Cyware

New encryption method called ‘Splintering’ makes password hacking 14 million percent more challenging


  • passwords that were previously breached and determined that splintering reduced the odds of a successful dictionary attack from 100% to 0.00072%.
  • Splintering allows up to 30% redundancy, which means that the splintered passwords can be fully reassembled even if up to 6 nodes storing the splinters were to become unavailable for some reason.

What’s the matter?

Researchers at Tide have developed a new technique dubbed ‘Splintering’ to protect usernames and passwords. They claim that Splintering is 14 million percent more difficult to hack when compared to other techniques.

“This technique makes it tremendously more difficult to reconstruct one complete password, let alone all the passwords, using either reverse engineering or common brute force attack methods,” researchers said. Tide is a non-profit foundation focusing on building data privacy focused technologies.

How does this technique work?

Researchers at Tide have implemented the new splintering technique in Tide Protocol. This technique takes encrypted passwords within an authentication system, breaks them up into multiple splinters or fragments, and stores them on a decentralized distributed network from where they can be reassembled when required.

  • The number of splinters that each encrypted password is broken up depends upon the desired cryptographic strength and the organization’s requirements.
  • The minimum number of splinters is 20 nodes.
  • Each node is assigned to a splinter and can be assembled when requested.
  • Only the node assigned to a splinter can decrypt and assemble the splinter.

Key findings

Tide researchers tested the splintering technology against 60 million LinkedIn passwords that were previously breached.

  • The test revealed that splintering reduced the odds of a successful dictionary attack from 100% to 0.00072%, which is a 14 million percent improvement.
  • Splintering allows up to 30% redundancy, which means that the splintered passwords can be fully reassembled even if up to 6 nodes storing the splinters were to become unavailable for some reason.
  • End-to-end latency results showed that the splintering process takes between 1,500 milliseconds to 4,000 milliseconds with a full complement of nodes across Microsoft Azure, Google, and Amazon networks.

Tide has introduced an intentional built-in 300-millisecond delay for each authentication request to mitigate brute-force and denial-of-service attacks on the network. Despite this, the latency result proved that the latencies associated with the splintering process are better than existing commonly used authentication methods.

“The splintering technology can be easily used in an almost identical manner to any of the existing OAuth2 authentication schemes and be integrated into any existing organization,” researchers said.

View full article

Recent News

Announcement
12 Nov 2019

OECD Report Names Tide

OECD Report Encourages Member and Legislators to Embrace Tide

Video
19 Sep 2019

TechRepublic

Open source foundation is introducing a new approach to encryption called splintering

Press
13 Sep 2019

Dark Reading

New Technique Makes Passwords 14M Percent Harder to Crack

Press
14 May 2019

Forbes

Tide Offers Hackers A Bitcoin Reward To Break Its Consumer Data Encryption

Press
5 Mar 2019

TechCrunch

Tide Foundation gives consumers full control of personal data on blockchain

Press
14 Aug 2019

Cointelegraph cover Tide's Trustless Bot

This Non-Profit Company Wants to ‘Decentralize’ Crypto Keys Themselves

Press
31 Aug 2018

Financial Review

Tide Foundation pitches blockchain solution to digital advertising privacy woes

Video
8 Nov 2019

Daily Exchange

Mike Loewy Discusses Privacy in Blockchain on the Daily Exchange

Blog
5 Sep 2019

Splintered passwords stump hackers

Passwords 14m% more secure with decentralized encryption scheme

Announcement
17 Sep 2018

Gilbert + Tobin Partnership

Gilbert + Tobin Partners with Tide to Build a New Personal Data Economy

Press
13 Nov 2019

Electronic Engineering Journal

The Tide Foundation Proposes Password Splintering for Better Security

Press
13 Sep 2019

JaxEnter

Tide Protocol uses blockchain to improve password security by 14 million percent

Contact

Thanks for getting in touch. We'll get back to you as soon as possible!

Send another message