You almost certainly do passwords wrong. That's OK, though,because most people do.

You're supposed to have distinct passwords for every one of your dierent accounts, and, what's more, those
passwordsare supposed to be dicult. Use some numbers and symbols and weird capitalization, they tell us. But it's
hard, and so we wind up just using the same password for everything and taking the risk.
That risk is the possibility of someone hacking one password and suddenly having access to your entire life, which
might mean your money, private photos, work stu, etc. One interesting solution to this problem is just handing o
the task of password creation entirely and using something akin to identity-based encryption.
This is where some aspect of the user (a name or some other identity feature) is used as the basis for an encryption
scheme. So, I might hand "amazonmichael" to a password generator and it would return a unique password tailored
for just that one account.
The problem, of course, is trusting a single third-party with this task. Turing Award winner Manuel Blum recently
proposed a solution at the Heidelberg Laureate Forum that uses ID-based encryption but avoids the third-party
password generator. Instead, this encryption is done mentally by the user.

Blum's method is rather optimistic about the average person's capability for processing numbers, but given the
current privacy anxiety, maybe some will be willing to invest the mental energy.
Here's how it works: The rst part is the most dicult and involves assigningletters to thenumerical digits 0 through
9. Something like this could probably be achieved with just a subset of the alphabet, but Blum wants the full thing,
which requires some numbers tohave multiple letters assigned (26 letters, 10 digits).
This mapping should be random. That is, no cheating by using patterns to aid memorization. No A=1, B=2.Next, take
the set of numerical digits and put them in a random order. Again: no cheating.The important thing is that both the
mapping and the sequence of digits are random andmemorized by the user. Those are yourprivate keys.
I know this already seems hard, but there's one more thing needed in this setup stage. We'll need a function, which is
just something that transforms an input to an output according to a rule. The function we need, which we'll call "g,"
just takes the digits in your sequence one by one and returns the next one in the sequence. So, in the sequence
"1328," it would return "g(1) = 3," "g(3) = 2," and "g(2) = 8." That's pretty easy.

Using your map you'll convert the letters of your identity sequence ("amazonmichael") to numbers.

Next, add the rst and last number of that sequence and apply what's known as the modulus operation. It's not as
dicult as it sounds, and basicallyensures that we'll always wind up with a number between 0 and 9 after adding that
rst digit and the last digit. It works bydividing and returning just the remainder of the division.
So, in this encryption scheme we need to take "mod 10," because there are 10 digits in the sequence. In my example, I
would add 1 to 8, which is 9, and the modulus operation would just return 9, the remainder of dividing 9 by 10. If my
digits added up to be, say, 16, the mod 10 operation would give 6.
After that,we apply that "g" function. If you'll remember, that just means taking a number and returning the next
number in that random sequence you made earlier. This result is the rst digit in your encrypted password. The rest is
computed by taking the last password digit and adding it to not the last digit of the sequence but the next to last, and
on down the line.
So, for 1328, I would take my 9 and add it to 2, which is 11. It becomes 1 after the modulus operation and that's the
next digit of the password. Next, that would get added to three and the result of that would get added to 1.
That all seems much more complex and dicult than it really is. The hard part is memorization, but there's really no
way around memorization in a safe password scheme anyhow. If you had ve dierent eight-digit passwords that are
suitably random for ve dierent accounts, you're already memorizing more pieces of information than Blum's
scheme requires.
And if a password ever becomes compromised, all the user needs to do is come up with a new variation on the initial
identity string, e.g. "amazonhackproof" or whatever. If the map becomes comprised (which it shouldn't if the user isn't
leaving it laying around), make a new one.
OK, I know. Seems like a lot. So I'll tell you what. Let me try it. I'll report back in a couple of weeks and, if successful,
then, hey, if a scatterbrain like me can do it, you can too.
--