Cyware

New encryption method called ‘Splintering’ makes password hacking 14 million percent more challenging


  • passwords that were previously breached and determined that splintering reduced the odds of a successful dictionary attack from 100% to 0.00072%.
  • Splintering allows up to 30% redundancy, which means that the splintered passwords can be fully reassembled even if up to 6 nodes storing the splinters were to become unavailable for some reason.

What’s the matter?

Researchers at Tide have developed a new technique dubbed ‘Splintering’ to protect usernames and passwords. They claim that Splintering is 14 million percent more difficult to hack when compared to other techniques.

“This technique makes it tremendously more difficult to reconstruct one complete password, let alone all the passwords, using either reverse engineering or common brute force attack methods,” researchers said. Tide is a non-profit foundation focusing on building data privacy focused technologies.

How does this technique work?

Researchers at Tide have implemented the new splintering technique in Tide Protocol. This technique takes encrypted passwords within an authentication system, breaks them up into multiple splinters or fragments, and stores them on a decentralized distributed network from where they can be reassembled when required.

  • The number of splinters that each encrypted password is broken up depends upon the desired cryptographic strength and the organization’s requirements.
  • The minimum number of splinters is 20 nodes.
  • Each node is assigned to a splinter and can be assembled when requested.
  • Only the node assigned to a splinter can decrypt and assemble the splinter.

Key findings

Tide researchers tested the splintering technology against 60 million LinkedIn passwords that were previously breached.

  • The test revealed that splintering reduced the odds of a successful dictionary attack from 100% to 0.00072%, which is a 14 million percent improvement.
  • Splintering allows up to 30% redundancy, which means that the splintered passwords can be fully reassembled even if up to 6 nodes storing the splinters were to become unavailable for some reason.
  • End-to-end latency results showed that the splintering process takes between 1,500 milliseconds to 4,000 milliseconds with a full complement of nodes across Microsoft Azure, Google, and Amazon networks.

Tide has introduced an intentional built-in 300-millisecond delay for each authentication request to mitigate brute-force and denial-of-service attacks on the network. Despite this, the latency result proved that the latencies associated with the splintering process are better than existing commonly used authentication methods.

“The splintering technology can be easily used in an almost identical manner to any of the existing OAuth2 authentication schemes and be integrated into any existing organization,” researchers said.

View full article

Recent News

Announcement
15 Mar 2021

Tide win Insurtech NY

Tide named best global Insurtech, at marquee insurance event

Announcement
18 Dec 2020

Tide Named Tech23 Winner

Tech23 deep tech community celebrates next disruptors.

Video
20 Nov 2020

Tide join OECD Global Forum

Distributed ledger technology and the new era of data privacy and governance.

Announcement
15 Jun 2020

Tide Awarded ARC Grant

Together with Professor Susilo from UOW and KDDI Research, Japan.

Announcement
9 Dec 2019

Doug Knopper joins Tide

Visionary CEO appointed to Tide Foundation Advisory Board.

Announcement
22 Jun 2020

Tide Crowned Best InsurTech

In Hartford Connecticut, the insurance capital of the world, Tide have been named "Best Emerging InsurTech".

Announcement
6 Apr 2020

UK Government Study Tide

CMA Study Tide in report to parliament on digital economy.

Announcement
12 Nov 2019

OECD Report Embraces Tide

OECD Report Points to a Tide future

Announcement
6 Jun 2020

Tide Announced Dual Finalists in InsurTech 2020

Tide Announced Dual Finalists in InsurTech 2020

Video
19 Sep 2019

TechRepublic

Open source foundation is introducing a new approach to encryption called splintering

Press
13 Sep 2019

Dark Reading

New Technique Makes Passwords 14M Percent Harder to Crack

Press
14 May 2019

Forbes

Tide Offers Hackers A Bitcoin Reward To Break Its Consumer Data Encryption

Contact

Thanks for getting in touch. We'll get back to you as soon as possible!

Send another message