How to hoax a hacker: The 'honeypot passwords' that could keep your online account safe

The dam of silence on Meghan's 'bullying' at the Palace has finally broken. This trickle will soon become a stream, writes TOM BOWER
PICTURED: Ex-wife shot dead by 'rapist' cop, 39, who then murdered his girlfriend, 17, before going on the run with one-year-old baby
Terrifying moment man 'kidnaps' petrified woman banging on a stranger’s door begging for help before driving off with her
Bella Hadid is fact-checked by Instagram for posting pictures of Syrian war kids while sharing support for Palestine: 'Gaza on my mind'
The mind does not comprehend! Foreigners share things about the American lifestyle that leave them absolutely baffled
With love from Louis! Kate gets back behind the camera to take a beaming portrait of her little Prince to celebrate his sixth birthday - and thanks fans for 'all the kind wishes'
The Griselda of the handbag world! Single mom designer who took on Prada and Gucci is jailed after using FORTY mules per flight to smuggle her famous $10,000 croc handbags into Miami
Parents demand refunds: Outrage as Columbia president cancels all in-person classes until the end of the semester after losing grip of anti-Israel mob
The Apple iPhone traffic feature hardly anyone knows about - but could save your life
Wheels down... and off! Terrifying moment landing gear collapses on Boeing 737 - one month after same incident on United flight
Donald Trump trial LIVE: Ex-president faces jail today for contempt if judge finds he violated gag order by repeatedly abusing court staff online
Woman, 32, sparks frenzied celebrity guessing game after sharing 'awful' experience dating an 'HBO star' - who 'wanted her to be mean to him' and asked her to 'demand his money'
Bill Barr says he'll vote TRUMP! Ex-President's AG - who famously said he'd jump off a bridge if Donald got the nominee - now says Biden is a greater threat
Jerry Seinfeld gives damning assessment on Hollywood and says 'confusion' and 'disorientation' has engulfed the movie business
Scottie Scheffler's Texas home: Golf's No. 1 lives in $2m, five bedroom Dallas mansion with wife Meredith - where they will welcome their first child after the star's stunning Masters and RBC Heritage triumphs
Former school cop Elias Huizar 'shoots dead' teacher ex-wife at Washington elementary and 'murders' girlfriend at his home - on day he was due in court for impregnating 15-year-old and 'raping' her friend, 16
Mistrial declared in case of Arizona rancher accused of murdering migrant on his land - as his lawyer reveals how many jurors thought he was innocent
Tragedy as boy, 10, finds family of five - including two children – dead inside home in suspected murder-suicide as cops say they ‘all died violently’
NYC author calculates exactly how much white privilege and racism has benefited her financially - and the amount will surprise you
Our freeloading friends always wriggle out of paying their fair share of our joint vacation. Should we confront them? Money psychotherapist VICKY REYNAL replies
Inside Kate's sweet annual midnight tradition for Prince Louis' birthday - as royal fans are disappointed by no new photo to mark him turning 6
Ilhan Omar claims anti-Israel student mob are 'peacefully protesting' after her daughter was arrested and doubles down on calling Gaza war 'genocide'
Anti-Israel protesters armed with flares march toward NYPD headquarters after riot cops stormed NYU to shutdown 'Gaza Solidarity' camp arresting more than 150
Anti-Israel campus chaos spreads to California: Riot cops are called in after pro-Palestine protestors STORM college

Researchers say fake passwords are key to new system
Claim 'decoys and deception are underexploited' in the fight against cybercrime

By Mark Prigg

Published: 18:23 EDT, 30 January 2014 | Updated: 04:35 EDT, 31 January 2014

e-mail

328

View
comments

Researchers have unveiled a radical new way to secure passwords - and say fooling hackers is key.

The new honey encryption system relies on tricking cybercriminals.

It gives hackers fake data in response to incorrect password guesses, fooling the hacker repeatedly.

The new technique is designed to fool hackers by bombarding them with false information.

HOW HONEY ENCRYPTION WORKS

The new system gives encrypted data an additional layer of protection by serving up fake data in response to every incorrect guess of the password or encryption key.

If the attacker does eventually guess correctly, the real data should be lost amongst the crowd of spoof data, the researchers say.

Researchers say it is the first of a new breed of encyrption tools designed to trick hackers.

'Decoys and deception are really underexploited tools in fundamental computer security,' Ari Juels, an independent researcher who was previously chief scientist at computer security company RSA, told MIT Technology Review.

Together with Thomas Ristenpart of the University of Wisconsin, he has developed a new encryption system with a trick up its sleeve.

It gives encrypted data an additional layer of protection by serving up fake data in response to every incorrect guess of the password or encryption key.

If the attacker does eventually guess correctly, the real data should be lost amongst the crowd of spoof data, the researchers say.

'Honeywords are a defense against stolen password files,' they wrote.

'Specifically, they are bogus passwords placed in the password file of an authentication server to deceive attackers.

'Honeywords resemble ordinary, user-selected passwords. It’s hard therefore for an attacker that steals a honeyword-laced password file to distinguish between honeywords and true user passwords.

The new approach could be valuable given how frequently large encrypted password files appear to fall into the hands of criminals.

Almost 150 million usernames and passwords were taken from Adobe servers in October 2013, for example, and Target was among those worst hit by a more recent breach.

Currently hackers use software to guess thousands of passwords.

Current systems just produce junk code when an attempt is in correct.

The new system however, simply generates a piece of fake data resembling the true data.

Honey Encryption makes it harder for an attacker to know if they have guessed a password or encryption key correctly or not.

If an attacker used software to make 10,000 attempts to decrypt a credit card number, for example, they would get back 10,000 different fake credit card numbers, the team says.

'Each decryption is going to look plausible,' said Juels.

'The attacker has no way to distinguish a priori which is correct.'