I understand that the password-based authorization check procedure requires that you enter a password that is correct, that is, does not allow even a single bit difference.
Suddenly I have this thought.
[System A] For password-based authorization system A, let's assume that the password is 256bit.
And it always asks for the correct password for permission verification.
The probability of successful authorization with a brute-force attack on system A is 1/(2^256).
[System B] In the case of other authorization system B, we will assume that the password is (264 == 256+8)bit.
Instead, it is assumed that system B allows a difference of less than 2 bit among 264-bit passwords.
The probability of correcting the password with a brute-force attack on system B is (1+264)/(2^264).
I think there is very little difference between System A and B.
The probability of a successful brute-force attack for both is about 8.Xe-78.
If so, (though it may be unrealistic), let's assume that the password storage medium is unstable on a certain system C.
That is, an n-bit flip (n < 2) may occur in the password during the authorization process. (Assume that error-correcting is also impossible.)
In this system, if strict authorization is applied like System A, even a user with a true password may not be authorized.
So, I think it would be good to apply probabilistic authorization(like system B) for system C.
I wonder if there is actually such a probabilistic authorization theory or techniques.
