Ball and Chain A New Paradigm in Stored Password Security
Authors: Benjamin Donnelly, Tim Tomes

Abstract or Summary:
We have traditionally combatted password database breaches by applying strong hashing to user passwords in the hopes of slowing down an attacker's success at cracking them. But what if we slow down the process of obtaining the database instead? This talk introduces an approach where representations of passwords are stored in a huge (multi-terabyte) file alongside random data. Attackers must steal a copy of the entire file in order to capture the passwords needed to impersonate users. But the size of this file and the time needed to remotely copy it should either prevent attackers from successfully downloading it or give the site administrators much more time to detect the attempted data extraction and stop it. Note: Video of presentation: Project page:

Do you have additional information to contribute regarding this research paper? If so, please email with the details.

<-- Back to Authentication Research Paper Index

[Home] [About Us] [News] [Research]

Copyright © 2019