Cyware

New encryption method called ‘Splintering’ makes password hacking 14 million percent more challenging


  • passwords that were previously breached and determined that splintering reduced the odds of a successful dictionary attack from 100% to 0.00072%.
  • Splintering allows up to 30% redundancy, which means that the splintered passwords can be fully reassembled even if up to 6 nodes storing the splinters were to become unavailable for some reason.

What’s the matter?

Researchers at Tide have developed a new technique dubbed ‘Splintering’ to protect usernames and passwords. They claim that Splintering is 14 million percent more difficult to hack when compared to other techniques.

“This technique makes it tremendously more difficult to reconstruct one complete password, let alone all the passwords, using either reverse engineering or common brute force attack methods,” researchers said. Tide is a non-profit foundation focusing on building data privacy focused technologies.

How does this technique work?

Researchers at Tide have implemented the new splintering technique in Tide Protocol. This technique takes encrypted passwords within an authentication system, breaks them up into multiple splinters or fragments, and stores them on a decentralized distributed network from where they can be reassembled when required.

  • The number of splinters that each encrypted password is broken up depends upon the desired cryptographic strength and the organization’s requirements.
  • The minimum number of splinters is 20 nodes.
  • Each node is assigned to a splinter and can be assembled when requested.
  • Only the node assigned to a splinter can decrypt and assemble the splinter.

Key findings

Tide researchers tested the splintering technology against 60 million LinkedIn passwords that were previously breached.

  • The test revealed that splintering reduced the odds of a successful dictionary attack from 100% to 0.00072%, which is a 14 million percent improvement.
  • Splintering allows up to 30% redundancy, which means that the splintered passwords can be fully reassembled even if up to 6 nodes storing the splinters were to become unavailable for some reason.
  • End-to-end latency results showed that the splintering process takes between 1,500 milliseconds to 4,000 milliseconds with a full complement of nodes across Microsoft Azure, Google, and Amazon networks.

Tide has introduced an intentional built-in 300-millisecond delay for each authentication request to mitigate brute-force and denial-of-service attacks on the network. Despite this, the latency result proved that the latencies associated with the splintering process are better than existing commonly used authentication methods.

“The splintering technology can be easily used in an almost identical manner to any of the existing OAuth2 authentication schemes and be integrated into any existing organization,” researchers said.

View full article

Recent News

Press
11 Mar 2024

Infrastructure Magazine Feature

New approach to securing critical infrastructure.

Announcement
23 Nov 2023

RMIT, Tide, AWS Collab Unveiled

Tide's "Ineffable Cryptography" to secure critical infrastructure

Announcement
25 May 2023

New breakthrough in Zero-Trust

Deakin University researchers prove Tide's tech breakthrough in ZeroTrust cyber security

Announcement
26 May 2023

TideInside Dev Champion Crowned

Sean Nam Crowned Champion in the Prestigious TideInside Development Competition

media
5 Apr 2023

Interview with Dr Zero Trust

New Approach to Security Strategy with Decentralization

Blog
31 Mar 2023

Cybersecurity Predictions and Prescriptions

Cybersecurity in 2023 & Beyond: What to Expect and What Can Be Done

Video
10 Mar 2023

Tide guests on TechStrongTV

Co-Founder Michael Loewy explains need for a more decentralized approach to managing identity and cybersecurity to enable the promise of zero trust.

Video
14 Feb 2023

Tide guests on Zero Trust Podcast

This week we have a two-for-one special and feature our newest panel-style format.

Press
24 Oct 2022

Financial Review Interviews Tide

The spate of recent data breaches headlined by Optus and Medibank has reinforced the urgency to rethink cybersecurity.

Press
26 Aug 2022

Tide named world-changing startup

Revolutionary new technology to secure the future

Announcement
16 May 2022

RMIT validates Tide’s breakthrough cryptography

New multi-party cryptography enables true zero-trust

Announcement
16 Nov 2021

Tide win startup of the year

By AISA cybersec peak body

Contact

Thanks for getting in touch. We'll get back to you as soon as possible!

Send another message