Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

+ - New Scheme Makes it Impossible to Hack Individual Passwords -> 2

Submitted by Anonymous Coward
An anonymous reader writes "Researchers at NYU Polytechnic School of Engineering have devised a new scheme called PolyPassHash for storing password hash data so that passwords cannot be individually cracked by an attacker. Instead of a password hash being stored directly in the database, the information is used to encode a share in a Shamir Secret Store. Without recovering a threshold of shares, the attacker cannot crack passwords. The solution is fast, easy to implement (with C and Python implementations available), requires no changes to clients, and makes a huge difference in practice. For example, three random 6 character passwords that are stored using standard salted secure hash can be cracked by a laptop in an hour. With a PolyPassHash store, it would take every computer on the planet longer to crack these passwords than the universe is estimated to exist."
Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

New Scheme Makes it Impossible to Hack Individual Passwords

Comments Filter:

When the weight of the paperwork equals the weight of the plane, the plane will fly. -- Donald Douglas

Working...