|
Honeywords: Making Password-Cracking Detectable
Date: May 2013 Publication: Source 1: http://people.csail.mit.edu/rivest/honeywords/paper.pdf Source 2: http://people.csail.mit.edu/rivest/pubs/JR13.pdf Abstract or Summary:
We suggest a simple method for improving the security of hashed passwords: the maintenance of additional "honeywords" (false passwords) associated with each user's account. An adversary who steals a le of hashed passwords and inverts the hash function cannot tell if he has found the password or a honeyword. The attempted use of a honeyword for login sets off an alarm. An auxiliary server (the "honeychecker") can distinguish the user password from honeywords for the login routine, and will set off an alarm if a honeyword is submitted. Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.
<-- Back to Authentication Research Paper Index |