Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - New Scheme Makes it Impossible to Hack Individual Passwords (github.com) 2

An anonymous reader writes: Researchers at NYU Polytechnic School of Engineering have devised a new scheme called PolyPassHash for storing password hash data so that passwords cannot be individually cracked by an attacker. Instead of a password hash being stored directly in the database, the information is used to encode a share in a Shamir Secret Store. Without recovering a threshold of shares, the attacker cannot crack passwords. The solution is fast, easy to implement (with C and Python implementations available), requires no changes to clients, and makes a huge difference in practice. For example, three random 6 character passwords that are stored using standard salted secure hash can be cracked by a laptop in an hour. With a PolyPassHash store, it would take every computer on the planet longer to crack these passwords than the universe is estimated to exist.
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

New Scheme Makes it Impossible to Hack Individual Passwords

Comments Filter:

In every hierarchy the cream rises until it sours. -- Dr. Laurence J. Peter

Working...