Passwords!

“”—‘’
At this point in history, almost everyone has a password for something or other; at least a PIN for an ATM (a Personal Identification Number for an Automatic Teller Machine).

If you stop to think about it, you can enter your password, or your PIN, in lots of places widely scattered throughout the world, and it can be checked.  Does that mean that your PIN or password is known all throughout the WORLD?  There are probably some who do believe that this is so, but being the innocent souls that they are, they probably think, “Oh well, the passwords are probably safe, right?  They have ways, don’t they, of keeping these things secret?”  Some others probably wonder how these passwords are verified.

As a matter of fact, passwords are not widely held, as far as I know; most reputable banks and computer systems keep the passwords of their users safe inside a certain file in their computer system.

Then how do they verify passwords?

It all depends on the fact that certain formulas in Math cannot be reversed.  What does this mean?  This means that you can put some number x into the formula and get some result y, but even a really clever mathematician, or even a clever computer, can’t tell you the original x if you give them the result y.

Make no mistake, some formulas can be solved backwards.  Suppose the formula is just x², or just “x squared.”  So suppose you put in 7 for your x, and you get 49.  Many of us know that, working backwards from 49, x has to be 7 (or maybe -7).

For all equations of degree 4 or smaller, you can always work backwards, and retrieve the original x.  But from degree 5 on upwards, people have proved, notably the mathematician Niels Henrik Abel Abel of Sweden, I believe, now dead of Tuberculosis around 1829, actually proved that there is at least one equation of every degree higher than degree four, that cannot be solved.  This means that we can create a formula such that if a number is put into the formula we have a definite result, but based on the result, the original number cannot be figured out.

So suppose you are asked to create a password for a new bank account, or a new e-mail service, or whatever.  You make a lovely password such as hold me kangaroo down, sport, or something like that, and they
(1) convert the whole password into a set of numbers.  This is not hard, because every symbol you can type on your keyboard is already a number.  ("a" is 97, "b" is 98, and so on.)
(2) they run each of these numbers through a formula, obviously of degree greater than 5.  This creates a new set of numbers, which they carefully store.  Now you have a password.
(3) Every time you enter your password, wherever you are, they run that through the same formula, and check the results.  Of course, they resulting number must match up with the numbers they have stored as "your password", though they can’t actually tell what the original password was.  But they can usually tell if somebody enters the wrong password.

The only reason I qualified the last sentence with “usually” is because they can use a formula for which two different x values could give you the same y value.  The likelihood of this could be very tiny indeed.  The chances that your entire password and a completely different word or phrase is converted into the same list of number is almost inconceivably small.

This also means that you could enter an obscene phrase as your password.  The computer systems should not be actually checking your password against a list of naughty words, because that really does compromise the security of the password system.  But a lot of password systems are managed by rank amateurs, so they could be looking at your passwords as they are created —with the best of intentions— to see whether you’re using an obscene phrase.  They really shouldn’t.  Checking to see whether your password has an uppercase letter, a number, a symbol, and Kim Kardashian’s middle initial, is probably OK.  But I wish they would get off that whole kick.

Arch

“”—‘’