Tide Protocol uses blockchain to improve password security by 14 million percent
Facebook, Capital One, Marriot International — we’re so used to emails asking us to change our passwords because of a data breach that we barely bat an eyelid now. I’m not saying that we should stop changing our passwords, but what if massive data breaches became a thing of the past? Well Tide might just have a found a way to do that.
In May 2019, Tide.org announced it would give a Bitcoin to anyone who could hack into their decentralized blockchain database of usernames and passwords. They were even so kind as to offer hints and help. However, over the course of three months and more than 6.5 million attempts, not one hacker managed to break through their security. Why? Splintering.
What is splintering?
Splintering is a pretty groundbreaking approach to password protection. The encrypted passwords are split into tiny pieces and then distributed across a decentralized blockchain setup. This means that for a hacker simply cracking one password is tough — so tough that in 6.5 million attempts it wasn’t achieved even once — so cracking a whole set is perhaps not impossible, but certainly a much bigger hurdle to overcome for bad actors. This is an important factor, as it is often the case that once databases of credentials find their way onto the black market, all of the passwords have been decrypted.
In order to test how well splintering worked, Tide.org used a database of credentials harvested from LinkedIn in a previous breach. The most common type of attack, a so-called “dictionary attack”, was 100% successful at breaking into this database. Odds that, after splintering, dropped to a mere 0.00072%. An improvement of 14,064,094%. It’s no surprise, then, that splintering is so potentially exciting!