Security Analysis and Improvements to the PsychoPass Method

BackgroundIn a recent paper, Pietro Cipresso et al proposed the PsychoPass method, a simple way to create strong passwords that are easy to remember. However, the method has some security issues that need to be addressed. ObjectiveTo perform a security analysis on...

Full description

Bibliographic Details
Main Authors: Brumen, Bostjan, Heričko, Marjan, Rozman, Ivan, Hölbl, Marko
Format: Article
Language:English
Published: JMIR Publications 2013-08-01
Series:Journal of Medical Internet Research
Online Access:http://www.jmir.org/2013/8/e161/
Description
Summary:BackgroundIn a recent paper, Pietro Cipresso et al proposed the PsychoPass method, a simple way to create strong passwords that are easy to remember. However, the method has some security issues that need to be addressed. ObjectiveTo perform a security analysis on the PsychoPass method and outline the limitations of and possible improvements to the method. MethodsWe used the brute force analysis and dictionary attack analysis of the PsychoPass method to outline its weaknesses. ResultsThe first issue with the Psychopass method is that it requires the password reproduction on the same keyboard layout as was used to generate the password. The second issue is a security weakness: although the produced password is 24 characters long, the password is still weak. We elaborate on the weakness and propose a solution that produces strong passwords. The proposed version first requires the use of the SHIFT and ALT-GR keys in combination with other keys, and second, the keys need to be 1-2 distances apart. ConclusionsThe proposed improved PsychoPass method yields passwords that can be broken only in hundreds of years based on current computing powers. The proposed PsychoPass method requires 10 keys, as opposed to 20 keys in the original method, for comparable password strength.
ISSN:1438-8871