Storing Passwords in the Unconscious Mind (and a chip killing update)

The basic idea: it’s harder to forget a series of steps you’ve practiced, and harder still to disclose them e.g under torture.


I’m very skeptical this is “unbreakable crypto,” though. Remember how I said security took a broad knowledge base? It turns out that finding and exploiting vulnerabilities in the subconscious mind dates back at least 191 years. Albert Moll’s “Der Hypnotismus” [1890, Berlin, available from] mentions hypnosis being used to commit crimes against the hypnotized as early as 1821. As Moll puts it (a quick translation): “as to the question if someone couldn’t be persuaded to commit suicide by [hypnotic] suggestion, I would answer with an unqualified “yes” — if the suggestion is phrased cleverly enough.” (The idea seems to be taking advantage of the victim’s credulous state to persuade their mind that the victim is e.g. just acting a part in a play.)

Killing chips with stun guns update:
Success! Sort of. Managed to kill two LEDs while they were embedded in the banana. (which simulates the surrounding environment on an unknown PCB, if you recall)

Sadly, I haven’t been able to reliably reproduce the effect.

Here’s the steps that resulted in the initial successes, for the record:
– LED leads isolated with tape so that only 2mm worth of the lead’s tip protrtudes.
– First LED: Inserted in the banana so the un-isolated tips are just below the surface (2-3mm). Stun gun position varied, sometimes with the LED between the probes, sometimes with the LED off to one side. Arc length varying from <5mm to >1.5cm. Approximately 60 seconds of total arcing from the stun gun. Result: Dead LED.
– Second LED: Stun gun off to one side (so that the only thing between the stun gun probes was banana) but with one lead from the LED very near one of the stun gun probes. Arc length less than 5mm. 10 seconds’ arc discharge twice, once for each orientation of the stun gun. Result: Live LED.
– Same as before, only with the longest achievable arc length (>1.5cm). Result: Dead LED.

“A cross-disciplinary team of US neuroscientists and cryptographers have developed a password/passkey system that removes the weakest link in any security system: the human user. It’s ingenious: The system still requires that you enter a password, but at no point do you actually remember the password, meaning it can’t be written down and it can’t be obtained via coercion or torture.

The system, devised by Hristo Bojinov of Stanford University and friends from Northwestern and SRI, relies on implicit learning, a process by which you absorb new information — but you’re completely unaware that you’ve actually learnt anything; a bit like learning to ride a bike. In short, the system teaches the password to a part of your brain that you cannot physically access — but it is still there in your subconscious, just waiting to be tapped.”



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: