leowolfert - Fotolia
The Tide Foundation has announced a security mechanism for encryption that the non-profit organisation claims makes passwords 140,000 times more difficult to crack.
Called splintering, the mechanism is the only encryption scheme to break usernames and passwords into tiny pieces using decentralised technology, with the aim of providing an unprecedented level of protection.
According to the developers, this technique makes it “tremendously” more difficult to reconstruct one complete password, let alone a greater number using either reverse engineering or common brute force attack methods.
Ahead of the official launch, the developers challenged hackers to crack a splintered password with a reward of 1 bitcoin (about £8,500) and bragging rights as an incentive, but after three months and more than 6.5 million attempts, no one has succeeded.
Tide developed splintering as one of several open-source technologies designed to form the backbone of a new, secure personal data economy with the aim of securing data privacy for businesses, consumers and data seekers such as marketing and research firms.
Comprising a team of engineers and entrepreneurs, Tide is developing an overarching technology infrastructure that aims to give control of personal data back to the consumer and create a broad opportunity beyond simply making passwords millions of times more difficult to crack.
Called the Tide Protocol, the entire open source software solution will be distributed free of charge.
According to Tide, the splintering mechanism for data encryption will enable companies to deliver exponentially higher levels of security for customers’ passwords.
The approach enables username and password authentication that is closer to the security level of a bitcoin private key, it said, but with the familiar username/password experience.
For businesses, Tide says the authentication is “seamlessly” integrated with any website user interface.
Read more about personal data economy
- The increasing value of personal data presents the challenge of managing a personal data economy, says identity and security expert.
- Coupling self-sovereign identity with insights from research on consumer identity management may be the key to personalising products and services without putting people at risk, says industry analyst.
- UK privacy watchdog has chosen the first firms to take part in its Sandbox programme aimed at developing innovative and beneficial products and services that are privacy compliant.
Tide engineers tested the technique in a focused research project by using 60 million LinkedIn credentials that had been exposed in a previous attack. The team found that splintering dropped the odds of a dictionary attack breach from 100% to 0.00072% when the splintering mechanism was deployed.
“Even though the database of exposed LinkedIn usernames/passwords that Tide used in the study of splintering had been hashed and salted, all 60 million passwords were cracked when they hit the black market,” said Willy Susilo, a cryptology expert and adviser to the company.
“In contrast, Tide’s algorithm is very powerful and is significantly less vulnerable. We expect it to improve personal data security by orders of magnitude.”
Dominique Valladolid, co-founder of the Tide Foundation, said the Tide Protocol is intended to be a global standard to power a “sustainable personal data ecosystem”.
“It will help organisations maintain privacy compliance, mitigate risks posed from data breaches and improve their trust with consumers to do better business,” said Valladolid.
“It enables data seekers to access permissioned, highly relevant and motivated audiences. Most importantly, it puts consumers in control of their data, who has access to it and why, and if they agree to trade it, share in its monetisation.”
With a goal of developing a significant shift in the power and ownership of personal data, Tide’s advisory board and board of directors is made up of leaders from global media companies, the banking industry, the political sphere and world-renowned scholars in cryptography, along with a founding team of experienced entrepreneurs.
Read more about password security
- The passwordless enterprise is getting easier to attain as the security industry gears up to support a passwordless future, says RSA’s identity chief.
- Windows 10 users will soon be able to sign in to devices without using a password to encourage the use of two-factor authentication methods to improve security.
- UK cyber security agency is urging citizens to improve online safety and password security after research reveals most-hacked passwords and a survey exposes gaps in online security.
- Many enterprises are focusing on finding better ways of managing passwords and are using alternatives, such as biometrics and multi-factor authentication.