To make this easier to memorize and more secure, you could have there be a much larger number of KHs. Their job is to be KHs; their identities are kept secret even from each other. Each KH has a certain property about the person’s password that they learn- e.g. its length, the number of vowels, the number of times the letter “a” appears minus the number of times a letter appears, etc. However, they don’t know the password itself; they only know the person’s answer to the question. When a person wants to be released, a certain number of KH’s, randomly selected, large enough that correct guesses or collaboration is unlikely, and all wearing hoods, are summoned to the person’s cell to figure out their identity.
You’d need to ensure that, following an incorrect guess, the same KH isn’t used again- or that the innocent person picks a new password. (Propagating password changes would be terrible- it would make sense to have very severe punishments for claiming to be another person. The first time would be standard jail processing- everybody innocent would need to go down a line of KH’s and tell them their name and the answer. This also highlights the main weakness of any possible system- the need to have verified who is who when dealing with the initial passwords, since criminals would presumably immediately go to sleep following crimes, or claim to have just woken up.)
To make this easier to memorize and more secure, you could have there be a much larger number of KHs. Their job is to be KHs; their identities are kept secret even from each other. Each KH has a certain property about the person’s password that they learn- e.g. its length, the number of vowels, the number of times the letter “a” appears minus the number of times a letter appears, etc. However, they don’t know the password itself; they only know the person’s answer to the question. When a person wants to be released, a certain number of KH’s, randomly selected, large enough that correct guesses or collaboration is unlikely, and all wearing hoods, are summoned to the person’s cell to figure out their identity.
You’d need to ensure that, following an incorrect guess, the same KH isn’t used again- or that the innocent person picks a new password. (Propagating password changes would be terrible- it would make sense to have very severe punishments for claiming to be another person. The first time would be standard jail processing- everybody innocent would need to go down a line of KH’s and tell them their name and the answer. This also highlights the main weakness of any possible system- the need to have verified who is who when dealing with the initial passwords, since criminals would presumably immediately go to sleep following crimes, or claim to have just woken up.)