Keeping Passwords Safe From Cracking

verayo-2.jpg

A group of researchers from Purdue University in Indiana have come up with an effective and easy-to-implement solution for protecting passwords from attackers.

These days, passwords are rarely stored in plain-text format – they are usually hashed and less often, salted so that attackers might find it impossible or simply too time-consuming to try and crack them.

Also, as users repeatedly use the same short, weak and easy-to-guess passwords, attackers can use password-cracking software that calls on lists of password hashes that have already been calculated for passwords that have been leaked in the past.

The researchers’ aim is to make cracking of stored password hashes both detectable and insuperable.

“We utilize a machine-dependent function, such as a physically unclonable function (PUF) or a hardware security module (HSM) at the authentication server,” they explained, adding that the scheme can be easily integrated with legacy systems without the need of any additional servers, changing the structure of the hashed password file or any client modifications.

“When using the scheme the structure of the hashed passwords file will appear no different than in the traditional scheme. However, when an attacker exfiltrates the hashed passwords file and tries to crack it, the only passwords he will get are the Ersatz Passwords — the ‘fake passwords’.”

Setting up an alarm that will be triggered by login attempts using these Ersatz Passwords will also make organizations aware of the fact that the password file has somehow been compromised, and that someone is trying to access a user account.

Adeptis:

« Hacker’s Into Commercial Airline Systems
Review of Organised Cyber Crime »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Arcitura Education

Arcitura Education

Arcitura is a leading global provider of progressive, vendor-neutral IT training and certification programs.

Asavie

Asavie

Asavie provide solutions for Enterprise Mobility Management and secure IoT Connectivity.

Information Commissioner's Office (ICO)

Information Commissioner's Office (ICO)

The Information Commissioner's Office is an independent authority set up to uphold information rights in the public interest.

DataVantage

DataVantage

DataVantage data masking and data management software helps you prevent data breaches, pass compliance audits and meet regulatory requirements such as HIPAA and PCI DSS.

Vitrociset

Vitrociset

Vitrociset design complex systems for defence, homeland security, space and transport. Activities include secure communications and cybersecurity.

Cybertekpro

Cybertekpro

Cybertekpro is a specialist insurance broker providing Cyber Liability insurance and cyber risk assessment services.

AppSec Labs

AppSec Labs

AppSec Labs specialise in application security. Our mission is to raise awareness in the software development world to the importance of integrating software security across the development lifecycle.

Cobalt Labs

Cobalt Labs

Pen Testing as a Service for Modern SaaS Businesses. Cobalt is redefining the modern pen test for companies who want serious hacker-like testing built into their development cycle.

Cynalytica

Cynalytica

Cynalytica deliver pioneering cybersecurity and machine analytics technologies that help protect critical infrastructure, securely enable Industry 4.0 and help accelerate digital transformation.

MetaWeb Ventures

MetaWeb Ventures

MetaWeb Ventures is a global venture capital firm focused on pre-seed and seed investments in crypto start-ups.

Snare

Snare

Snare is a comprehensive set of event monitoring and analysis tools designed to address critical auditing and security requirements.

RapidSpike

RapidSpike

RapidSpike is the only website monitoring solution that focuses all three key aspects of website health: performance, reliability AND security.

Flawnter

Flawnter

Flawnter is a security testing software that finds hidden security and quality flaws in your applications.

Seal Security

Seal Security

Seal Security revolutionizes software supply chain security operations, empowering organizations to automate and scale their open source vulnerability remediation and patch management.

Blue Mantis

Blue Mantis

Blue Mantis is a security-first, IT solutions and services provider with a 30+ year history of successfully helping clients achieve business modernization.

ClearSale (CLSA3)

ClearSale (CLSA3)

Clearsale’s innovative fraud solutions combine advanced technology with a passionate team of seasoned experts that understand every client’s unique needs.