Hosting Forums
Web Hosting News
Hosting Directory
Datacentre Directory
Private Forums
Web Host Chat - The UK's host forum since 2001!
RECOMMENDED HOSTS
Colocation Rack Services
UK Web & Reseller Hosting
UK Leased Lines
VMWare Cloud Servers
Advertise here!
FORUM
HOSTING NEWS
HOSTING COMPANIES
DATA CENTRES
PRIVATE FORUMS
GREAT HOSTING
News
Hosting
Data Centres
Networking
Security
Software
Hardware
Business
Jobs
Science
Other

Cambridge University - No More Password Leaks

Those smart folks working at Security Research in the University of Cambridge Computer Labs have developed a hardware device which promises to protect you from password leaks.

That's a big promise so does it stack up?
Posted by 24/7/365.
Published 22:17, Tue 11 Mar 2014.
Viewed 123 times.
Cambridge University's Dn Cvreck informs us on his blog that their hardware device works by storing a secret key on the hardware that never leaves the device.

This key is used to further enhance the passwords stored in the database using HMAC (SHA1) against those passwords. The prototype currently works on a Raspberry PI and can be accessed via a RESTful interface.

One problem is that throughput is currently quite limited so a single dongle can only support around 10,000 users but clustering the device will improve throughput.

The theory is, so long as the private key remains secret then the database is more secure and this will be true so long as no physical access is made available to the dongle. Not an unfair requirement.

A weakness of the system is that you can use a known password to work out what the HMAC used against all the passwords are. How do you obtain a known password? Simply create yourself an account on the system.

This system isn't a panacea but it can at least add another level of inconvenience to the determined hacker.
Comments on this
  • othelloRob
    623 rating
    1 review
    Posts 11067
    Post rank 2 (1)
    SHA1 was cracked a long time ago, SHA2/256 became the minimum encryption to use about 2009 !
    Rob Golding Astutium Ltd AS#29527 Company#08183381 Phone#020 3475 2555
    Domain Name Registration - uk domains just £5.55/2 years | DNS Services | Web Hosting from £2.95 | Minecraft Servers from £2.50
    00:37, Wed 12 Mar 2014
  • Ed-Freethought
    Registered User
    SHA1 is a hashing algorithm, not an encryption algorithm.
    Freethought Internet
    Freethought Internet Limited registered in London No. 5862996. Registered office: The Old Church Hall, 2A Cromwell Street, Lincoln, LN2 5LP. VAT number GB 987 0952 66.
    00:51, Wed 12 Mar 2014
  • 24/7/365
    In this instance it's a case of how you use it rather than the length (so long as you don't have physical access).


    www.openitc.co.uk - We create, we host, we connect - Fully Managed VPS & Dedicated Hosting
    11:42, Wed 12 Mar 2014
    • Post a comment on this
    Please login in order to use this feature.
    Username:
    Password:
    Please login to view the full contents of this page.
    If you don't have an account you can;
    Register one here.
    Posted by
    Profile: OpenITC

    Don't miss:

    Five keys to choose a cloud computing provider
    There are many companies who have chosen to make the leap to the cloud. In fact, according to a Internet survey report more companies used cloud computing in order to improve their productivity. However, before addressing this new IT delivery model it is essential for companies to make an analysis of the main Cloud computing service providers of the market. First, companies should consider one thing before establishing any relationship, without trust it is impossible to establish a good working relationship. However, there are more aspects that need to be fixed before signing an agreement on cloud computing.
    Rural broadband maps criticised for lacking detail
    The government and BT are under fresh attack for the way the rollout of the UK's rural broadband is being handled.
    After nine years, the Million Dollar homepage is 22% dead
    The Million Dollar Homepage was a phenomenon in 2005, but almost a decade on, it stands as a monument to the fragility of the internet: over one-fifth of the links on the site are dead.
    GitHub Founder Suspended over Harassment Claims
    Last Friday, Julie Ann Horvath dramatically quit over allegations of harassment by leadership at GitHub over the last two years. GitHub is a developer platform that allows users to share code. The website is based on Git, the version control software created by Linux hacker and founder, Linus Torvalds. Until Friday, Julie was a developer at the company.
    Samsung Galaxy Remote Backdoor Discovered
    The developers at Replicant (an Open Source project aimed at replacing all proprietary components within Android OS) has discovered a remote back door in the Samsung Galaxy series of mobile devices and the Nexus S. The backdoor is only present in the proprietary version of Android bundled with the Samsung devices. So far, investigations reveal that the backdoor is relatively benign despite having read and write access to sensitive areas of the filesystem.
    Intel to Make Monster 800Gbps Cables
    No, not gold-plated Monster cables but monster 800Gbps cables! It looks like Intel is forging ahead with it's plans to disaggregate rack server infrastructure. Intel will be launching these new MXC cables in the later half of the year. Each cable bundles up to 64, simplex fibres to aggregate 1.6TB of bandwidth and can transmit up to 300 metres without repeaters.
    Cambridge University - No More Password Leaks
    Those smart folks working at Security Research in the University of Cambridge Computer Labs have developed a hardware device which promises to protect you from password leaks. That's a big promise so does it stack up?
    Energy windfall for data centres
    Energy harvesting has been an ideology for some time. With recent developments, we will soon see solutions being tested that will deliver significant changes in the way data centres are run
    Web.com acquires SnapNames domain names drop-catch/auction service
    Web.com acquired SnapNames on 3/March/2014, and continues partnership with NameJet domain name auction platform from Rightside (the domain name services spinoff from Demand Media)
    Raspberry Pi Foundation Offers $10K Bounty for GPU Driver Port
    With over 100,000 units sold on the first day of sales and over 2 million sold by the end of 2014, the Raspberry Pi has been an incredible success. The Raspberry Pi Foundation, set up as a charitable organisation in 2008, has a mission statement to "promote the study of computer science and related topics, especially at school level, and to put the fun back into learning computing." and despite it's success, not everyone's happy.
    Geo Network - Where Fibre Meets Your Fibre
    Getting physically connected between locations has always been expensive and time consuming due to negotiating rights of way and the actual laying of the physical cable. Chris Smedley, CEO of Geo Networks has decided to team up with Thames Water for a quicker and more efficient way of laying fibre. The London sewerage system.
    US TSA Employing Psycics to Find Passengers With Bitcoins
    Two airport security personel stopped Davi Barker at a US airport, claiming to have 'seen bitcoins' in his bag. Clearly a new form of modern day magic as bitcoins are a virtual currency !
    Dynamic kernel patching from Red Hat
    Red Hat show off their work on dynamic kernel patching which allows kernel upgrades without rebooting your system
    Microsoft now the largest Windows host
    Microsoft's Windows Azure cloud platform has helped it to surpass Amazon as the largest Windows host
    Docklands Harbour Exchange bought in 37 million deal
    A £37million deal was announced on Monday morning for the three building development near South Quay on the Isle of Dogs. It was previously owned by Land Securities Group.
    Nominet Selected to Provide Emergency Backup Registry Services
    In the (increasingly likely) event that one of the newGTLD operators goes t1tsup, transfer of the TLD to an Emergency Operator comes into force. Nominet officially selected as one of the EBERO's
    New Silk Road hit with $2.6 million heist due to known Bitcoin flaw
    "Transaction malleability," which worried Mt. Gox and Bitstamp, strikes again. Not only are Bitcoin trading sites like Bitstamp and Mt. Gox susceptible to the recent accleration of the "transaction malleability" problem, but apparently the Silk Road—or at least its newest incarnation—is too. Is this the end for Bitcoin as we know it?
    Hackers now filming their remote victims
    Cyber-thieves are increasingly grabbing video of how victims use their computer, to better steal from online bank accounts, a security firm reveals.
    Finalists announced for the first UK Cloud Awards
    The shortlist of finalists for the UK Cloud Awards 2014 have been announced, the new awards organised by the Cloud Industry Forum (CIF), Cloud Pro and techUK. There will be 15 awards across 2 categories, projects and products. In the products category, there is a wide variety of new and established businesses from startups to major international corporations. The winners will be announced at ceremony to be held at City Hall on 26th February, 2014.
    Largest Ever DDoS Cyber Attack Hits US and European Victims
    Multiple reports suggest the largest ever DDoS attack - peaking at 400Gbps - has hit targets in the US and Europe though who is behind the attack, and who the victims were remains a mystery.
    Tech Billionaires Made Up 75% Of 2013′s Most Philanthropic People Under 50
    Tech Billionaires Made Up 75% Of 2013′s Most Philanthropic People Under 50 with Zuckerberg giving away nearly $1bn.
    AMD and ARM working together for server CPUs
    AMD has worked with ARM to lower the energy requirements for data centre servers. Power usage is one of the most important aspects of servers today.
    Icelanders to enjoy virtual cash giveaway
    Following the hype and furore around the various virtual currencies being released on a seemingly daily basis, for the first time an entire nation is to be given some virtual currency.
    KNCMiner building Arctic Circle DataCentre for Bitcoin Mining
    KNC Miner (a Swedish Company) are using the 'pre-order' funds they have accumulated from over 4000 orders of a $12000 BitCoin Mining device to build a 10MW datacentre in The Node Pole region, near the Arctic Circle in Sweden.
    DDoS : Who watches the watchmen?
    Recent revelations from more leaked Snowden files show GCHQ has been using hackers own techniques against them and DDoSing their chatrooms and even using crafted BBC articles to scrape data to help identify users.
    .uk domain names to launch on June 10th
    Nominet are cashing in on the new gTLD hype with shorter .uk domains available to register from June 10th 2014
    AWS now the most popular host
    Amazon Web Services hosts more web sites from the top 100,000 domains than any other host according to data provided by Alexa
    PayPal and eBay websites hijacked
    The Syrian Electronic Army are claiming responsibility for hijacking the paypal.co.uk and ebay.co.uk web sites.
    GoDaddy security blunder
    A security blunder by domain registrar GoDaddy has cost a Twitter user their $50k one character handle thanks to some basic social engineering.
    Telehouse opens a new 1000 square meter co-location floor in London
    Telehouse who have long been a leading provider of data centre space has opened the final phased floor with 1000 sq.meters of available co-location space at Telehouse West.
    .Scot wait is over new top level domain for Scotland
    Congratulations Scotland, they have finally been awarded the dot Scot TLD, unfortunately there is no news on .haggis yet.
    Rackspace has lift off for ObjectRocket in the UK
    Rackspace has launched OBJECTROCKET in the UK and releases NoSQL Database-as-a-Service (DBaaS) in it's London data centres.
    Infinity SDC has opened a new flagship data centre
    Brand new Slough based data centre has been opened by Infinity with a respectable PUE of just 1.25. It will offer much needed new data centre space in the Thames Valley area.
    Ministry of Justice signs deal with Ark for Data Centre solution
    Ark claims to provide the most power efficient data centre solutions to lower the running costs with PUE scores as low as 1.08.
    What is a cloud? Not many end users have a clue
    While the companies supplying "cloud" services should know what they are selling, it is quite clear that most customers really don't have a clue what it means, or even if it's fluffy.
    Zapp plans to take on PayPal for Mobile payments
    The mobile payments brand Zapp is planning to squeeze in beside PayPal by investing tens of millions in to it's launch.
    Should all hosting companies accept PayPal
    As more and more people have PayPal accounts, is it important to accept PayPal as a payment method? Or are the risks and costs not worth it.
    Googles Chrome web browser could be keeping an eye on you
    An Israeli web developer says that Google's web browser could be spying on you. Google dismisses the allegation of eavesdropping threat.
    The internet is a gift from god according to the Pope
    Pope Francis clearly loves the web, and has called the internet a "gift from god". And that it is able to bring people together more easily.
    2014's web hosting company problems to keep an eye on
    2014 should see the ever growing web continue to expand at a rate yet again even faster than before. More and more companies will continue to utilise the web's advantages, and with that there will come new challenges for hosting companies.