Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Sneaky security system fools hackers with fake passwords when cracked

Jeremy Kirk | May 20, 2015
ErsatzPasswords, a research project, aims to stop the cracking of password hashes.

The beauty is on the server side since only one password file needs to be stored. "Even if we want to verify the real password, we don't need a different file," Almeshekah said.

Almeshekah said the researchers used a fairly cheap hardware security module from Yubico called the YubiHSM that costs around US$500. For a large numbers of users, a more advanced type of hardware security module would be needed for better performance, which could cost $10,00 and up, he said.

But setting up ErsatzPasswords on the server side is pretty easy, he said, and the code is available on GitHub. It's free and is published under an Apache open-source license.

The research paper was co-authored by Christopher N. Gutierrez, Mikhail J. Atallah and Eugene H. Spafford, all of Purdue's Information Assurance and Security group.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.