Abstract
Password file disclosure has attracted a lot of attention recently. Once password files are stolen, attackers can quickly crack large numbers of passwords. In this paper, we propose Phoney, a system which employs a threshold cryptosystem to encrypt the password hashes in the password file and honeywords to confuse attackers. With the help of Phoney, attackers cannot get any password information easily even they steal the password files. All the password hashes are encrypted by our threshold cryptosystem. Even they are able to compromise the cryptosystem, attackers cannot identify the real password easily because of the false passwords (honeywords) deliberately added for each account to confuse the adversaries. In addition, attempts of submitting a honeyword will cause alarms to be set off. Experiments show that the time and storage cost of Phoney are acceptable, but the cracking search space is increased significantly.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
