Int. J. of Embedded Systems   »   2016 Vol.8, No.2/3

 

 

Title: Phoney: protecting password hashes with threshold cryptology and honeywords

 

Authors: Rong Wang; Hao Chen; Jianhua Sun

 

Addresses:
College of Computer Science and Electronic Engineering, Hunan University, Changsha, China
College of Computer Science and Electronic Engineering, Hunan University, Changsha, China
College of Computer Science and Electronic Engineering, Hunan University, Changsha, China

 

Abstract: Password file disclosure has attracted a lot of attention recently. Once password files are stolen, attackers can quickly crack large numbers of passwords. In this paper, we propose Phoney, a system which employs a threshold cryptosystem to encrypt the password hashes in the password file and honeywords to confuse attackers. With the help of Phoney, attackers cannot get any password information easily even they steal the password files. All the password hashes are encrypted by our threshold cryptosystem. Even they are able to compromise the cryptosystem, attackers cannot identify the real password easily because of the false passwords (honeywords) deliberately added for each account to confuse the adversaries. In addition, attempts of submitting a honeyword will cause alarms to be set off. Experiments show that the time and storage cost of Phoney are acceptable, but the cracking search space is increased significantly.

 

Keywords: authentication; threshold cryptosystems; honeywords; password leaks; password hashes; password file disclosure; password protection; passwords; cryptography; password hash encryption.

 

DOI: 10.1504/IJES.2016.076108

 

Int. J. of Embedded Systems, 2016 Vol.8, No.2/3, pp.146 - 154

 

Available online: 26 Apr 2016

 

 

Editors Full text accessPurchase this articleComment on this article