Send email Copy Email Address

Row your Boat

The "Crack the password" demonstrator, developed in September 2023, challenges people aged between seven and sixty to replace the computing power of an attacking computer with their own muscle power on a rowing machine.

TYPE
Live Demo

TOPIC
Password security

YEAR
2023

SOFTWARE
JetBrains, Java, Figma, Adobe Photoshop, Adobe Illustration, Adobe InDesign, Scrivener, Statista

HARDWARE
Standard PC, Big Screen / TV, Waterrower

SKILLS
Java Software Development, Web Development, Software Design, UI/UX Design, Communication Design, Storytelling

INFORMATION FOR USERS

Yushun Zhao, user interface and user experience designer in the Scientific Engineering department, now Product Labs, cheers on a child on the rowing machine. Taken at the "Cispa♥️IGB" event on the premises of the "Alte Schmelz" in St. Ingbert in September 2023.

Passwords have been used since ancient times. And in the 1950s at the Massachusetts Institute of Technology (MIT), American computer scientist Fernando Corbato developed them even further to protect our digital data from prying eyes. In spite of this, many people in Germany still use them incorrectly.

The majority disregard the basic rule of password security: the longer (and more complex) a password is, the more secure it is! This is because the attacker needs more computing power to find the correct password among the possible variants.

In this demonstrator, participants have to row their own boats. The power they generate with their own muscles is compared to the computing power that would be required to crack the respective password.

HOW DOES THIS DEMONSTRATION WORK?

  1. The participant sits down on the rowing machine.
  2. As soon as they start to row, the rower on the screen in front of them begins to move.
  3. The position of the rower on the screen indicates which password is being cracked by muscle power. Already cracked passwords are displayed to the left of the rower and are no longer shielded from prying eyes.
  4. The rowing comes to en end after a distance of 436 meters. Most participants finish in about two minutes, with the record being one minute and ten seconds.
  5. Time and placement on the leaderboard will be displayed immediately after the race.
  6. Another screen provides information on how long it takes to crack passwords of various character lengths and complexities, and which passwords are therefore considered "secure", "reasonably secure" and "insecure".

WHAT MAKES THIS DEMONSTRATOR SO SPECIAL? 

The security of passwords and the computing power required to crack them are abstract quantities. At the same time, they are very importance because they protect valuable data and private secrets. This demonstrator aims to make this tangible. In their (muscle) memory, participants store the following information: Certain types of passwords are so easy to crack that not only minimal computing power but also very little muscle power is required. This is why we need to use better passwords to keep our data safe.

MORE INFORMATION

In this episode of our podcast "TL;DR", CISPA-Faculty Sven Bugiel talks about strong passwords and password managers.

LISTEN IN