Honeywords provide additional password security
Corporate data breaches seem to be on the rise, rarely a week passes without a company revealing that its database has been hacked and regrettably usernames, passwords, credit card details and its customers’ personal information has been leaked on to the open internet. A new protection, nicknamed Phoney, is reported in the International Journal of Embedded Systems.
Rong Wang, Hao Chen and Jianhua of Sun College of Computer Science and Electronic Engineering, Hunan University, Changsha, China, explain that once password files have been stolen, attackers can quickly crack large numbers of passwords. With their “Phoney” system which employs a threshold cryptosystem to encrypt the password hashes in the password file and honeywords to confuse attackers, even if the hackers have comprised a database, the phoney, honeywords, obfuscate and camouflage the genuine passwords. Moreover, if those honeywords are de-hashed and used in a login attempt, the hacked system will know to immediately block the fake user and lock down the account they tried to break into.
Until a secure and safe alternative is found, passwords will remain the simplest and most effective way to login to online systems, such as shopping, banking and social media sites. Passwords lists stored by the providers can be salted and hashed to make it harder for hackers to decrypt them and users can help themselves by using long, sophisticated passwords. However, the hash used to mask a password database can itself be cracked and breaches happen and data is inevitably compromised. For example, recently 6.5 million logins from a major social networking site were stolen and within a week almost two-thirds of those passwords had been cracked making a large proportion of the user base vulnerable to further exploitation and compromise of their personal data.
The team explains that, “Phoney is helpful to existing password authentication systems and easy to deploy. It requires no modifications to the client, and just changes how the password is stored on the server, which is invisible to the client.” They have carried out tests and show that the time and storage costs are acceptable. “Of course, it is impossible for Phoney to guarantee no password leak absolutely in all possible scenarios,” they say. But the so-called cracking ‘search space’, in other words the amount of effort a hacker needs to breach the data is increased significantly.
Learn more: Phoney protection for passwords
The Latest on: Cryptosystem
via Google News
The Latest on: Cryptosystem
- Why trusted execution environments will be integral to proof-of-stake blockchainson June 25, 2022 at 8:10 pm
While the core philosophy of blockchains is trustlessness, trusted execution environments can be integral to proof-of-stake blockchains.
- Is your arts org crypto-ready?on June 16, 2022 at 5:37 pm
Cryptocurrency has the potential to open up a new world of philanthropy, here are some key considerations for arts organisations.
- The crypto crash and the future of bitcoin — 3 perspectives from an economist, a researcher, and an investoron May 25, 2022 at 9:25 am
Sandner said the collapse resulted from numerous overvaluations and inflated token prices, which he referred to as "almost monstrous structures" that have emerged in the cryptosystem. But it's not ...
- Elite Token announces NFT Drop and cross-platform metaverse game 'Runiverse'on May 25, 2022 at 12:38 am
Cryptosystem for mobile content revolution Elite token today announced the NFT Drop and the beta version of the Runiverse, a cross-metaverse gaming platform where users can challenge other players ...
- RSA Public Key Cryptography Exponentiation Acceleratoron May 24, 2022 at 4:59 pm
The modular exponentiation accelerator IPX-RSA is an efficient arithmetic coprocessor for the RSA public-key cryptosystem. It performs the Ae mod M calculation and therefore offloads the most computer ...
- Will Metaverse Crypto-Market Races Replace Horse Betting?on May 24, 2022 at 9:42 am
Cryptosystem for mobile content revolution Elite token on Tuesday announced the NFT Drop and the beta version of the Runiverse, a cross-metaverse gaming platform where users can challenge other ...
- The quantum menace: Quantum computing and cryptographyon May 24, 2022 at 12:15 am
If you are familiar with asymmetric cryptosystem algorithms like Diffie-Hellman and RSA, you know that they rely on the difficulty of solving factors for large numbers. But what happens if quantum ...
- Pseudorandomness and Cryptographic Applicationson June 17, 2021 at 7:41 pm
One immediate application of a pseudorandom generator is the construction of a private key cryptosystem that is secure against chosen plaintext attack. There do not seem to be natural examples of ...
via Bing News