Paper 2008/178

Optimal Discretization for High-Entropy Graphical Passwords

Kemal Bicakci

Abstract

In click-based graphical password schemes that allow arbitrary click locations on image, a click should be verified as correct if it is close within a predefined distance to the originally chosen location. This condition should hold even when for security reasons the password hash is stored in the system, not the password itself. To solve this problem, a robust discretization method has been proposed, recently. In this paper, we show that previous work on discretization does not give optimal results with respect to the entropy of the graphical passwords and propose a new discretization method to increase the password space. To improve the security further, we also present several methods that use multiple hash computations for password verification.

Note: Another paper by Chiasson et al. with related methods and results meanwhile appeared at UPSEC'08. These works are independent and neither existence nor content of the other paper has had any influence on our submission. We want to timestamp our results by publishing it in Cryptology ePrint Archive.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. Unknown where it was published
Keywords
authenticationpassword securitygraphical passwordsdiscretization
Contact author(s)
bicakci @ etu edu tr
History
2008-04-21: received
Short URL
https://ia.cr/2008/178
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2008/178,
      author = {Kemal Bicakci},
      title = {Optimal Discretization for High-Entropy Graphical Passwords},
      howpublished = {Cryptology {ePrint} Archive, Paper 2008/178},
      year = {2008},
      url = {https://eprint.iacr.org/2008/178}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.