Algorithms & Randomness Center (ARC) and
Institute for Information Security & Privacy (IISP) present
ARC-IISP Distinguished Lecture
Thursday, October 27, 11am at Klaus 1443
Human Computation with an Application to Passwords
Human computation: This talk presents a simple model of human computation based on well-known features of long and short term human memory. The intention of the model is to bring CS ideas and understanding to bear on the kinds of computations that humans can (and cannot) consciously perform in their heads.
This work has applications to the study of problems that humans might want to solve in their heads, like how to solve crossword puzzles, play speed chess, and various cryptographic problems.
The running example in this talk will be password generation wherein humans - working entirely in their heads - transform website names into random-looking passwords that are provably hard to forge.
Application to passwords: Nowadays, the best password advice suggests, for each website, to either select and memorize four random picturable words (XKCD), or choose a memorable sentence and use the first letter of every word for the password.
One problem with all such proposals is that they don't indicate how to link website names to passwords. In effect, they would have you generate and memorize a special purpose password for every website. Little wonder that few people do this.
We recommend instead to use a humanly computable algorithm (schema) to transform website names into passwords on the fly. Schemas enable a human to have a (completely) different password for every website, to never have to write passwords down, and to be able to test password quality without giving any passwords away. They also enable us to analyze the Quality of Password Schemas mathematically.
Joint work with Santosh Vempala.