We present Knock Yourself Out (KYO), a password generator that enables secure
authentication against a computationally unbounded adversary. Master passwords
can be surprisingly short and may be re-used for multiple service accounts
even in the event of client compromises and multiple server compromises. At
the same time, KYO is transparent to service operators and backwards-
compatible. Master passwords are fully client-manageable while secrets shared
with service operators can be kept constant. Likewise, secrets can be changed
without having to change one’s passwords. KYO does not rely on collision-
resistant hash functions and can be implemented with fast non-cryptographic
hash functions. We detail the design of KYO and we analyze its security
mathematically in a random hash function model. In our empirical evaluation we
find that KYO remains secure even if small sets of hash functions are used
instead, in other words, KYO requires minimal storage and is highly practical
