Password Security

I'm always troubled by those services where they send me my password when I use the "forgot my password" option. This means that they store my password in plain text in their database!!!!

The proper way to store passwords are to store cryptographic hashes of these passwords. This should be used with a salt to avoid a simple dictionary attack when the password is a commonly used one. However it is interesting to see the analysis here, where it shows how easy it is to attack this setup (Even with hashing the password recursively 1000 time makes it possible to obtain a known password in 10 hours).

This shows that the means of making this current system stronger are :
- Use longer/random pass phrases (pwgen)
- Add more computation overhead such that it cannot be parallelized.

This made me think: What if we have a hardware device attached to the system that is carrying out the password authentication with has the following properties:
- This device provides a deterministic function F : {0,1}* -> {0,1}*.
- F() can never be duplicated!

Using such a function we can improve the above system as follows:
Salt : s
Password : p
Cryptographic hash function : H
Password hash value to be stored in the database along with the salt s : h

h = H(F(s) + p)

With this approach, someone who steals the a password hash and the salt value, also will have to physically steal the machine (Assuming the F() is embedded in the machine) to be able to figure out the password!

NOTE:
This is motivated by my very introductory knowledge of PUFs. Maybe a PUF implementation can be used to do this. A quick search showed a lot of results that there has already been considerable amount of research work done in this area.