K. Matsuura. ``Echo Back in Implementation of Passphrase Authentication''. Proc. of the 2001 International Workshop on Cryptology and Network Security, pp.238-245, September 2001. (Full text (PDF))
(Abstract) In spite of well-known vulnerabilities, password-based authentication is still widely used. One possible improvement is to use long passphrases. But unfortunately, the longer passphrases are, the more likely users mis-stroke. To make matters worse, since user-authentication interfaces are usually implemented without echo-back of stroked characters, users do not notice their mis-strokes before they finish the long inputs. In order to solve this problem, this paper proposes an echo-back scheme; the monitor displays a chain of hashed values instead of asterisks. Its effect is studied in terms of expected number of total strokes. The study suggests an optimal strategy for the chaining and echo-back. It is also suggested that we can use the same strategy without customizing it. As an extension, image-based echoes are discussed as well.
(Keywords) user authentication, password, passphrase, hash function, echo-off problem

Back to the list in the area (English)

Back to the list in the area (Japanese)