UPDATED 15:33 EDT / SEPTEMBER 05 2019

SECURITY

Group says its blockchain-based encryption scheme makes passwords all but impossible to crack

The Tide Foundation, a nonprofit organization that’s building an open-source framework for protecting personally identifiable information, has developed a blockchain-based encryption scheme that it claims is vastly more difficult to crack than other methods.

Its approach uses a technique called “splintering” in which encrypted username/password pairs are broken up into small pieces and scattered across an assortment of storage devices with blockchain used to reassemble the encrypted data on demand. Blockchain is a peer-to-peer distributed ledger technology that enables trusted transactions between anonymous parties. It’s the technology that undergirds cryptocurrencies such as bitcoin.

The group says tests it conducted across a sample set of 60 million user records from a publicly reported data breach indicate that its technique is more than 140,000 times more secure than conventional protections against a dictionary attack, in which the attacker guesses password from a defined list of likely candidates.

In May, the organization offered a bitcoin – which is currently valued at more than $10,000 – to anyone who could break a single username/password combination encrypted and splintered using its technique. More than 6.5 million attempts have been made but none has succeeded, it said.

Splintering adds a level of complexity to the practice of “hashing,” which is commonly used to protect passwords. A hash algorithm turns a string of text of any length into a fixed-length sequence of characters. A hash can’t be reversed-engineered, but if an attacker successfully associates a password with its corresponding hash, any other password protected by that hash algorithm can be decrypted.

Not so with splintering, the group says. Its approach breaks up the hash into smaller strings of characters that are distributed and tracked by a blockchain. While attackers may be able to associate a password with a single shortened string, the likelihood of applying the same decryption algorithm to other passwords is extremely low. The group said its technique can be easily integrated into any authentication method.

The technology, announced Wednesday, is available to under a modified open-source license called the Tide Community Open Source License in the foundation’s github repository.

The Sydney, Australia-based Tide Foundation was set up to develop a technique to enable individuals to protect personal data with the ability to grant access selectively to third parties in exchange for compensation. Its technology is expected to go into pilot testing next year.

Photo: Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU