A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Protecting Passwords with Oblivious Cryptography - Adam Everspaugh Cyphercon 2.0 (Hacking Illustrated Series InfoSec Tutorial Videos)

Protecting Passwords with Oblivious Cryptography
Adam Everspaugh
Encipher
Cyphercon 2.0

Current schemes to protect user passwords like bcrypt, scrypt, and iterative hashing are insufficient to resist attacks when password digests are stolen. We present a modern cloud service, called Pythia, which protects passwords using a cryptographically keyed pseudorandom function (PRF). Unlike existing schemes like HMAC, Pythia permits key updates as a response to compromises. Key updates nullify stolen password digests, enable digests to be updated to the new key, and don?t require users to change their passwords. The keystone of Pythia is a new cryptographic construction called a partially-oblivious PRF that provides these new features.

Adam Everspaugh is a PhD student at the Univ of Wisconsin researching cryptography and computer security applications for cloud computing. His research focuses on usable and sophisticated computer security designs. Adam graduates in 2017 and is currently seeking a role as a security and software engineer at a forward-looking technology company.

Back to Cyphercon 2.0 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast