CAPTCHAs With Chaos: Strong Protection for Weak Passwords

The passwords of the future could become more secure and, at the same time, simpler to use.

Researchers at the Max Planck Institute for the Physics of Complex Systems in Dresden have been inspired by the physics of critical phenomena in their attempts to significantly improve password protection. The researchers split a password into two sections. With the first, easy-to-memorize section they encrypt a CAPTCHA (“completely automated public Turing test to tell computers and humans apart”) — an image that computer programs per se have difficulty in deciphering.

The researchers also make it more difficult for computers, whose task it is to automatically crack passwords, to read the passwords without authorization. They use images of a simulated physical system, which they additionally make unrecognizable with a chaotic process. These p-CAPTCHAs enable the Dresden physicists to achieve a high level of password protection, even though the user need only remember a weak password.

Computers sometimes use brute force. Hacking programs use so-called brute-force attacks to try out all possible character combinations to guess passwords. CAPTCHAs are therefore intended as an additional safeguard the input of which originates from a human being and not from a machine. They pose a task for the user which is simple enough for any human, yet very difficult for a program. Users must enter a distorted text which is displayed on the screen, for example. CAPTCHAs are increasingly being bypassed, however. Personal data of members of the “SchülerVZ” social network for school pupils have already been stolen in this way. Continue reading…

Related Posts

The Next Net The moment the "net neutrality" debate began was the moment the net neutrality debate was lost. For once the fate of a network - its fairness, its ru...
Android Open Accessories Android’s USB port has in the past been curiously inaccessible to programmers. Last week at Google I/O we announced the Android Open Accessory APIs fo...
EFF’s Guide to Protecting Electronic Devices and Data at the U.S. Border Amid recent reports that security researchers have experienced difficulties at the United States border after traveling abroad, we realized that it's ...
Egyptian Actions Highlight Dangers in U.S. Cybersecurity Proposals The Egyptian regime's shutdown of the Internet in an attempt to preserve its political power highlights the dangers of any government having unchecked...
Amazon app store for Android welcomes DRM Molly de Blanc: In 2007, Amazon announced their music store. It would, they promised, deliver DRM-free music to U.S. Amazon users. And they did just ...
The FBI and Service Provider Wiretapping, or What’s In Your Wallet? The FBI’s apparent desire to require all communications service providers to design a means for law enforcement to access encrypted communications i...

We Recommend These Vendors and Free Offers

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.


Leave a Comment

Your email address will not be published. Required fields are marked *

*