Honeywords provide additional password security
Corporate data breaches seem to be on the rise, rarely a week passes without a company revealing that its database has been hacked and regrettably usernames, passwords, credit card details and its customers’ personal information has been leaked on to the open internet. A new protection, nicknamed Phoney, is reported in the International Journal of Embedded Systems.
Rong Wang, Hao Chen and Jianhua of Sun College of Computer Science and Electronic Engineering, Hunan University, Changsha, China, explain that once password files have been stolen, attackers can quickly crack large numbers of passwords. With their “Phoney” system which employs a threshold cryptosystem to encrypt the password hashes in the password file and honeywords to confuse attackers, even if the hackers have comprised a database, the phoney, honeywords, obfuscate and camouflage the genuine passwords. Moreover, if those honeywords are de-hashed and used in a login attempt, the hacked system will know to immediately block the fake user and lock down the account they tried to break into.
Until a secure and safe alternative is found, passwords will remain the simplest and most effective way to login to online systems, such as shopping, banking and social media sites. Passwords lists stored by the providers can be salted and hashed to make it harder for hackers to decrypt them and users can help themselves by using long, sophisticated passwords. However, the hash used to mask a password database can itself be cracked and breaches happen and data is inevitably compromised. For example, recently 6.5 million logins from a major social networking site were stolen and within a week almost two-thirds of those passwords had been cracked making a large proportion of the user base vulnerable to further exploitation and compromise of their personal data.
The team explains that, “Phoney is helpful to existing password authentication systems and easy to deploy. It requires no modifications to the client, and just changes how the password is stored on the server, which is invisible to the client.” They have carried out tests and show that the time and storage costs are acceptable. “Of course, it is impossible for Phoney to guarantee no password leak absolutely in all possible scenarios,” they say. But the so-called cracking ‘search space’, in other words the amount of effort a hacker needs to breach the data is increased significantly.
Learn more: Phoney protection for passwords
The Latest on: Cryptosystem
[google_news title=”” keyword=”cryptosystem” num_posts=”10″ blurb_length=”0″ show_thumb=”left”]
via Google News
The Latest on: Cryptosystem
- Akira's Devastating $42 Million Ransomware Blitzon April 22, 2024 at 10:34 am
Ransomware assaults have become more frequent and dangerous in the digital sphere in recent years, with Akira ransomware emerging as a severe threat. Akira, which was founded in March 2023, has ...
- Math Puzzles Newson April 19, 2024 at 4:59 pm
Mar. 18, 2024 — The traveling salesman problem is considered a prime example of a combinatorial optimization problem. Now a team has shown that a certain class of such problems can actually be ...
- Quantum Cryptography Market CAGR of 38.2%, Overview, Size, Share, Trends, Demand, Research, and Forecast to 2024 to 2032on April 19, 2024 at 6:33 am
Request To Download Free Sample of This Strategic Report @- https://reportocean.com/industry-verticals/sample-request?report_id=bw1072 It includes encoding and ...
- Mathematics of Public Key Cryptographyon April 17, 2024 at 1:38 am
Elia, Michele and Schipani, Davide 2013. On the Rabin Signature. Journal of Discrete Mathematical Sciences and Cryptography, Vol. 16, Issue. 6, p. 367.
- SoftBank uses SandboxAQ’s AQtive Guard to identify undetected security vulnerabilitieson April 12, 2024 at 2:00 am
SandboxAQ has confirmed the successful deployment of its AQtive Guard cryptography management platform by the Advanced Research Group of SoftBank. As part of the validation process, SoftBank leveraged ...
- Microsoft-blasting CSRB report offers roadmap for better cloud securityon April 10, 2024 at 1:00 pm
The Cyber Safety Review Board’s report slammed Microsoft's security practices over 2023 intrusion but also delivered a wealth of recommendations crucial for cloud service providers.
- What is the quantum apocalypse?on February 3, 2022 at 3:27 am
Cybersecurity experts have been warning of something called the "quantum apocalypse" – the point when quantum computers become a reality and render most methods of internet encryption useless.
- The Quest For Digital Cashon October 12, 2021 at 5:00 pm
The paper described how citizens could encrypt and send digital messages without fear of snooping governments or corporations figuring out the contents: “In a public-key cryptosystem enciphering and ...
- Op Ed: Quantum Computing, Crypto Agility and Future Readinesson December 9, 2019 at 4:00 pm
There are two main aspects to crypto agility. The first is how easily it is possible to change code so that one cryptosystem is replaced with another. The more the specific structure of the ...
- Security and the Basics of Encryption in E-Commerceon September 19, 2016 at 5:08 am
The basic means of encrypting data involves a symmetric cryptosystem. The same key is used to encrypt and to decrypt data. Think about a regular, garden-variety code, which has only one key: two kids ...
via Bing News