UPDATED 15:33 EDT / SEPTEMBER 05 2019

SECURITY

Group says its blockchain-based encryption scheme makes passwords all but impossible to crack

The Tide Foundation, a nonprofit organization that’s building an open-source framework for protecting personally identifiable information, has developed a blockchain-based encryption scheme that it claims is vastly more difficult to crack than other methods.

Its approach uses a technique called “splintering” in which encrypted username/password pairs are broken up into small pieces and scattered across an assortment of storage devices with blockchain used to reassemble the encrypted data on demand. Blockchain is a peer-to-peer distributed ledger technology that enables trusted transactions between anonymous parties. It’s the technology that undergirds cryptocurrencies such as bitcoin.

The group says tests it conducted across a sample set of 60 million user records from a publicly reported data breach indicate that its technique is more than 140,000 times more secure than conventional protections against a dictionary attack, in which the attacker guesses password from a defined list of likely candidates.

In May, the organization offered a bitcoin – which is currently valued at more than $10,000 – to anyone who could break a single username/password combination encrypted and splintered using its technique. More than 6.5 million attempts have been made but none has succeeded, it said.

Splintering adds a level of complexity to the practice of “hashing,” which is commonly used to protect passwords. A hash algorithm turns a string of text of any length into a fixed-length sequence of characters. A hash can’t be reversed-engineered, but if an attacker successfully associates a password with its corresponding hash, any other password protected by that hash algorithm can be decrypted.

Not so with splintering, the group says. Its approach breaks up the hash into smaller strings of characters that are distributed and tracked by a blockchain. While attackers may be able to associate a password with a single shortened string, the likelihood of applying the same decryption algorithm to other passwords is extremely low. The group said its technique can be easily integrated into any authentication method.

The technology, announced Wednesday, is available to under a modified open-source license called the Tide Community Open Source License in the foundation’s github repository.

The Sydney, Australia-based Tide Foundation was set up to develop a technique to enable individuals to protect personal data with the ability to grant access selectively to third parties in exchange for compensation. Its technology is expected to go into pilot testing next year.

Photo: Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Support our open free content by sharing and engaging with our content and community.

Join theCUBE Alumni Trust Network

Where Technology Leaders Connect, Share Intelligence & Create Opportunities

11.4k+  
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+ 
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.

SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.