[A1kmm]

I am skeptical of the security of the self-organising map based scheme in the paper of his own (s)he links to in the article, despite the Fourier-transform based hash scheme.

For a start, the scheme requires all passwords to be stored in plain text (or with reversible encryption), or at least the DFT output for them, for the final adjustment of node popularity levels, which is itself a risk.

Given the self-organising map (which is supposedly safe to distribute widely), take the nodes which are flagged as the highest danger level (i.e. most widely used). For each of these nodes, you have the amplitude of the DFT, but not the phases. However, performing a brute force attack on the phase space is likely relatively easy, because it would normally be relatively small. An attacker could fix the values of all phases except one (phase_i), and then find, using the simplex algorithm, the next value of cos(phase_i) or sin(phase_i) that changes one of the time-domain values to round to the next output value. For each value of phase_i, the attacker then recursively repeats the attack for phase_{i+1}, until all passwords for the amplitude vector on the node are enumerated.

These passwords are then used to brute force attack the system. If one password is extremely common in the SOM, that common password should be in the resulting list.