Identity governance

The problem with passwords

The conventional way to authenticate users by means of a password is to salt and hash the user-provided password attempt and compare it against a corresponding hash value stored in a database.

The idea behind storing the user’s password not in clear text but rather as a hash value obtained via a one-way hash function (for example, SHA-256) is to prevent adversaries from learning the clear text password in case they manage to steal the password database.

However, the problem is that the hash function can be reversed relatively easily by what are known as offline attacks if the underlying password is chosen by a human.

According to the National Institute of Standards and Technology (NIST), a human-generated password with 16 characters has around 30 bits of entropy, which translates to about 1 billion possibilities.

Modern password-cracking devices built from commodity hardware can test hundreds of billions of possibilities per second, which means they can crack the hash of the 16-character password in less than one second.

How many characters does your password have?

An attacker obtaining a user’s password in clear text is a serious security issue, also because users often reuse the same username and password for different online services.

This means that if an attacker succeeds in compromising one service, the other services where the user reused the credentials are also at risk.

Security through collaboration

With our distributed password verification protocol, the password hash is still stored centrally in a service provider’s database.

However, in order to compute the hash of a user-provided password attempt during login, the service provider needs to be assisted by one or more backend servers. Each backend server holds a secret key that is a crucial input to the hash function.

Consequently, a compromised password hash database no longer allows offline attacks because the attacker would also need to compromise all the backend servers to obtain their keys.

Clearly, it is much more difficult for an attacker to compromise multiple servers simultaneously rather than a single server, especially if the servers have different operating systems, are hosted in different data centers, and are managed by different system administrators.

Quick recovery from breaches

If a breach of one of the involved servers is detected or suspected, one can perform a clever key refresh, which replaces the server keys with new ones, and the system returns to a secure state without the passwords having been at risk.

Such refreshes are so efficient that they can be performed proactively at regular time intervals to limit the time window that an attacker has to compromise all involved servers simultaneously.

Another advantage is that the system administrators benefit from being honest about server breaches because they can recover from it via a simple key refresh.