RSA's New Security System Could Prevent Password Leaks Of The LinkedIn Or Yahoo Kind
The recent mishap at LinkedIn, that leaked passwords of 6.5 million users, is something that the security researchers and the scientists who specialize in cryptography are trying really hard to prevent. Even though companies like LinkedIn or Yahoo store the user account information like the password in encrypted format, it is likely that the attckers decrypt that data and figure out the actual string of a password. Such password leaks become nasty because users tend to have same passwords for multiple accounts and the attacker can gain a lot of secure information about an user by getting access to one account. So, the folks over at the RSA's research labs in Cambridge, Massachusetts have come up with a new system called 'distributed credential protection' that splits passwords in two and stores each half in different locations.
Using this system, once a user logs in to his/her account, the password used is split into two encrypted strings of data and sent to two different password servers, where it is combined with the half of the password stored on that server to create a new string. The RSA team has made sure that the algorithm involved in the process make it completely impossible to determine the password from either or both of the strings. Moreover, the system refreshes from time to time that random half snippet of a password.
<div></div>
#-Link-Snipped-#
Well, you ought to know that this not an entirely new concept. This technique is commonly called among researchers as 'threshold cryptography'. So, though not fresh out of factory, this is the first time that this technique will be outed to the general public. For details you can head over to MIT's #-Link-Snipped-# blog and find out more on this technique. Otherwise, not keeping a lame password and regularly changing it is your safest bet for all your online accounts.
Using this system, once a user logs in to his/her account, the password used is split into two encrypted strings of data and sent to two different password servers, where it is combined with the half of the password stored on that server to create a new string. The RSA team has made sure that the algorithm involved in the process make it completely impossible to determine the password from either or both of the strings. Moreover, the system refreshes from time to time that random half snippet of a password.
<div></div>
#-Link-Snipped-#
Well, you ought to know that this not an entirely new concept. This technique is commonly called among researchers as 'threshold cryptography'. So, though not fresh out of factory, this is the first time that this technique will be outed to the general public. For details you can head over to MIT's #-Link-Snipped-# blog and find out more on this technique. Otherwise, not keeping a lame password and regularly changing it is your safest bet for all your online accounts.
0