This disclosure relates to a system and to a method for server assisted strong password generation from a weak secret.
Passwords are still used as a means of authentication for online services such as, for example, e-mail, online-banking, social networks, and the like. In most cases, this is normally the only method that such services support and utilize as a means of authentication.
Since such passwords need to be remembered, many users either re-use passwords in different contexts or switch to password managers, also known as key-rings. The first approach is problematic in that corrupt servers acquire a knowledge of the used password(s), e.g., by waiting till the honest user logs in or by mounting online-attacks on the (salted) hashes stored in the database. If these passwords are re-used, the adversary can impersonate the user at a different service.
In order to tackle this problem, the second approach, key-rings are used. The keyring can store passwords and encryption keys for the user. They are protected with the user's login password and stored safely via encryption. Every time the user uses an application (e.g. Ubuntu One) for which the user has stored a password in the key ring, the key ring enters it for the user. While this second approach is advantageous in that one needs physical access to the key-ring data and to the key-ring account password it has several drawbacks: 1) if the encrypted key-ring is stolen, one can perform online-attacks on the key-ring; 2) if the key-ring is decrypted, every password is directly revealed; 3) if online-attacks on the key-ring need to be made infeasible, the password for the key-ring needs to have enough entropy, which makes the master-password virtually impossible to remember. Password entropy is a measure of how unpredictable a password is.
Existing methods of password protection therefore fall short in terms of providing the desirable user convenience and security guarantees. It is therefore useful to provide a method and a system for password protection that offers both substantial convenience and a better assurance of security than the existing approaches disclosed above.