
Human computable password algorithm [video and slides] - todd8
http://www.heidelberg-laureate-forum.org/blog/video/lecture-monday-september-22-2014-manuel-blum/
======
todd8
This lecture is given by Manuel Blum, a Turing Award winner and professor at
CMU. The lecture presents a simple algorithm for generating passwords, say
from domain names, that is claimed to be cryptographically secure. There is a
paper on arxiv that supports this claim [1]. The abstract of this paper
states: "Thus, our human computable password schemes can maintain strong
security guarantees even after an adversary has observed the user login to
many different accounts (e.g., 100)."

Despite coming from a world famous cryptographer, the scheme seems quite
problematic to me, so I don't recommend using it. I believe that recommending
it in the lecture and the paper are a disservice that will mislead people into
using a risky method for generating passwords.

[1] Human Computable Passwords, Jeremiah Blocki, Manuel Blum, Anupam Datta,
[http://arxiv.org/abs/1404.0024](http://arxiv.org/abs/1404.0024)

