ErsatzPassword
ErsatzPassword
Because data breaches are a recurring problem, ErsatzPassword could become a standard tool in business organisations. This tool will not prevent data breaches per se, but in case a data breach occurs, hackers will not be able to crack any real and usable passwords, it only will be fake ones. The technical details are in the research report. It is available here :
https://github.com/cngutierr/ErsatzPassword
I guess one of the early users will be banks because of the extra layer of security.
https://github.com/cngutierr/ErsatzPassword
I guess one of the early users will be banks because of the extra layer of security.
- L18L
- Posts: 3479
- Joined: Sat 19 Jun 2010, 18:56
- Location: www.eussenheim.de/
cleaver revieled
It is not a well written site and given that, would you trust the software??
I certain would not.
Mind you, I don't trust ANY software that "adjusts" passwords; the whole point of which is to keep them secret not "trust" to some third party.
It is not a well written site and given that, would you trust the software??
I certain would not.
Mind you, I don't trust ANY software that "adjusts" passwords; the whole point of which is to keep them secret not "trust" to some third party.
Last edited by Burn_IT on Sat 23 May 2015, 15:48, edited 1 time in total.
[quote]ErsatzPassword is a PAM_UNIX module that utlizes (utilizes?) the Yubikey HSM to generate cryptographic password hashes in a cleaver (probably meant clever) way. If an attacker steals the hashed password file (e.g., etc/shadow, /etc/master.passwd) and attempts to crack the password via a dictionary bruteforce attack, the ersatz “fake
-
- Posts: 1885
- Joined: Tue 05 Jun 2012, 12:17
- Location: Wisconsin USA
- L18L
- Posts: 3479
- Joined: Sat 19 Jun 2010, 18:56
- Location: www.eussenheim.de/