Tuesday, 12 May 2015

Password Manager Uses Fake Passwords As Security

Password Managers are a convenient way for users to use different passwords for various websites without which to remember, but one of the biggest problems is the master password that they use. An attacker who steal the password safe with passwords collected knows can then try to crack the master password.

In the case to trace the attacker knows the master password, he can access all stored passwords. Researchers from the University of Wisconsin, Stanford University and Cornell Tech have therefore devised a clever password manager called NoCrack ( pdf ). "This is a new kind of password manager passwords with a master password to encrypt, but is resistant to offline brute-force decryption" says researcher Rahul Chatterjee .

According to the researcher dictionary attacks on stolen password vaults increasingly powerful. In addition, attackers would also be helped in that a large part of the Internet users still choose a simple and weak passwords, which simplifies the dictionary attacks. NoCrack provides protection against false by a login attempt with the wrong master password, but plausible passwords display.

"Unlike traditional password vaults will always decrypt the content and passwords always display that seem right," said Chatterjee. The researchers will present their findings next week at the Symposium on Security and Privacy present .Researcher Joseph Bonneau late in this research paper ( pdf ) that a prototype of NoCrack to the public will be made ​​available.

No comments:

Post a Comment