Password is commonly used to protect Bitcoin wallet, the most known application of blockchain. In this paper, we investigate a subtle issue when forgetting password: The account owner uses guessed passwords during the authentication with a service provider. This is different from password guessing by cyber attackers, because passwords guessed by the account owner are (most likely) his/her passwords (or their minor variations) registered with other service providers. Thus, the confidentiality of incorrect passwords in unsuccessful authentication needs protection. To capture this security requirement, we define two security goals: Indistinguishability of Incorrect Passwords (IND-PW) and Unextractablility of Incorrect Passwords (UNE-PW). Our analysis shows that: (1) IND-PW is NOT achievable if password is the only authentication credential of the client, and (2) Two common authentication methods in online services, Basic and Digest Access Authentication (in conjunction with SSL), CANNOT provide UNE-PW.

密码通常用于保护比特币钱包，这是区块链最著名的应用。在本文中，我们调查了忘记密码时的一个细微问题：帐户所有者在与服务提供商进行身份验证期间使用了猜测的密码。这与网络攻击者的密码猜测不同，因为帐户所有者所猜测的密码（很可能是）他/她的密码（或它们的较小变化）在其他服务提供商中注册。因此，不成功的身份验证中不正确密码的机密性需要保护。为了捕获此安全要求，我们定义了两个安全目标：不正确密码的不可区分性（IND-PW）和不正确密码的不可解构性（UNE-PW）。我们的分析表明：