Forgot your password?
typodupeerror

+ - New Scheme Makes it Impossible to Hack Individual Passwords -> 2

Submitted by Anonymous Coward
An anonymous reader writes "Researchers at NYU Polytechnic School of Engineering have devised a new scheme called PolyPassHash for storing password hash data so that passwords cannot be individually cracked by an attacker. Instead of a password hash being stored directly in the database, the information is used to encode a share in a Shamir Secret Store. Without recovering a threshold of shares, the attacker cannot crack passwords. The solution is fast, easy to implement (with C and Python implementations available), requires no changes to clients, and makes a huge difference in practice. For example, three random 6 character passwords that are stored using standard salted secure hash can be cracked by a laptop in an hour. With a PolyPassHash store, it would take every computer on the planet longer to crack these passwords than the universe is estimated to exist."
Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

New Scheme Makes it Impossible to Hack Individual Passwords

Comments Filter:

Mr. Cole's Axiom: The sum of the intelligence on the planet is a constant; the population is growing.

Working...