Slashdot

Syndicate content Slashdot
News for nerds, stuff that matters
Updated: 7 min 40 sec ago

NYU Group Says Its Scheme Makes Cracking Individual Passwords Impossible

Thu, 03/04/2014 - 3:28pm
An anonymous reader writes "Researchers at New York University have devised a new scheme called PolyPassHash for storing password hash data so that passwords cannot be individually cracked by an attacker. Instead of a password hash being stored directly in the database, the information is used to encode a share in a Shamir Secret Store (technical details PDF). This means that a password cannot be validated without recovering a threshold of shares, thus an attacker must crack groups of passwords together. The solution is fast, easy to implement (with C and Python implementations available), requires no changes to clients, and makes a huge difference in practice. To put the security difference into perspective, three random 6 character passwords that are stored using standard salted secure hashes can be cracked by a laptop in an hour. With a PolyPassHash store, it would take every computer on the planet longer to crack these passwords than the universe is estimated to exist. With this new technique, HoneyWords, and hardware solutions all available, does an organization have any excuse if their password database is disclosed and user passwords are cracked?."

Read more of this story at Slashdot.








NYU Group Says Its Scheme Makes Cracking Individual Passwords Impossible

Thu, 03/04/2014 - 3:28pm
An anonymous reader writes "Researchers at New York University have devised a new scheme called PolyPassHash for storing password hash data so that passwords cannot be individually cracked by an attacker. Instead of a password hash being stored directly in the database, the information is used to encode a share in a Shamir Secret Store (technical details PDF). This means that a password cannot be validated without recovering a threshold of shares, thus an attacker must crack groups of passwords together. The solution is fast, easy to implement (with C and Python implementations available), requires no changes to clients, and makes a huge difference in practice. To put the security difference into perspective, three random 6 character passwords that are stored using standard salted secure hashes can be cracked by a laptop in an hour. With a PolyPassHash store, it would take every computer on the planet longer to crack these passwords than the universe is estimated to exist. With this new technique, HoneyWords, and hardware solutions all available, does an organization have any excuse if their password database is disclosed and user passwords are cracked?."

Read more of this story at Slashdot.








NYU Group Says Its Scheme Makes Cracking Individual Passwords Impossible

Thu, 03/04/2014 - 3:28pm
An anonymous reader writes "Researchers at New York University have devised a new scheme called PolyPassHash for storing password hash data so that passwords cannot be individually cracked by an attacker. Instead of a password hash being stored directly in the database, the information is used to encode a share in a Shamir Secret Store (technical details PDF). This means that a password cannot be validated without recovering a threshold of shares, thus an attacker must crack groups of passwords together. The solution is fast, easy to implement (with C and Python implementations available), requires no changes to clients, and makes a huge difference in practice. To put the security difference into perspective, three random 6 character passwords that are stored using standard salted secure hashes can be cracked by a laptop in an hour. With a PolyPassHash store, it would take every computer on the planet longer to crack these passwords than the universe is estimated to exist. With this new technique, HoneyWords, and hardware solutions all available, does an organization have any excuse if their password database is disclosed and user passwords are cracked?."

Read more of this story at Slashdot.








NYU Group Says Its Scheme Makes Cracking Individual Passwords Impossible

Thu, 03/04/2014 - 3:28pm
An anonymous reader writes "Researchers at New York University have devised a new scheme called PolyPassHash for storing password hash data so that passwords cannot be individually cracked by an attacker. Instead of a password hash being stored directly in the database, the information is used to encode a share in a Shamir Secret Store (technical details PDF). This means that a password cannot be validated without recovering a threshold of shares, thus an attacker must crack groups of passwords together. The solution is fast, easy to implement (with C and Python implementations available), requires no changes to clients, and makes a huge difference in practice. To put the security difference into perspective, three random 6 character passwords that are stored using standard salted secure hashes can be cracked by a laptop in an hour. With a PolyPassHash store, it would take every computer on the planet longer to crack these passwords than the universe is estimated to exist. With this new technique, HoneyWords, and hardware solutions all available, does an organization have any excuse if their password database is disclosed and user passwords are cracked?."

Read more of this story at Slashdot.








NYU Group Says Its Scheme Makes Cracking Individual Passwords Impossible

Thu, 03/04/2014 - 3:28pm
An anonymous reader writes "Researchers at New York University have devised a new scheme called PolyPassHash for storing password hash data so that passwords cannot be individually cracked by an attacker. Instead of a password hash being stored directly in the database, the information is used to encode a share in a Shamir Secret Store (technical details PDF). This means that a password cannot be validated without recovering a threshold of shares, thus an attacker must crack groups of passwords together. The solution is fast, easy to implement (with C and Python implementations available), requires no changes to clients, and makes a huge difference in practice. To put the security difference into perspective, three random 6 character passwords that are stored using standard salted secure hashes can be cracked by a laptop in an hour. With a PolyPassHash store, it would take every computer on the planet longer to crack these passwords than the universe is estimated to exist. With this new technique, HoneyWords, and hardware solutions all available, does an organization have any excuse if their password database is disclosed and user passwords are cracked?."

Read more of this story at Slashdot.








NYU Group Says Its Scheme Makes Cracking Individual Passwords Impossible

Thu, 03/04/2014 - 3:28pm
An anonymous reader writes "Researchers at New York University have devised a new scheme called PolyPassHash for storing password hash data so that passwords cannot be individually cracked by an attacker. Instead of a password hash being stored directly in the database, the information is used to encode a share in a Shamir Secret Store (technical details PDF). This means that a password cannot be validated without recovering a threshold of shares, thus an attacker must crack groups of passwords together. The solution is fast, easy to implement (with C and Python implementations available), requires no changes to clients, and makes a huge difference in practice. To put the security difference into perspective, three random 6 character passwords that are stored using standard salted secure hashes can be cracked by a laptop in an hour. With a PolyPassHash store, it would take every computer on the planet longer to crack these passwords than the universe is estimated to exist. With this new technique, HoneyWords, and hardware solutions all available, does an organization have any excuse if their password database is disclosed and user passwords are cracked?."

Read more of this story at Slashdot.








NYU Group Says Its Scheme Makes Cracking Individual Passwords Impossible

Thu, 03/04/2014 - 3:28pm
An anonymous reader writes "Researchers at New York University have devised a new scheme called PolyPassHash for storing password hash data so that passwords cannot be individually cracked by an attacker. Instead of a password hash being stored directly in the database, the information is used to encode a share in a Shamir Secret Store (technical details PDF). This means that a password cannot be validated without recovering a threshold of shares, thus an attacker must crack groups of passwords together. The solution is fast, easy to implement (with C and Python implementations available), requires no changes to clients, and makes a huge difference in practice. To put the security difference into perspective, three random 6 character passwords that are stored using standard salted secure hashes can be cracked by a laptop in an hour. With a PolyPassHash store, it would take every computer on the planet longer to crack these passwords than the universe is estimated to exist. With this new technique, HoneyWords, and hardware solutions all available, does an organization have any excuse if their password database is disclosed and user passwords are cracked?."

Read more of this story at Slashdot.








NYU Group Says Its Scheme Makes Cracking Individual Passwords Impossible

Thu, 03/04/2014 - 3:28pm
An anonymous reader writes "Researchers at New York University have devised a new scheme called PolyPassHash for storing password hash data so that passwords cannot be individually cracked by an attacker. Instead of a password hash being stored directly in the database, the information is used to encode a share in a Shamir Secret Store (technical details PDF). This means that a password cannot be validated without recovering a threshold of shares, thus an attacker must crack groups of passwords together. The solution is fast, easy to implement (with C and Python implementations available), requires no changes to clients, and makes a huge difference in practice. To put the security difference into perspective, three random 6 character passwords that are stored using standard salted secure hashes can be cracked by a laptop in an hour. With a PolyPassHash store, it would take every computer on the planet longer to crack these passwords than the universe is estimated to exist. With this new technique, HoneyWords, and hardware solutions all available, does an organization have any excuse if their password database is disclosed and user passwords are cracked?."

Read more of this story at Slashdot.








NYU Group Says Its Scheme Makes Cracking Individual Passwords Impossible

Thu, 03/04/2014 - 3:28pm
An anonymous reader writes "Researchers at New York University have devised a new scheme called PolyPassHash for storing password hash data so that passwords cannot be individually cracked by an attacker. Instead of a password hash being stored directly in the database, the information is used to encode a share in a Shamir Secret Store (technical details PDF). This means that a password cannot be validated without recovering a threshold of shares, thus an attacker must crack groups of passwords together. The solution is fast, easy to implement (with C and Python implementations available), requires no changes to clients, and makes a huge difference in practice. To put the security difference into perspective, three random 6 character passwords that are stored using standard salted secure hashes can be cracked by a laptop in an hour. With a PolyPassHash store, it would take every computer on the planet longer to crack these passwords than the universe is estimated to exist. With this new technique, HoneyWords, and hardware solutions all available, does an organization have any excuse if their password database is disclosed and user passwords are cracked?."

Read more of this story at Slashdot.








NYU Group Says Its Scheme Makes Cracking Individual Passwords Impossible

Thu, 03/04/2014 - 3:28pm
An anonymous reader writes "Researchers at New York University have devised a new scheme called PolyPassHash for storing password hash data so that passwords cannot be individually cracked by an attacker. Instead of a password hash being stored directly in the database, the information is used to encode a share in a Shamir Secret Store (technical details PDF). This means that a password cannot be validated without recovering a threshold of shares, thus an attacker must crack groups of passwords together. The solution is fast, easy to implement (with C and Python implementations available), requires no changes to clients, and makes a huge difference in practice. To put the security difference into perspective, three random 6 character passwords that are stored using standard salted secure hashes can be cracked by a laptop in an hour. With a PolyPassHash store, it would take every computer on the planet longer to crack these passwords than the universe is estimated to exist. With this new technique, HoneyWords, and hardware solutions all available, does an organization have any excuse if their password database is disclosed and user passwords are cracked?."

Read more of this story at Slashdot.








NYU Group Says Its Scheme Makes Cracking Individual Passwords Impossible

Thu, 03/04/2014 - 3:28pm
An anonymous reader writes "Researchers at New York University have devised a new scheme called PolyPassHash for storing password hash data so that passwords cannot be individually cracked by an attacker. Instead of a password hash being stored directly in the database, the information is used to encode a share in a Shamir Secret Store (technical details PDF). This means that a password cannot be validated without recovering a threshold of shares, thus an attacker must crack groups of passwords together. The solution is fast, easy to implement (with C and Python implementations available), requires no changes to clients, and makes a huge difference in practice. To put the security difference into perspective, three random 6 character passwords that are stored using standard salted secure hashes can be cracked by a laptop in an hour. With a PolyPassHash store, it would take every computer on the planet longer to crack these passwords than the universe is estimated to exist. With this new technique, HoneyWords, and hardware solutions all available, does an organization have any excuse if their password database is disclosed and user passwords are cracked?."

Read more of this story at Slashdot.








NYU Group Says Its Scheme Makes Cracking Individual Passwords Impossible

Thu, 03/04/2014 - 3:28pm
An anonymous reader writes "Researchers at New York University have devised a new scheme called PolyPassHash for storing password hash data so that passwords cannot be individually cracked by an attacker. Instead of a password hash being stored directly in the database, the information is used to encode a share in a Shamir Secret Store (technical details PDF). This means that a password cannot be validated without recovering a threshold of shares, thus an attacker must crack groups of passwords together. The solution is fast, easy to implement (with C and Python implementations available), requires no changes to clients, and makes a huge difference in practice. To put the security difference into perspective, three random 6 character passwords that are stored using standard salted secure hashes can be cracked by a laptop in an hour. With a PolyPassHash store, it would take every computer on the planet longer to crack these passwords than the universe is estimated to exist. With this new technique, HoneyWords, and hardware solutions all available, does an organization have any excuse if their password database is disclosed and user passwords are cracked?."

Read more of this story at Slashdot.








60 Minutes Dubbed Engines Noise Over Tesla Model S

Thu, 03/04/2014 - 2:47pm
cartechboy (2660665) writes "Did you watch the Tesla 60 Minutes segment the other night? If you did, you might have ended up on the floor rolling around laughing like I did. Since when does the Tesla Model S electric car make audible engine noises? Or downshift? Turns out, 60 Minutes dubbed engine noises and a downshift over the Model S running footage. The show claims it was an editing error. Call it what you want, it was absolutely hilarious. A little note to TV producers assigned to cover Tesla Motors in the future: Electric cars don't upshift or downshift." At least they didn't fraudulently blow it up!

Read more of this story at Slashdot.








New MU-MIMO Standard Could Allow For Gigabit WiFi Throughput

Thu, 03/04/2014 - 2:07pm
MojoKid (1002251) writes "Today, Qualcomm is announcing full support for a new wireless transmission method that could significantly boost performance on crowded networks. The new standard, MU-MIMO (Multiple User — Multiple Input and Multiple Output) has a clunky name — but could make a significant difference to home network speeds and make gigabit WiFi a practical reality. MU-MIMO is part of the 802.11ac Release 2 standard, so this isn't just a custom, Qualcomm-only feature. In SU-MIMO mode, a wireless router creates time slices for every device it detects on the network. Every active device on the network slows down the total system bandwidth — the router has to pay attention to every device, and it can only pay attention to one phone, tablet, or laptop at a time. The difference between single-user and multi-user configurations is that where SU can only serve one client at a time and can therefore only allocate a fraction of total bandwidth to any given device, MU can create groups of devices and communicate with all three simultaneously."

Read more of this story at Slashdot.








New MU-MIMO Standard Could Allow For Gigabit WiFi Throughput

Thu, 03/04/2014 - 2:07pm
MojoKid (1002251) writes "Today, Qualcomm is announcing full support for a new wireless transmission method that could significantly boost performance on crowded networks. The new standard, MU-MIMO (Multiple User — Multiple Input and Multiple Output) has a clunky name — but could make a significant difference to home network speeds and make gigabit WiFi a practical reality. MU-MIMO is part of the 802.11ac Release 2 standard, so this isn't just a custom, Qualcomm-only feature. In SU-MIMO mode, a wireless router creates time slices for every device it detects on the network. Every active device on the network slows down the total system bandwidth — the router has to pay attention to every device, and it can only pay attention to one phone, tablet, or laptop at a time. The difference between single-user and multi-user configurations is that where SU can only serve one client at a time and can therefore only allocate a fraction of total bandwidth to any given device, MU can create groups of devices and communicate with all three simultaneously."

Read more of this story at Slashdot.








New MU-MIMO Standard Could Allow For Gigabit WiFi Throughput

Thu, 03/04/2014 - 2:07pm
MojoKid (1002251) writes "Today, Qualcomm is announcing full support for a new wireless transmission method that could significantly boost performance on crowded networks. The new standard, MU-MIMO (Multiple User — Multiple Input and Multiple Output) has a clunky name — but could make a significant difference to home network speeds and make gigabit WiFi a practical reality. MU-MIMO is part of the 802.11ac Release 2 standard, so this isn't just a custom, Qualcomm-only feature. In SU-MIMO mode, a wireless router creates time slices for every device it detects on the network. Every active device on the network slows down the total system bandwidth — the router has to pay attention to every device, and it can only pay attention to one phone, tablet, or laptop at a time. The difference between single-user and multi-user configurations is that where SU can only serve one client at a time and can therefore only allocate a fraction of total bandwidth to any given device, MU can create groups of devices and communicate with all three simultaneously."

Read more of this story at Slashdot.








New MU-MIMO Standard Could Allow For Gigabit WiFi Throughput

Thu, 03/04/2014 - 2:07pm
MojoKid (1002251) writes "Today, Qualcomm is announcing full support for a new wireless transmission method that could significantly boost performance on crowded networks. The new standard, MU-MIMO (Multiple User — Multiple Input and Multiple Output) has a clunky name — but could make a significant difference to home network speeds and make gigabit WiFi a practical reality. MU-MIMO is part of the 802.11ac Release 2 standard, so this isn't just a custom, Qualcomm-only feature. In SU-MIMO mode, a wireless router creates time slices for every device it detects on the network. Every active device on the network slows down the total system bandwidth — the router has to pay attention to every device, and it can only pay attention to one phone, tablet, or laptop at a time. The difference between single-user and multi-user configurations is that where SU can only serve one client at a time and can therefore only allocate a fraction of total bandwidth to any given device, MU can create groups of devices and communicate with all three simultaneously."

Read more of this story at Slashdot.








New MU-MIMO Standard Could Allow For Gigabit WiFi Throughput

Thu, 03/04/2014 - 2:07pm
MojoKid (1002251) writes "Today, Qualcomm is announcing full support for a new wireless transmission method that could significantly boost performance on crowded networks. The new standard, MU-MIMO (Multiple User — Multiple Input and Multiple Output) has a clunky name — but could make a significant difference to home network speeds and make gigabit WiFi a practical reality. MU-MIMO is part of the 802.11ac Release 2 standard, so this isn't just a custom, Qualcomm-only feature. In SU-MIMO mode, a wireless router creates time slices for every device it detects on the network. Every active device on the network slows down the total system bandwidth — the router has to pay attention to every device, and it can only pay attention to one phone, tablet, or laptop at a time. The difference between single-user and multi-user configurations is that where SU can only serve one client at a time and can therefore only allocate a fraction of total bandwidth to any given device, MU can create groups of devices and communicate with all three simultaneously."

Read more of this story at Slashdot.








New MU-MIMO Standard Could Allow For Gigabit WiFi Throughput

Thu, 03/04/2014 - 2:07pm
MojoKid (1002251) writes "Today, Qualcomm is announcing full support for a new wireless transmission method that could significantly boost performance on crowded networks. The new standard, MU-MIMO (Multiple User — Multiple Input and Multiple Output) has a clunky name — but could make a significant difference to home network speeds and make gigabit WiFi a practical reality. MU-MIMO is part of the 802.11ac Release 2 standard, so this isn't just a custom, Qualcomm-only feature. In SU-MIMO mode, a wireless router creates time slices for every device it detects on the network. Every active device on the network slows down the total system bandwidth — the router has to pay attention to every device, and it can only pay attention to one phone, tablet, or laptop at a time. The difference between single-user and multi-user configurations is that where SU can only serve one client at a time and can therefore only allocate a fraction of total bandwidth to any given device, MU can create groups of devices and communicate with all three simultaneously."

Read more of this story at Slashdot.








New MU-MIMO Standard Could Allow For Gigabit WiFi Throughput

Thu, 03/04/2014 - 2:07pm
MojoKid (1002251) writes "Today, Qualcomm is announcing full support for a new wireless transmission method that could significantly boost performance on crowded networks. The new standard, MU-MIMO (Multiple User — Multiple Input and Multiple Output) has a clunky name — but could make a significant difference to home network speeds and make gigabit WiFi a practical reality. MU-MIMO is part of the 802.11ac Release 2 standard, so this isn't just a custom, Qualcomm-only feature. In SU-MIMO mode, a wireless router creates time slices for every device it detects on the network. Every active device on the network slows down the total system bandwidth — the router has to pay attention to every device, and it can only pay attention to one phone, tablet, or laptop at a time. The difference between single-user and multi-user configurations is that where SU can only serve one client at a time and can therefore only allocate a fraction of total bandwidth to any given device, MU can create groups of devices and communicate with all three simultaneously."

Read more of this story at Slashdot.