Categories: SecurityWorkspace

Brit Boffs Create Hardware Scrambler To Counter Password Leaks

A hardware-based protection against password breaches has been developed by an ex-University of Cambridge student, using Raspberry Pi hardware, claiming it will make password cracking close to impossible.

If they have stolen databases of passwords, the hacker would have to have acquired the trusted hardware component, the Scrambler, developed by the Cambridge-based crew.

The solution involves an additional encryption key in the security chain stored in a USB dongle, producing what is known as a hash-based message authentication code (HMAC). The initial trials connected the Scrambler to Raspberry Pi devices.

Overcoming password problems

It was determined the dongle could scramble 330  passwords per minute remotely, but more throughput could be created by clusters of Scrambles that share the load.

The Scrambler costs £39. There is also an option for servers running in virtualised environments.

“We have developed a system that uses a trusted hardware component to ‘scramble’ user passwords. This trusted hardware holds encryption keys that scramble passwords (using SHA1-HMAC) and one needs this hardware to do any password attack,” read a blog post from Dan Cvrcek, a former University of Cambridge student, who has set up a company selling the Scrambler, Smart Crib.

“Our way of password scrambling is to compute message authentication code with SHA1-HMAC. This is a one-way cryptographic function with a key. This key is only available inside the trusted hardware device (Scrambler).

“As long as the encryption key is kept secret, all passwords are secure, regardless of their own strength. Even if passwords were just one letter, the attacker would not be able to find out from their scrambled values.”

Cvrcek has now asked the wider security community to check the quality of the technology.

Not all onlookers are impressed by the technology, however. “I like the wordpress API idea concept… but that kind of thing is done better and before by companies like Stormpath,” said Javvad Malik, analyst at 451 Research. “Interesting concept – but nothing I’d call groundbreaking or new.”

Think you know security? Test yourself with our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

3 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

3 hours ago

Dutch PM Raises Cyber Espionage Case With China’s Xi

Beijing visit sees Dutch Prime Minister Mark Rutte discuss cyber espionage incident with Chinese President…

4 hours ago

Vodafone Germany Confirms 2,000 Job Losses, Amid European Restructuring

More downsizing at Vodafone after German operation announces 2,000 jobs will be axed, as automation…

20 hours ago

AI Poses ‘Jobs Apocalypse’, Warns Report

IPPR report warns AI could remove almost 8 million jobs in the United Kingdom, with…

21 hours ago

Europe’s Longest Hyperloop Test Track Opens

European Hyperloop Center in the Netherlands seeks to advance futuristic transport technology, despite US setbacks

22 hours ago