Honeywords provide additional password security
Corporate data breaches seem to be on the rise, rarely a week passes without a company revealing that its database has been hacked and regrettably usernames, passwords, credit card details and its customers’ personal information has been leaked on to the open internet. A new protection, nicknamed Phoney, is reported in the International Journal of Embedded Systems.
Rong Wang, Hao Chen and Jianhua of Sun College of Computer Science and Electronic Engineering, Hunan University, Changsha, China, explain that once password files have been stolen, attackers can quickly crack large numbers of passwords. With their “Phoney” system which employs a threshold cryptosystem to encrypt the password hashes in the password file and honeywords to confuse attackers, even if the hackers have comprised a database, the phoney, honeywords, obfuscate and camouflage the genuine passwords. Moreover, if those honeywords are de-hashed and used in a login attempt, the hacked system will know to immediately block the fake user and lock down the account they tried to break into.
Until a secure and safe alternative is found, passwords will remain the simplest and most effective way to login to online systems, such as shopping, banking and social media sites. Passwords lists stored by the providers can be salted and hashed to make it harder for hackers to decrypt them and users can help themselves by using long, sophisticated passwords. However, the hash used to mask a password database can itself be cracked and breaches happen and data is inevitably compromised. For example, recently 6.5 million logins from a major social networking site were stolen and within a week almost two-thirds of those passwords had been cracked making a large proportion of the user base vulnerable to further exploitation and compromise of their personal data.
The team explains that, “Phoney is helpful to existing password authentication systems and easy to deploy. It requires no modifications to the client, and just changes how the password is stored on the server, which is invisible to the client.” They have carried out tests and show that the time and storage costs are acceptable. “Of course, it is impossible for Phoney to guarantee no password leak absolutely in all possible scenarios,” they say. But the so-called cracking ‘search space’, in other words the amount of effort a hacker needs to breach the data is increased significantly.
Learn more: Phoney protection for passwords
The Latest on: Cryptosystem
via Google News
The Latest on: Cryptosystem
- Cyber Security - the need of the hour on April 15, 2019 at 7:43 pm
To secure a computer system ,it is important to understand the attacks that can be made against it, and these threats can typically classified as (i) Backdoor in computer system ,a cryptosystem or an ... […]
- Cryptosystem Features on March 17, 2019 at 3:45 pm
[Writers Note: This is taken from the slides for CISSP-Certified Information Systems Security Professional course on Udemy. Italicized text and images are content I have added. The rest can be found ... […]
- Launch of ETH777 Cryptosystem, Powered by Smart Contracts Ensures A United Cryptosystem of the Future With Direct, Untraceable Daily Payments on February 4, 2019 at 10:53 am
The Innovative Blockchain Ethereum Cryptosystem Offers Secure investments with Convenient Access, Escalating the Value of Your Tokens. ETH777 Cryptosystem is a smart and unified network that offers ... […]
- An asymmetric hybrid cryptosystem using equal modulus and random decomposition in hybrid transform domain on January 31, 2019 at 4:00 pm
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations. In this paper, an asymmetric hybrid cryptosystem with coherent superposition, ... […]
- Comparative Study of Hyperelliptic Curve Cryptosystem over Prime Field and Its Survey on October 4, 2018 at 4:33 pm
Public key cryptography is the famous cryptography technique used in many corporate sectors for developing software to provide security services. Hyper-Elliptic Curve Cryptosystem (HECC) is one of the ... […]
- NEC tops 100km with quantum cryptosystem on July 2, 2018 at 1:00 am
NEC, the Telecommunications Advancement Organization of Japan (TAO) and Japan Science and Technology have tested a quantum cryptography system with a distance between transmitter and receiver of more ... […]
- Universal fixed messages and the Rivest-Shamir-Adleman cryptosystem on June 16, 2018 at 8:06 pm
To send this article to your Kindle, first ensure [email protected] is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and ... […]
- Enhancing security of incoherent optical cryptosystem by a simple position-multiplexing technique and ultra-broadband illumination on December 19, 2017 at 4:00 pm
A position-multiplexing technique with ultra-broadband illumination is proposed to enhance the information security of an incoherent optical cryptosystem. This simplified optical encryption system ... […]
- Encryption in a post-quantum world on October 12, 2017 at 3:35 am
This means that a buyer of encryption products faces two choices: a) Purchase a cryptosystem that is long-term secure. Only a minority of systems currently meet this requirement. They can be easily ... […]
- A Secure Cryptosystem Using the Decimal Expansion of an Irrational Number on October 9, 2017 at 3:40 pm
Network communication is one of the most valuable and priceless assets in the world today. In many cases, the exchanged bits of information need to be secured and hence security of these bits plays a ... […]
via Bing News