Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Submission + - New Scheme Makes it Impossible to Hack Individual Passwords (github.com) 2

An anonymous reader writes: Researchers at NYU Polytechnic School of Engineering have devised a new scheme called PolyPassHash for storing password hash data so that passwords cannot be individually cracked by an attacker. Instead of a password hash being stored directly in the database, the information is used to encode a share in a Shamir Secret Store. Without recovering a threshold of shares, the attacker cannot crack passwords. The solution is fast, easy to implement (with C and Python implementations available), requires no changes to clients, and makes a huge difference in practice. For example, three random 6 character passwords that are stored using standard salted secure hash can be cracked by a laptop in an hour. With a PolyPassHash store, it would take every computer on the planet longer to crack these passwords than the universe is estimated to exist.
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

New Scheme Makes it Impossible to Hack Individual Passwords

Comments Filter:

Comparing information and knowledge is like asking whether the fatness of a pig is more or less green than the designated hitter rule." -- David Guaspari

Working...