Comments:"Honeywords Project : HomePage"
URL:http://people.csail.mit.edu/rivest/honeywords/
The ``Honeywords Project'' is based on the paper
``Honeywords: Making Password-Cracking Detectable,''
by Ari Juels and Ronald L. Rivest
(version 2.0, 5/2/13).
Summary: We suggest a simple method for improving the security of hashed passwords: the maintenance of additional honeywords (false passwords) associated with each user's account. An adversary who steals a file of hashed passwords and inverts the hash function cannot tell if he has found the password or a honeyword. The attempted use of a honeyword for login sets off an alarm. An auxiliary server (the honeychecker) can distinguish the user password from honeywords for the login routine, and will set off an alarm if a honeyword is submitted.
The paper:
Other materials:Contacts:- Ari Juels
Chief Scientist, RSA
ajuels@rsa.com - Ronald L. Rivest
Professor, EECS, MIT
rivest@mit.edu