RSA unveils product to divide passwords across two servers

This better not be 'password1' or you could be in trouble.

You need only look at a technology website to see a recurring theme; concern with cybersecurity. The bottom line is that brute forcing a password is the easiest way into someone's personal content. In terms of hacking, brute forcing a password is the equivalent of kicking a door in. It's not subtle but it's effective enough to keep people at it; the Daily Mail's list of most used passwords shows everything you need to know.

The RSA has the solution - a product which splits passwords in two, and then stores them across two computer servers. They argue that, in the case of a successful attack, hackers would get only half a password. That'll help unless the first half is 'pass', but some people are suggesting the idea isn't all that successful.

Distributed Credential Protection, or DCP as they call it, allows the user to rerandomize the division of their passwords if they suspect a breach. Unless a hacker can hit both servers before someone rerandomizes their details the chances of getting a password are slim. Even then we'd hope the passwords are encrypted.

You may remember a rather embarrassing interest from the RSA's recent history, where Lockheed Martin was attacked in 2011, and information was accessed. A group as significant as the RSA rightfully would not want a repeat of the incident, so something like this could be the perfect answer to what is certainly a growing threat online.

Source: BBC
Password Image via Shutterstock
 

Report a problem with article
Previous Story

Daily Weird But Fun Windows 8 App: Minecraft Basics

Next Story

BlackBerry 10 app submissions now being taken

5 Comments

Commenting is disabled on this article.

"The bottom line is that brute forcing a password is the easiest way into someone's personal content."
Um, no its not. It might take the least amount of SKILL, but exploiting known (unpatched) vulnerabilities is easier. Especially if someone else has already created a tool to exploit the vulnerability.


"In terms of hacking, brute forcing a password is the equivalent of kicking a door in."
Again, no its not. Its like trying every possible combination of key possibilities. It takes time, and you have to hope that the person behind the door cannot hear you unsuccessfully trying all the combinations.

The author of this article is a moron.

I don't think brute forcing a password is comparable to kicking a door in. It would be more comparable to trying a vast amount of keys starting with the more "common" ones or "skeleton keys" that many people are too cheap/lazy/stupid to stop using.

This won't stop anything because the there will always be one point where the two halves are together, thus now being the new target to approach. Distributing the credentials merely adds more processing and potentially more hosts/infrastructure that could be vulnerable.