Honeywords: Making Password-Cracking Detectable
Date: May 2013
Source 1: http://people.csail.mit.edu/rivest/honeywords/paper.pdf
Source 2: http://people.csail.mit.edu/rivest/pubs/JR13.pdf
Abstract or Summary:
We suggest a simple method for improving the security of hashed passwords: the maintenance of additional "honeywords" (false passwords) associated with each user's account. An adversary who steals a le of hashed passwords and inverts the hash function cannot tell if he has found the password or a honeyword. The attempted use of a honeyword for login sets off an alarm. An auxiliary server (the "honeychecker") can distinguish the user password from honeywords for the login routine, and will set off an alarm if a honeyword is submitted.
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.