light bulb

Did You Know?



Reply
Highlighted
Posts: 6,397
Topics: 4,258
Kudos: 8,135
Registered: ‎06-12-2013

Can this $70 dongle stem the epidemic of password breaches?

Security researchers have developed a password storage system that uses inexpensive hardware to prevent the cracking of passwords—even the most common and weak ones such as "123456," "password," and "letmein."

The S-CRIB Scrambler uses an additional layer of protection over methods many websites use now to prevent mass account compromises in the event a password database is exposed during a site breach, according to a post published Friday on the University of Cambridge's Light Blue Touchpaper blog. Rather than relying solely on a one-way cryptographic hash to represent plaintext passwords, the small dongle performs an additional operation known as hash-based message authentication code (HMAC). The secret 10-character key used to generate the HMAC resides solely on the dongle. Because it's not included in password tables that are stored on servers, the key could remain secret even in the event of a major security breach.

 

Full Article

Sr. Community Leader

Community Manager Community Manager
Community Manager
Posts: 4,954
Registered: ‎12-16-2013

Re: Can this $70 dongle stem the epidemic of password breaches?

What happens if your hardware dongle dies?  Or if someone walks off with it?

Posts: 6,397
Topics: 4,258
Kudos: 8,135
Registered: ‎06-12-2013

Re: Can this $70 dongle stem the epidemic of password breaches?

[ Edited ]

I got this from their website:

"Ultimately, instead of calling a hash function to scramble passwords entered by users, the server calls a web service (hosted locally or remotely) to do it. This web service scrambles passwords with a “keyed cryptographic function”. The key is not possible to read from the hardware device once it is initialised. This makes the system perfectly secure for almost any commercial application."

 

From that I would imagine that the device does not store the passwords unless I am reading it wrong.

Sr. Community Leader

Community Manager Community Manager
Community Manager
Posts: 4,954
Registered: ‎12-16-2013

Re: Can this $70 dongle stem the epidemic of password breaches?

Ah, that makes more sense.

Frequent Voice
Frequent Voice
Posts: 261
Registered: ‎03-09-2014

Re: Can this $70 dongle stem the epidemic of password breaches?

Don't scare me with it dieing nic please!

---------------------------------------------------------------
~Var

Helper of the Webroot Community

OS and Main Antivirus:Linux Mint, None Smiley Sad
----------------------------------------------------------------