RSA's New Security System Could Prevent Password Leaks Of The LinkedIn Or Yahoo Kind
The recent mishap at LinkedIn, that leaked passwords of 6.5 million users, is something that the security researchers and the scientists who specialize in cryptography are trying really hard to prevent. Even though companies like LinkedIn or Yahoo store the user account information like the password in encrypted format, it is likely that the attckers decrypt that data and figure out the actual string of a password. Such password leaks become nasty because users tend to have same passwords for multiple accounts and the attacker can gain a lot of secure information about an user by getting access to one account. So, the folks over at the RSA's research labs in Cambridge, Massachusetts have come up with a new system called 'distributed credential protection' that splits passwords in two and stores each half in different locations.
Using this system, once a user logs in to his/her account, the password used is split into two encrypted strings of data and sent to two different password servers, where it is combined with the half of the password stored on that server to create a new string. The RSA team has made sure that the algorithm involved in the process make it completely impossible to determine the password from either or both of the strings. Moreover, the system refreshes from time to time that random half snippet of a password.
#-Link-Snipped-#
Well, you ought to know that this not an entirely new concept. This technique is commonly called among researchers as 'threshold cryptography'. So, though not fresh out of factory, this is the first time that this technique will be outed to the general public. For details you can head over to MIT's #-Link-Snipped-# blog and find out more on this technique. Otherwise, not keeping a lame password and regularly changing it is your safest bet for all your online accounts.
Using this system, once a user logs in to his/her account, the password used is split into two encrypted strings of data and sent to two different password servers, where it is combined with the half of the password stored on that server to create a new string. The RSA team has made sure that the algorithm involved in the process make it completely impossible to determine the password from either or both of the strings. Moreover, the system refreshes from time to time that random half snippet of a password.
#-Link-Snipped-#
Well, you ought to know that this not an entirely new concept. This technique is commonly called among researchers as 'threshold cryptography'. So, though not fresh out of factory, this is the first time that this technique will be outed to the general public. For details you can head over to MIT's #-Link-Snipped-# blog and find out more on this technique. Otherwise, not keeping a lame password and regularly changing it is your safest bet for all your online accounts.
Replies
You are reading an archived discussion.
Related Posts
India's Micromax has forayed into consumer electronic items including LED telivisions, blu-ray players and home theaters. The Indian brand disrupted the mobile markets by launching dual-SIM budget phones. The company...
Mozilla has released the latest version of its browser with Firefox 16 just weeks after the beta version showed up. And if you are not one of those from the...
A New Hampshire-based mobile app designer, Abelardo Gonzalez, has come up with a new font called 'OpenDyslexic', which has letters with heavier bottoms- which render 'gravity' to the letters and...
Microsoft today announced a few updates for the upcoming Windows 8 (set for release on October 26th) on the official MSDN blog. Unlike the earlier Windows versions, where Microsoft issued...
Indian Railways has launched an application called RailRadar, where rail commuters can easily track their train to see whether it's on-time or delayed. The app uses Google Maps for the...