Security by Obesity
July 18, 2017
WHY SECURITY BY OBESITY?
With typical password hashing, each user has his or her own salted hash that can be individually stolen and attacked. The amount of data that mustbe stolen is miniscule, and high-value users can be targeted by stealing just a few bytes.
THE SECURITY BY OBESITY METHOD: With BlindHashing, because such a massive amount of data must be stolen before any passwords can be cracked, it becomes much easier todefend against such attacks. A single pseudo-random read into the data pool means that, if an attacker can steal 10% of the overall data pool, thenonly 10% of guesses can even be tested offline, while 90% of guesses would fail to complete calculating the hash because the required data wouldnot be found.
BlindHashing uses a hash function to expand each individual read request into multiple independent pseudo-random reads, perform all the readsconcurrently, and then combine the individual reads together using another hash so that the entire set of reads must succeed in order to get theresult.
The effect is that any missing data is exponentially more likely to stop an offline attack. For example, imagine an attacker was able to steal“only” 8TB out of a 16TB data pool (50% of the total pool). By expanding each BlindHash request into 64 independent data pool reads, now theattacker would only be able to complete the calculation with a probability of (.5)^64, or 5.42 x 10–20. Trying to calculate a hash with half of the datapool is like flipping a coin 64 times and needing to get heads every time. Even if an attacker could steal 80% of the data pool, with 64 lookups theywould still only be able to check less than 1 in a million guesses.