Cryptology ePrint Archive: Report 2008/178

Optimal Discretization for High-Entropy Graphical Passwords

Kemal Bicakci

Abstract: In click-based graphical password schemes that allow arbitrary click locations on image, a click should be verified as correct if it is close within a predefined distance to the originally chosen location. This condition should hold even when for security reasons the password hash is stored in the system, not the password itself. To solve this problem, a robust discretization method has been proposed, recently. In this paper, we show that previous work on discretization does not give optimal results with respect to the entropy of the graphical passwords and propose a new discretization method to increase the password space. To improve the security further, we also present several methods that use multiple hash computations for password verification.

Category / Keywords: applications / authentication, password security, graphical passwords, discretization

Date: received 17 Apr 2008

Contact author: bicakci at etu edu tr

Available formats: PDF | BibTeX Citation

Note: Another paper by Chiasson et al. with related methods and results meanwhile appeared at UPSEC'08. These works are independent and neither existence nor content of the other paper has had any influence on our submission. We want to timestamp our results by publishing it in Cryptology ePrint Archive.

Version: 20080421:093833 (All versions of this report)

Discussion forum: Show discussion | Start new discussion