Honeywords provide additional password security
Corporate data breaches seem to be on the rise, rarely a week passes without a company revealing that its database has been hacked and regrettably usernames, passwords, credit card details and its customers’ personal information has been leaked on to the open internet. A new protection, nicknamed Phoney, is reported in the International Journal of Embedded Systems.
Rong Wang, Hao Chen and Jianhua of Sun College of Computer Science and Electronic Engineering, Hunan University, Changsha, China, explain that once password files have been stolen, attackers can quickly crack large numbers of passwords. With their “Phoney” system which employs a threshold cryptosystem to encrypt the password hashes in the password file and honeywords to confuse attackers, even if the hackers have comprised a database, the phoney, honeywords, obfuscate and camouflage the genuine passwords. Moreover, if those honeywords are de-hashed and used in a login attempt, the hacked system will know to immediately block the fake user and lock down the account they tried to break into.
Until a secure and safe alternative is found, passwords will remain the simplest and most effective way to login to online systems, such as shopping, banking and social media sites. Passwords lists stored by the providers can be salted and hashed to make it harder for hackers to decrypt them and users can help themselves by using long, sophisticated passwords. However, the hash used to mask a password database can itself be cracked and breaches happen and data is inevitably compromised. For example, recently 6.5 million logins from a major social networking site were stolen and within a week almost two-thirds of those passwords had been cracked making a large proportion of the user base vulnerable to further exploitation and compromise of their personal data.
The team explains that, “Phoney is helpful to existing password authentication systems and easy to deploy. It requires no modifications to the client, and just changes how the password is stored on the server, which is invisible to the client.” They have carried out tests and show that the time and storage costs are acceptable. “Of course, it is impossible for Phoney to guarantee no password leak absolutely in all possible scenarios,” they say. But the so-called cracking ‘search space’, in other words the amount of effort a hacker needs to breach the data is increased significantly.
Learn more: Phoney protection for passwords
The Latest on: Cryptosystem
via Google News
The Latest on: Cryptosystem
- Enterprise Key Management Market Next Big Thing | Major Giants Amazon, Cipher cloud, Gemaltoon November 25, 2020 at 2:27 am
Enterprise key management secures the Cryptosystem including exchange, storage and use of encryption as well as decryption keys. There are multiple types of keys which are used on the basis of ...
- Tried and trusted: How Entrust is developing game-changing tech to secure digital enterpriseson November 25, 2020 at 12:06 am
In an exclusive interview with ITP.net, Kieran Hernon, Regional Vice President, Entrust EMEA, discusses the company’s brand revamp and why identity management and data protection solutions are key to ...
- Homomorphic Encryption Market Report 2020:Share and Size, Expected CAGR, Analysis across the Region and Globe, Opportunities and Growth till 2023on November 22, 2020 at 8:10 pm
The Homomorphic Encryption Market is estimated to record a significant growth throughout the forecast period. The ...
- Monash University Malaysia investing in world-class researchon November 5, 2020 at 4:22 pm
a secure set of algorithms that can be incorporated into any biometric cryptosystem. The bio-PIN has an extra layer of encryption that protects the raw biometric data. With biometric data playing ...
- Wondershare FamiSafe: an essential suite of must-have parental control utilitieson November 5, 2020 at 3:46 am
2. Security and privacy – the app suggests it uses the RSA public-key RSA cryptosystem for data transmission to keep the personal data of the users private and secure. 3. Customer support ...
- Homomorphic Encryption Market - Industry Insights By Growth, Emerging Trends And Forecast By 2023on October 29, 2020 at 4:47 am
Such situations can be a threat to the homomorphic cryptosystem used in the banking and finance sector. Hence, vulnerability to malware could be a challenging factor over the next few years.
- Input Inclusive Cryptosystem for Information Sharingon November 11, 2017 at 7:04 am
In cloud computing, data sharing is the important functionality. Secure distributed data storage was developed to reduce the burden of data owner from managing numerous files, by transferring the ...
- Key Management in Public Key Cryptosystemon March 15, 2017 at 11:04 pm
In this paper, the authors present a survey on Key Management in Public Key Cryptosystem. This discussion is centered on overview of distribution of public and secret keys in public key cryptography.
- TCSD_WIN32. EXE Informationon December 4, 2016 at 11:19 pm
This is a valid program, but it is up to you whether or not you want it to run on startup. Whether or not you need to run this program on startup must be decided by you. If you feel that you want ...
- Security and the Basics of Encryption in E-Commerceon April 24, 2016 at 3:16 pm
The basic means of encrypting data involves a symmetric cryptosystem. The same key is used to encrypt and to decrypt data. Think about a regular, garden-variety code, which has only one key: two kids ...
via Bing News