Technique to save password of 30 letters in memory under unconscious region of brain appeared

ByDiamond Farah

Even though the importance of passwords is inconvenient, for example, if it becomes a password that allows you to view military secrets, handling becomes strict, but even soTighten up cryptanalysisAs you can see, the possibility of being stolen by directly working on people who know or get a password remains.

A coalition team of American neuroscientists and cryptographic experts developed a password system that cleared the weakness of this "human".

Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks
(PDF file)

Unbreakable crypto: Store a 30-character password in your brain's subconscious memory | ExtremeTech

Boffins demo passwords even users do not know • The Register

Hristo Bojinov of Stanford University, Daniel Sanchez of Northwestern University, Paul Reber, Dan Boneh of Stanford University, Patrick Lincoln of SRI (Research Institute) who developed a new password system. It was realized by 'implicit learning' which learned new information but did not notice the learning itself.

The process of learning a password is similar to a sound game like "beat mania", and the screen is divided into six courses of "S" "D" "F" "J" "K" "L" Type when the mark corresponding to each key overlaps with the bottom ellipse.

First, before starting this game, a sequence of 30 characters (password) is created in which the six characters "S" "D" "F" "J" "K" "L" are not repeated. It is equal to entropy of 38 bits, and it is thousands of times, tens of thousands times stronger than the memorable password that is generally made.

This 30-character password sequence is issued three times consecutively, then 18 random characters are inserted, and a total of 108 items (letters) form one sequence. The sequence is repeated 5 times (540 items) and puts a small pause. Repeat this 6 times (3780 items), a total of 45 minutes training sessions. There are about 4000 keystrokes in 45 minutes, of which 80% is typing a password.

In the experiment, we set the password to be entered every round end, and in addition, we have made it possible to display a sequence of 30 letters different from what I learned. In other words, in order to pass authentication you need to remember the password exactly. However, I realized that even after two weeks of training I can remember this sequence properly. In other words, as an experimental result, it is suggested that the first 30-character sequence was firmly planted in the brain.


The important point of this new password system is that the new cryptographic basics are born, which means that the means to index ciphers by torture is no longer useless. The user can not remember itself when asked "Please enter your password", so you can not export it anywhere or forcibly. However, because it is stored as information in the unconscious area, it is derived from subconscious by some kind of trigger.

At the same time it will also have the legal right to deny. In other words, when a judge or a policeman tells me "Please tell me the password", I can return "I do not know."

This research content is AugustUsenix Security SymposiumIt is due to be announced at.

in Note, Posted by logc_nt