Tom Simonite, sur technologyreview.com, nous présente cette nouvelle méthode de protection des mots de passe, créée par la compagnie de sécurité informatique RSA.
A new way for websites and other online services to store passwords could prevent breaches like the one that resulted in 6.5 million LinkedIn users having their passwords posted online earlier this year.
That kind of data dump happens when an attacker gains access to the server storing user passwords. Researchers at computer security company RSA have created a system that splits passwords in two and stores each half in different locations. The two halves never come together, even when a person logs in and has his password verified. That should make it harder for someone to steal them, because a thief would need to break into both those servers, which can be protected in different ways.
« Password storage is increasingly problematic because of the increasing frequency of breaches but also because the consequences of them have increased, » says Ari Juels, who heads RSA’s research labs in Cambridge, Massachusetts. Juels says losing control of one online account can provide attackers with information to help break into others, and many people simply reuse passwords on multiple accounts anyway.
Although LinkedIn and many other companies encrypt passwords—so their servers don’t contain the exact string that a user types—attackers have a range of tools that can reverse this encryption, says Juels. Even the very best practices, which LinkedIn didn’t use, can be broken.
« Our view is that it’s better for passwords and other credentials not to be stored in one place, » Juels says, making it more difficult for an attacker to get hold of everything he needs to re-create a person’s password.
RSA’s new scheme works by breaking a password into many small pieces and storing half of those pieces—selected at random—in one place, and the rest in another. RSA calls the approach distributed credential protection. « If one location is attacked, the passwords are still safe, » says Juels. « Where the magic comes in is the ability of the system to check passwords without reassembling them. »
When a person logs into a system using distributed credential protection, the password he or she provides is split into two encrypted strings of data. Each string is then sent to one of the two password servers, where it is combined with the half of the password stored on that server to create a new string. The two servers then compare these two new strings to determine whether the password is correct or not. The mathematics involved means that it is impossible to determine the password from either of these strings, or both of them combined—so the password remains unknown even if an attacker can capture the strings.
The two servers involved can be set up with different operating systems and in different locations, says Juels, so stealing passwords requires mounting two separate attacks successfully. These would have to happen in short order, too, because the system periodically refreshes which random half of the snippets of a password are stored on each server.
RSA’s new approach is a version of a technique known as threshold cryptography, which has long been explored by researchers. (…)