This post is about a clever method to identify master masons, and why it works so well. While Master Masons may recognize similarities to Freemasonry today, no secrets are given away.
Imagine that you are a medieval “freemason” named Aldus. A skilled worker who is able to travel in foreign countries, work and receive master’s wages. You’ve completed a project in your village, and it’s time to move to where the work is. Your contacts tell you there is a castle being built one country over, outside of a town, that could keep you busy for 2 years.
There are no resumes. No phone calls, and no LinkedIn. You’re going to walk hundreds of miles across borders to find that building site. Once you’re there, people who do not know you are going to need to verify that you are a master mason. They won’t be able to check your references.
Time passes, and after the journey is done, tomorrow you will meet the new supervising master mason on the job, whose name is Bate. You need a way of proving who you are, face to face, when you meet the other masons there. How are you going to pull this off?
A secret word that only you and other people in your group know could help. Let’s say, for this fictional example, that the password is “watermill“. That’s 3 syllables: wah – ter – mill.
When Aldus meets Bate, he can’t just blurt out watermill to prove his bona fides. Aldus doesn’t know that Bate is who he says he is. Bate needs to prove he is a master mason as much the other way around.
This is complicated. Both people need to give the word, without giving the word away to the other person, who isn’t proven yet. How are we going to solve this?
Let’s Play a Game
It starts with a syllable as a question
Bate gives Aldus a syllable, but won’t give away the whole thing. He says the sound “ter”. There are many words with this sound. Water, turf, waiter, turbulence, and so on – all have the “ter” sound. Bate hasn’t really given away anything.
The answer is another syllable
Aldus now has to answer with another syllable. If Aldus is faking and doesn’t really know the word, he might answer wrong. For example: if Bate says “tur” and Aldus says “wai” (as in “waiter”) then Bate knows Aldus is faking.
Bate has made a trap to catch cowans and fakers. The trap does not apply to actual master masons, who easily pass through it.
Aldus answers with the final syllable “mill”. Still, the whole word isn’t out there, and Aldus hasn’t given much away. There are still many words and phrases that contain “mill” and “ter”. Aldus has made the same trap for Bate. For example, the password could be “terminal” or many others, that contain both the “ter” and the “mill” sounds. If Bate blurts out “terminal” – it would make sense based on what’s come up until this point, but it would enable Aldus to know Bate is a faker.
What’s happening here?
We’ve taken a word “watermill” and we’ve broken it into 3 pieces “wah”, “ter”, “mill” and we have 2 people, each of whom is leading the other down the garden path. They can distrust one another while they are speaking the syllables, because neither is giving the word away. Each provides opportunities for the other to make a mistake and prove themselves a faker.
It’s a pretty ingenious system for something so simple. By the end of the game, both parties have given the full password, without actually saying it, and should have confidence that the other knows it as well.
Why this works so well
Imagine a medieval cowan, or for example a Fellowcraft who has been suspended or expelled comes into town and approaches Bate for a job. Such a person might know the protocol and syllable game, and know how it is played – but not know the word. Because opportunities for mistakes are built in, knowing how the security system works doesn’t help you get around it or cheat it.
Good locks work, even when the attacker knows how the lock works.
Not so fast
The fly in the ointment here is that different jurisdictions might play the game in a different syllable order. This is going to present some challenges for Aldus when he meets Bate.
And so a word might not be quite enough, because playing the game might get awkward if each person knows the rules slightly differently. It would be helpful if they could greet each other in a way that adds authenticity to this. Maybe while playing “the syllable game” they could shake hands in a certain way. Or maybe it would be best if Aldus brought a letter with him from his lodge, and could also ask to inspect Bate’s lodge charter. Remember it isn’t just about Aldus proving himself: Bate needs to prove himself too, and both sides need multiple “proofs”. Maybe they should do all of those things if they can – use a password, a handshake, and a letter all at the same time.
Bringing it into Today
Here in 2020, when we try to build secure computer systems, we’re doing all of the same things as the medieval masonic guilds were doing, we’re just doing it with computers. To log into a computer, sometimes you need 2 pieces of information (a password, and a security question for password resets, for example).
There are 3 kinds of tokens that you can have to prove your access rights, whether to a computer account, or to the status of master mason.
- Something you know; such as a password, a phrase.
- Something you are; such as a physical description (man with brown hair, brown eyes, about 6 feet tall), or a biometric, like a fingerprint.
- Something you have; like a letter, or a physical key
Whenever more than one thing is needed to prove yourself, that’s multi-factor authentication. In the case of Aldus and his travel to Bate’s worksite, he probably needs at least a handshake and a word, both “something he knows”. He might also require traveling papers from his local guild (something he has). That’s multi-factor authentication.
Passwords can be illegitimately revealed. Handshakes given away, and letters forged. But the point is that the more “factors” are stacked on top of one another, the harder it is to gain inappropriate access.