Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Submission + - New Scheme Makes it Impossible to Hack Individual Passwords (github.com) 2

An anonymous reader writes: Researchers at NYU Polytechnic School of Engineering have devised a new scheme called PolyPassHash for storing password hash data so that passwords cannot be individually cracked by an attacker. Instead of a password hash being stored directly in the database, the information is used to encode a share in a Shamir Secret Store. Without recovering a threshold of shares, the attacker cannot crack passwords. The solution is fast, easy to implement (with C and Python implementations available), requires no changes to clients, and makes a huge difference in practice. For example, three random 6 character passwords that are stored using standard salted secure hash can be cracked by a laptop in an hour. With a PolyPassHash store, it would take every computer on the planet longer to crack these passwords than the universe is estimated to exist.
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

New Scheme Makes it Impossible to Hack Individual Passwords

Comments Filter:

CChheecckk yyoouurr dduupplleexx sswwiittcchh..

Working...