RSA Splits Passwords in Two to Foil Hackers' Attacks
RSA Splits Passwords in Two to Foil Hackers' Attacks
  • Korea IT Times (info@koreaittimes.com)
  • 승인 2012.10.11 20:08
  • 댓글 0
이 기사를 공유합니다

RSA says users should not notice that their log-in details are being stored in different servers

LONDON, UK – A product that scrambles and then splits users' passwords in two before storing them on different computer servers has been unveiled by RSA.

The security firm says the facility offers better protection against hackers, who would only gain access to half a "randomised" password in the case of a successful attack.

The firm said the idea had been discussed by academics for some time.

However, one expert said it would only prevent a minority of attacks.

RSA's distributed credential protection (DCP) facility was announced at the company's annual European Conference in London.

"DCP scrambles, randomises and splits sensitive credentials, passwords and Pins and the answers to life or challenge questions into two locations," said thefirm's marketing mamanger Liz Robinson.

"This is especially important in today's landscape as we've seen over 50 million passwords stolen in large data breaches in 2012 alone."

LinkedIn's leak of 6.5 million passwords, Yahoo's loss of more than 450,000 usernames and codes, and dating site eHarmony's exposure of 1.5 million passwords are among this year's highest profile cases.

In the case of LinkedIn and eHarmony, the breaches involved encrypted passwords - meaning that the hackers would have needed to decode their haul before being able to make use of it.

RSA aims to offer an extra level of protection by allowing its customers to re-randomise and re-split log-in data if they suspect a breach.

So, unless hackers manage to break into both associated servers before this step is taken, they would be unable to marry up and unscramble stolen information.

All of this would be behind the scenes, and a user logging into a site would still only have to type a single username and password into the appropriate interface.

'Smash and grab'

Prof Alan Woodward - a cybersecurity researcher who advises the UK government - said the idea had merit, but would only prevent a limited number of attacks.

"The original problem was that businesses were storing passwords in plain text," he told the BBC.

"Firms dealt with that by using encryption, but some attacks are getting very sophisticated and have found ways to crack some of the older encryption techniques.

"RSA basically prevents this, but something like 80% of successful attacks result from phishing emails. So while RSA will stop smash and grab attacks on firms' servers, the most successful kind of attack will likely remain people giving their passwords away."

RSA said DCP would be made available before the end of the year.

It is set to cost about $150,000 (£93,725) per licence. RSA said that could be less than the cost of "an expensive lawsuit", but it will put the product beyond the budget of many organisations.

RSA has itself been the victim of a hack attack. In 2011 the firm replaced millions of SecurID tokens after its own IT infrastructure was attacked. The devices offer a code that changes several times a minute, which must be used in addition to a password, offering an extra level of protection

RSA said the attack led to the loss of information about its authentication process, which was linked to a subsequent attack on one of its customers, defence firm Lockheed Martin.

Source: BBC News

http://www.bbc.com/news/technology-19896353


댓글삭제
삭제한 댓글은 다시 복구할 수 없습니다.
그래도 삭제하시겠습니까?
댓글 0
댓글쓰기
계정을 선택하시면 로그인·계정인증을 통해
댓글을 남기실 수 있습니다.

  • #1206, 36-4 Yeouido-dong, Yeongdeungpo-gu, Seoul, Korea(Postal Code 07331)
  • 서울특별시 영등포구 여의도동 36-4 (국제금융로8길 34) / 오륜빌딩 1206호
  • URL: www.koreaittimes.com / m.koreaittimes.com. Editorial Div. 02-578-0434 / 010-2442-9446. Email: info@koreaittimes.com.
  • Publisher: Monica Younsoo Chung. Chief Editorial Writer: Kim Hyoung-joong. CEO: Lee Kap-soo. Editor: Jung Yeon-jin.
  • Juvenile Protection Manager: Yeon Choul-woong. IT Times Canada: Willow St. Vancouver BC, Canada / 070-7008-0005.
  • Copyright(C) Korea IT Times, Allrights reserved.
ND소프트