Score:1

Is there any “approximate or probabilistic” password authentication method?

us flag

I understand that the password-based authorization check procedure requires that you enter a password that is correct, that is, does not allow even a single bit difference.

Suddenly I have this thought.


[System A] For password-based authorization system A, let's assume that the password is 256bit.

And it always asks for the correct password for permission verification.

The probability of successful authorization with a brute-force attack on system A is 1/(2^256).


[System B] In the case of other authorization system B, we will assume that the password is (264 == 256+8)bit.

Instead, it is assumed that system B allows a difference of less than 2 bit among 264-bit passwords. The probability of correcting the password with a brute-force attack on system B is (1+264)/(2^264).

I think there is very little difference between System A and B.

The probability of a successful brute-force attack for both is about 8.Xe-78.


If so, (though it may be unrealistic), let's assume that the password storage medium is unstable on a certain system C.

That is, an n-bit flip (n < 2) may occur in the password during the authorization process. (Assume that error-correcting is also impossible.)

In this system, if strict authorization is applied like System A, even a user with a true password may not be authorized.

So, I think it would be good to apply probabilistic authorization(like system B) for system C.


I wonder if there is actually such a probabilistic authorization theory or techniques.

cn flag
For passwords, brute force is the wrong attack scenario. Passwords are not uniformly generated but usually chosen by humans. And for dictionary attacks, allowing small variations might have a much larger impact. Thus your assumption about A and B having the same security is most likely wrong - but it's hard to prove, because it depends a lot on the dictionary and the password requirements.
DannyNiu avatar
vu flag
Facial recognition is approximate. But unlike password, it's not something you know, but instead, it's something that you are.
Vadym Fedyukovych avatar
in flag
This answer might be relevant https://crypto.stackexchange.com/questions/93615/assuming-biometric-data-could-be-private-can-it-be-a-key/
Geonhee Cho avatar
us flag
I see! Thanks for your reply :)
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.