"Honey Encryption" overwhelms attackers with fake results
Posted on 30 January 2014.
Bookmark and Share
Former RSA chief scientist Ari Juels is working on an innovative approach at encryption that could make cyber crooks' like a lot more difficult.


This new encryption system - dubbed "Honey Encryption" - does not rely on a more complex encryption algorithm, but on the fact that every time attackers attempt to decrypt the data or guess (brute force) the password, the system returns realistic-looking data - whether the guess is correct or not.

“Each decryption is going to look plausible,” says Juels. “The attacker has no way to distinguish a priori which is correct.” And will, therefore, have to test all the result if he wants to get to the correct one - a potentially formidable task that will not be worth the trouble.

The approach and the system is based on the research Juels executed with Thomas Ristenpart, an assistant professor at the University of Wisconsin, in which they put forward the idea of "honeywords" - false passwords - being associated with user accounts along with the correct one.

"An adversary who steals a file of hashed passwords and inverts the hash function cannot tell if he has found the password or a honeyword. The attempted use of a honeyword for login sets off an alarm," they explained.

Juels believes Honey Encryption could be a great help for password manager services, whose users' entire online life depends on a single master password.

According to MIT Technology Review, he is currently working on creating a fake password vault generator that would provide the false results.

Given the massive number of login credentials stolen and leaked in the last few years and a smaller one of leaked password manager vaults, creating credible fake results should be an easy task.









Spotlight

Dissecting the unpredictable DDoS landscape

Posted on 23 April 2014.  |  DDoS attacks are now more unpredictable and damaging than ever, crippling websites, shutting down operations, and costing millions of dollars in downtime, customer support and brand damage, according to Neustar.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Apr 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //