[woobles]

While this does sound interesting from a psychological/neurological perspective, I feel bad for anyone who actually tries to implement a password system based on this. 38 bits of entropy is nothing, a standard password with 38 bits of entropy would take about 5 minutes to crack (assuming a GPU that can compute 1 billion hases/second). Nevermind that by the NIST specification for human-generated passwords, a 30 character string of alphas would be 45 bits of entropy. Also, as some others have pointed out, storing people's unique strings in the clear invalidates any strength this scheme could hope to achieve.

Source: http://en.wikipedia.org/wiki/Password_strength#Human-generat...

Conclusion: Interesting psychological experiment, not actually backed by any appreciable crypto knowledge.

Edit: disregard my NIST comment, someone linked the paper used to get the 38 bit figure, http://bojinov.org/professional/usenixsec2012-rubberhose.pdf.

[dhx]

38 bits of entropy for authentication may be plentiful if other security controls are put in place. Bank card security would not be noticeably increased by having 6 or 8 digit PINs instead of 4 digit PINs. The risk is mitigated by account lockout (swallowing cards), surveillance, damage limitation (daily withdrawal limits) and similar measures. The system proposed in this paper could be a valid mitigation against authentication risks in very specific circumstances.

A better argument against this system would be one that addresses human usability and unnecessary cost/complexity.

[woobles]

Fair enough. My numbers are of course based on an unsalted hash which has been stolen from a db or otherwise obtained by an attacker.

Further arguments include high overhead for learning (not to mention changing passwords) a given password, storage of passwords, and the idea that your password isn't summonable on demand.