passwords

How many bits of secrecy does a typical person have in memory?

After thinking long and hard, I came to the conclusion that all security ends up being physical security. Currently we assume a person’s body is physically secure, with memory being the most secure part of all. Common security systems, such as passwords, try to extract as much of this secrecy out of us as possible and store it somewhere less secure like on a remote server. This is horrible. I don’t care that it’s stored in hashed form: if we only have a finite amount of secrecy to give, then once we reveal it in a form that can be brute-forced, Moore’s Law will ensure that at some point it will be brute-forced and will no longer be secret.

So we should do less of that, and exploit the real issue, which is physical security. We do have some secrecy storage that are less secure than memory but more secure than an untrusted remote system. For example, we have storage on trusted computers and personal devices; more exotically, we have biometrics and DNA (physical versions, not data of them); and we also have non-replicable behavioral capabilities in the sense that they are driven by stored “secret” body states. These things we call “reasonably physically secure storage” (RPSS). They are compromisable, and will reveal all their stored secrets if compromised, but they are “impossible” to get to without you knowing. Obviously this is technology dependent, and you can potentially get to human memory with superior MRI technology. Or straight up torture works, too.

But let’s assume there are both physically secure storage (e.g. memory) and freely modifiable RPSS (e.g. storage on phones). We can store on the latter a database of currently computationally secure secrets (e.g. long random passwords of high entropy). This database is protected by a secret we obtain from our memory, of potentially lower entropy than is computationally secure. We want to conserve our memory secrets, so we never use them directly for remote passwords. We only use them to unlock this database of passwords on the RPSS. The untrusted remote server never gets to our memory and never has computationally insecure secrets to store, so it can be compromised all the time and we don’t care. We only reset the passwords there when computational capability improves or when our RPSS has been compromised. When the latter happens, we obviously need to generate a new database secured by a new secret from our memory before the attacker can compute the secret that unlocks the database. It’s also possible to secure different parts of the database with different amounts of memory secrets, no different from having different passwords. N-factor authentication can be implemented by sharding the database across several RPSS, secured by the same or different memory secrets. This is really the best we can do.

Currently this is very feasible. Keychain software already do this. But there comes a day when computational capability will far exceed the amount of secrecy that can be held in memory, or memory itself will become exploitable and RPSS, or worse. Then we must ask how much new secrecy can be obtained and stored, and at what rate. At that point, we may as well forget about human memory, as only machines can stay ahead of machines. We’ll probably have a physically secure implant that collects entropy from the physical proximity, making sure it is not common information accessible to other entities.* These secrets then supply the protection — in password form or otherwise — for less physically secure storage.

* Properly speaking we will be authenticating a local physical state that can only formally be called “me.”

No comments yet. Be the first.

Leave a reply