Cyware

New encryption method called ‘Splintering’ makes password hacking 14 million percent more challenging


  • passwords that were previously breached and determined that splintering reduced the odds of a successful dictionary attack from 100% to 0.00072%.
  • Splintering allows up to 30% redundancy, which means that the splintered passwords can be fully reassembled even if up to 6 nodes storing the splinters were to become unavailable for some reason.

What’s the matter?

Researchers at Tide have developed a new technique dubbed ‘Splintering’ to protect usernames and passwords. They claim that Splintering is 14 million percent more difficult to hack when compared to other techniques.

“This technique makes it tremendously more difficult to reconstruct one complete password, let alone all the passwords, using either reverse engineering or common brute force attack methods,” researchers said. Tide is a non-profit foundation focusing on building data privacy focused technologies.

How does this technique work?

Researchers at Tide have implemented the new splintering technique in Tide Protocol. This technique takes encrypted passwords within an authentication system, breaks them up into multiple splinters or fragments, and stores them on a decentralized distributed network from where they can be reassembled when required.

  • The number of splinters that each encrypted password is broken up depends upon the desired cryptographic strength and the organization’s requirements.
  • The minimum number of splinters is 20 nodes.
  • Each node is assigned to a splinter and can be assembled when requested.
  • Only the node assigned to a splinter can decrypt and assemble the splinter.

Key findings

Tide researchers tested the splintering technology against 60 million LinkedIn passwords that were previously breached.

  • The test revealed that splintering reduced the odds of a successful dictionary attack from 100% to 0.00072%, which is a 14 million percent improvement.
  • Splintering allows up to 30% redundancy, which means that the splintered passwords can be fully reassembled even if up to 6 nodes storing the splinters were to become unavailable for some reason.
  • End-to-end latency results showed that the splintering process takes between 1,500 milliseconds to 4,000 milliseconds with a full complement of nodes across Microsoft Azure, Google, and Amazon networks.

Tide has introduced an intentional built-in 300-millisecond delay for each authentication request to mitigate brute-force and denial-of-service attacks on the network. Despite this, the latency result proved that the latencies associated with the splintering process are better than existing commonly used authentication methods.

“The splintering technology can be easily used in an almost identical manner to any of the existing OAuth2 authentication schemes and be integrated into any existing organization,” researchers said.

View full article

Recent News

Press
19 Sep 2019

TechRepublic

Open source foundation is introducing a new approach to encryption called splintering

Press
13 Sep 2019

Dark Reading

New Technique Makes Passwords 14M Percent Harder to Crack

Press
14 May 2019

Forbes

Tide Offers Hackers A Bitcoin Reward To Break Its Consumer Data Encryption

Press
5 Mar 2019

TechCrunch

Tide Foundation gives consumers full control of personal data on blockchain

Press
14 Aug 2019

Cointelegraph cover Tide's Trustless Bot

This Non-Profit Company Wants to ‘Decentralize’ Crypto Keys Themselves

Press
31 Aug 2018

Financial Review

Tide Foundation pitches blockchain solution to digital advertising privacy woes

Blog
5 Sep 2019

Splintered passwords stump hackers

Passwords 14m% more secure with decentralized encryption scheme

Announcement
17 Sep 2018

Gilbert + Tobin Partnership

Gilbert + Tobin Partners with Tide to Build a New Personal Data Economy

Press
13 Sep 2019

JaxEnter

Tide Protocol uses blockchain to improve password security by 14 million percent

Press
13 Sep 2019

Fossbytes

This Technique Claims To Make Passwords 14 Million% Tougher To Crack

Press
13 Sep 2019

ComputerWeekly

Tide Foundation aims to boost password security

Video
22 May 2019

Block TV Interview Tide

Decentralizing the Personal Data Economy

Contact

Thanks for getting in touch. We'll get back to you as soon as possible!

Send another message