Communications of the ACM
To Keep Passwords Safe From Hackers, Just Break Them Into Bits
RSA's distributed credential protection involves breaking a password into many small pieces and storing half of them in one place and the rest in another.
Credit: Maximilian Bode
RSA researchers have developed a system that splits passwords in two and stores each half in different locations. The two halves never come together, even when the user logs in and verifies the password, which should make it harder for cybercriminals to steal them because they would need to break into both servers.
The technique, known as distributed credential protection, involves breaking a password into many small pieces and storing half of them in one place and the rest in another. When a user logs into a system using distributed credential protection, the password is split into two encrypted strings of data. Each string is then sent to one of the two password servers, where it is combined with the half of the password stored on that server to create a new string. The two servers then compare the two new strings to determine whether the password is correct or not.
RSA's approach is a version of threshold cryptography. "The concept is not new, but this would be the first time that it is deployed to the general public," says Stanford University professor Dan Boneh.
From Technology Review
View Full Article
Abstracts Copyright © 2012 Information Inc., Bethesda, Maryland, USA
No entries found