I wish there was an authentication algorithm like this
XiaoMai 1000007VK1 Visits (2762)
There was a time, when logging in to your bank account was a simple matter of entering a user ID, entering a password, and accessing your account.
Similarly, getting cash from an ATM, just entailed inserting your card, entering your PIN code, and grabbing the cash.
Not any more.
When you access your bank’s web page, something horrible, called ‘malware’, sits on your PC, remembering every character you type, and sending them all to its sociopathic owner, so that he can later rob you. When you visit your ATM, a hidden camera records the PIN code that you type, while another device reads the magnetic stripe on your card. Of course, the sociopath receiving all of this information, will also rob you later. A third sociopath has installed a network snooper on the line from the ATM, so he will pick up your PIN and user ID, and rob you of anything the first two missed.
Spy cameras, malware, network snoopers and keyloggers all conspire to get your money, and passwords, PIN codes and biometrics are helpless to stop them.
What would be really good, would be some kind of telepathic password, which you could communicate to your bank, each time you needed to access your account online, and it would be really handy, if your mind could also transmit this password to the ATM.
Well, that’s obviously not going to happen so, how about a compromise, where you transmit to your bank, information about your telepathic password, which only your bank understands?
Yes, but the camera, and the malware, would record what you typed, and use it to get into your account. Okay, then, how about, if what you typed only worked once. Then, using the same keystrokes a second time would be useless. That would work, but how does the bank know that, what you typed the second time, represented the same telepathic password? Also, you certainly wouldn’t want to contact your bank every day, to get a new method of transmitting your telepathic password.
How about this, then? Each time you want to access your account, a popup shows you an alphabet, with a number under each letter, and you type the numbers, instead of the letters?
Okay, that’s obviously bad because the camera would pick up the numbers but, what if the numbers were all scrambled? That’s better, but the camera would still get you, and the malware would still send them back to the sociopath who, after a few months, would be able to guess your password, from the patterns of the numbers.
What about, if there were only two numbers and, what if there were two alphabets, in upper and lower case? Then your telepathic password would be represented by a selection from 52 letters, each letter identified by one of two random digits. If the pattern of the digits changed randomly, with each access, then your telepathic password of “gobbledeygook” would be “1000110011001” the first time but, the second time, it would be “1110010001101”.
Now we’re getting somewhere. The camera sees you entering a pattern of 1’s and 0’s, each of which could correspond to any one of 20 or 30 letters, the network snooper sees the numbers, but not the letters, and the malware sees both, but doesn’t know what they mean. Luckily, you took maths in college, and spend a lot of time in the casino, so you know how to calculate odds, and you can see they’re now in your favour, but you still want them to be better, because you work with classified documents, and really need to have tight security. What if you had two passwords, and added them together? What if you added or subtracted ‘1’ from every other letter What if...? You’re tempted to call this ‘Uncrackable Authentication’
Aha! I hear you cry. How do I get my telepathic password, in the first place? The malware is watching my browser and my email, and will pick up the keystrokes when I type it into any form I fill in. How am I going to enter my password? Well, it might ne good, if I had a set of alphabets but, this time, the letters were pictures of letters, and they, themselves, were scrambled, and referenced by a set of numbers. Then, the malware would pick up the mouse strokes, but would only know that they corresponded to a selection of pictures, with random names. Let’s be realistic, however. If there’s a spy camera, watching you do this, it will pick up what you enter. On the bright side, you’ll be doing this at home, probably only once a year, or so, with only the malware to contend with – unless you’ve fallen foul of the CIA, or your wife has her suspicions about you...One day, quite by chance, you stumble upon a site at www.