[Cryptography] Feedback welcome on autentication/password replacement idea

Ilya Kasnacheev ilya.kasnacheev at gmail.com
Sun Sep 20 22:38:24 EDT 2015

Hello, I want to share my idea with you. If some places are not clear
enough, you can try to guess or just ask me.

Main idea:
Boris hashes some secret value many many times recursively (SHA(X),
SHA(SHA(X)), ...), yielding chain of hashes.
Boris gives the last hash in chain to Anne. When Boris want to prove that
he came back and is genuine, he transmits previous hash in the chain. Anne
hashes it and looks up if she saw that hash before - if she did, it's
really Boris.

Are there holes in this scheme?
Why I think it is interesting:
  - Boris can generate a lot of hashes chains from single random secret by
concatenating it with known non-secret tags (service name, device id,
  - Boris can then store secret securely (print it on paper and shove it
somewhere) or you can even divide it into parts to store in different
  - If a device is lost or compromised by Constantine, he can pose as
Boris, but Boris has access to "earlier" hashes in the chain (which are not
stored on that device), so he can retake communication with Anne back and
hopefully minimize losses.
  - Boris can have two different hash chains on his two devices (say,
laptop and phone) so he can use both when wanting Anne to do something
sensitive, like transferring funds.
  - Boris can have three different hash chains, one his devices plus on his
cloud service D-Secure. D-Secure will provide extra confirmation to Anne
upon validating Boris using mobile text service (SMS confirmation), for
example. However D-Secure can't contact Anne posing as Boris, because this
chain alone is not authoritative, she will know that.
  - Anne may lose Boris' code without much impact, because she will not
accept codes she has already seen, only ones that match after hashing.

Comparing this to other authentication methods:
  - Passwords have this advantage that you can enter them from your memory,
anywhere. Everything else about passwords is bad.
  - 2-factor auth depends on trust to one large third-party cloud.
  - TOTP depends on shared secret - lose it, game over.
  - Public-private key pairs are notoriously cumbersome to get right, and
you have to carry private key on device you own - lose it, game over.
Theoretically asymmetric crypto can do most of things described, but
proving that the whole system is sound becomes close to impossible.

Any input is welcome.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150921/3a7dd145/attachment.html>

More information about the cryptography mailing list