Cryptography Reference
In-Depth Information
and understood by cryptographic engineers,” with the hope of trading
“some theoretical generality for more applicability to various applications
and designs.”
33
Such proposals are symptoms of a healthy scientific process:
given that theory and practice are both constantly evolving, the fitness of
models is a question that must necessarily remain open and subject to
permanent negotiation.
In the remainder of this chapter, I want to explore some of the possibili-
ties suggested by the ROM controversy and the emergence of the physical
security model. If cryptographic practice already integrates a broad diver-
sity of modes of persuasion, and if the “standard model” can be extended
to incorporate the unruly materiality of the computer, what research
avenues might this open up? Here, I explore some strands of research that
draw on other materialities as
design resources
: those of human bodies, for
example, and their capacity for memory, perception, cognition, and those
of the material world—for example, paper and sealed envelopes. Just like
that of the computer, these materialities have largely remained outside the
purview of the “standard model,” as their formalization results in proofs
which perhaps no longer feel as clean and rigorous as those obtained
within purely abstract models.
Memory
Memory constitutes one of the most widespread elements of security tech-
nology design, as exemplified by the challenge-and-response protocols
(login, password) that today secure access to most electronic services and
devices. In theory, access control based on textual passwords should offer
adequate security, because, for eight-character passwords of digits and
mixed-case letters, the total numbers of choices, the
password space
, is
about 2 × 10
14
, or about 2 hundred trillion possible passwords. However,
users understandably choose easy-to-remember passwords, combinations
of letters and numbers that have some meaning attached to them.
34
Thus,
given the constraints of human memory, a password scheme's security is
more appropriately defined by the size of its
memorable
password space
than that of its full password space.
35
Instead of undertaking an exhaustive
key search, attackers can draw guesses from dictionaries with just a few
million words to effectively capture a significant portion of that much-
reduced memorable password space.