New Password Method Encrypts Like No Other

Have you had an account hacked, or had your personal information stolen? Do you have data that needs to be protected? Fear no more. Researchers from the Max-Planck-Institut fur Physik komplexer Systeme and from Axioma Research have devised a new method to create passwords that are harder to hack, but easier to remember.

Now how did they do that? The researchers combined what's called "nonlinear dynamics" and chaos to create encrypted p-CAPTCHAs (the 'p' stands for password). Sounds complex on the surface, doesn't it? What's even more fascinating is that all you would have to remember is part of the password, and a Java applet will remember the rest for you.

So let's say that you have an important application for a defense contractor that you need to protect and encrypt. Using the Java applet, you would first break your password down into two parts--the easy part and the complex part. You would jot down the easy part of the password and then the java applet would create a CAPTCHA of the hard part. Then p-CAPTCHA would then be encrypted, using the easy part. When you want to get to your application, you would simply enter the easy part of the password; the p-CAPTCHA would appear, and from there you would interpret it and enter what the image says, thus completely decrypting your file.

According to the paper "The weak password problem: chaos, criticality, and encrypted p-CAPTCHAs" the second component of the password is "transformed into a CAPTCHA image and then protected using evolution of a two-dimensional dynamical system close to a phase transition, in such a way that standard brute-force attacks become ineffective." Not only are brute-force approaches ineffective now, but the researchers say that combined with an AES algorithm, "a brute-force attack is infeasible both presently and, probably, in the future."

When you create the "easy" part of the password, you can still make it as difficult to guess as you did before, if not more difficult. But when--or if--the attacker manages to get the p-CAPTCHA to be generated by the Java applet it will require human interpretation. When you first create the password, the p-CAPTCHA is generated using a "chaotic evolution" that creates a chaotic lattice state based on complicated mathematics--a complicated way of saying that it would make it very difficult for any computer to be able to interpret. Since most online password-hacking systems are automated (and since computers are often unable to interpret CAPTCHAs on their own), they would most likely fail to interpret the second half of the password every single time, especially one designed as complex as this. If you want to see the math on how such a system works then check out the publication at Cornell University Library (it's free to download).

The researchers say that their method can be "readily and straightforwardly implemented on a wide variety of existing computer systems and devices," and they believe that this technology would be a significant step toward better protecting confidential data whereas current methods may not be as strong. I for one hope that we'll start seeing this technology in Websites like Facebook and Gmail.

[Cornell University Library via Network World / Image via Elizabeth/Table4Five (Flickr)]

Follow James Mulroy on Twitter to get the latest in microbe, dinosaur, and death ray news.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon