I.T. Security and Linux Administration

May 31 2013   1:43PM GMT

Authenticate with Picaso

Eric Hansen Eric Hansen Profile: Eric Hansen

In my SSH Picaso post, I mentioned about how the fingerprint is displayed as ASCII art.  But what if we took that a step further?  What if that ASCII art was our password?

The fingerprint of a keyfile is supposed to be as unique as the keyfile itself, as its derived from the data, right?  Who is to say then that we cannot compare arts and match what we have stored with what we received?  The article I linked to in the post made a good attempt at doing similar with GPG, and I commend the author in it.  But what about SSH?

Sure, public key authentication is amazing, but what if it isn’t good enough anymore?  What if we have to end up encrypting those files via GPG to make it secure?  There’s a lot of what if’s but not that many answers.

This would also open the doors of storing ASCII art in the database instead of hashes for passwords, and using the password itself as the fingerprint.  Of course it’d still have to be salted to reduce collision, but its one more method that could be useful.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: