RSA unveils product to divide passwords across two servers

[nsane.forums]

The RSA has unveiled a product allowing users to split their passwords across two different computer servers for additional security; hackers will need access to two different servers to attack.

This better not be 'password1' or you could be in trouble.

You need only look at a technology website to see a recurring theme; concern with cybersecurity. The bottom line is that brute forcing a password is the easiest way into someone's personal content. In terms of hacking, brute forcing a password is the equivalent of kicking a door in. It's not subtle but it's effective enough to keep people at it; the Daily Mail's list of most used passwords shows everything you need to know.

The RSA has the solution - a product which splits passwords in two, and then stores them across two computer servers. They argue that, in the case of a successful attack, hackers would get only half a password. That'll help unless the first half is 'pass', but some people are suggesting the idea isn't all that successful.

Distributed Credential Protection, or DCP as they call it, allows the user to rerandomize the division of their passwords if they suspect a breach. Unless a hacker can hit both servers before someone rerandomizes their details the chances of getting a password are slim. Even then we'd hope the passwords are encrypted.

You may remember a rather embarrassing interest from the RSA's recent history, where Lockheed Martin was attacked in 2011, and information was accessed. A group as significant as the RSA rightfully would not want a repeat of the incident, so something like this could be the perfect answer to what is certainly a growing threat online.

View: Original Article

[irefay]

"The bottom line is that brute forcing a password is the easiest way into someone's personal content."

Um, no its not. It might take the least amount of SKILL, but exploiting known (unpatched) vulnerabilities is easier. Especially if someone else has already created a tool to exploit the vulnerability.

"In terms of hacking, brute forcing a password is the equivalent of kicking a door in."

Again, no its not. Its like trying every possible combination of key possibilities. It takes time, and you have to hope that the person behind the door cannot hear you unsuccessfully trying all the combinations.

The author of this article is a moron.