Tide, an Australia-based non-profit organization has come up with a technique called ‘Splintering’ that claims to make usernames and passwords 14 million percent tougher to crack than the contemporary techniques. The technique involves breaking up encrypted usernames and passwords into tiny pieces and then storing them separately in a decentralized distributed network.
The same technique is deployed by cryptographers who store small pieces of cryptographic keys in separate portions and then assemble them when the need arises.
The technology developed by Tide is officially called Delegated Automated Trustee node. It makes it nearly impossible for bad actors to crack passwords through traditionally deployed techniques like brute-force attacks and reverse engineering.
Odds Reduced To 0.00072%
To test the credibility of the technique, the researchers from Tide conducted a test on 60 million already leaked passwords of LinkedIn. It was found that Splintering reduced the odds of dictionary attack by 0.00072% evaluating to an improvement of approximately 14.1 million%.
To further bolster their claim, Tide has invited hackers to crack even a single username or password preserved by the Splintering technique. The organization is also offering a reward for the same.
So far, 6.5 million attempts have been made and not one hacker has managed to breach the technique.
Based On Blockchain Technology
According to Yuval Hertzog, co-founder of Tide, the technique is an improvised version of blockchain technology. Explaining the technique, Hertzog says that the splintered passwords are stored in nodes on Tide’s public blockchain. There can be a minimum of 20 nodes with the maximum node count extending up to 26. A splinter stored in a node can only be decrypted by that node. The number of splinters into which credentials need be broken is a customizable parameter and depends upon the requirements.
Splintering technology is not commercially available as of now as researchers are testing its feasibility when deployed for securing millions of passwords.
You can have a look at the source code and documentation of the technique on Github.
Also read: Android 10 Lets You “Uninstall” Your Screen — Wait What?