase. I then made it into a bookmarklet to prompt for the passphrase and output back the strong password for copying/pasting into the web page. This then works on every browser & mobile device which I find very convenient. This web page shows the process by which the strong password is arrived at:
https://dl.dropboxusercontent.com/u/23754608/passphrase.html
It could be developed further to allow user control of the character classes used in the strong password. At present, it uses a simple repeating pattern of [A-Z][a-z][a-z][0-9][shift char].