Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Protecting Passwords with Oblivious Cryptography

via YouTube

Overview

Explore password protection techniques using oblivious cryptography in this conference talk from CypherCon 2.0. Delve into the vulnerabilities of ubiquitous passwords and learn about Pseudorandom Functions (PRF) and their role in enhancing security. Examine password database compromises and Facebook's Password Onion approach. Discover the concept of Remote HMAC for distributing trust and the innovative Pythia PRF approach. Understand the PRF query process for new users and strategies for compromise recovery. Analyze why existing crypto primitives fall short and explore the construction and advantages of Partially Oblivious PRF. Learn about fast, scalable PRF services and their applications beyond web servers. Conclude with an overview of the open-source Pythia implementation, equipping you with cutting-edge knowledge to bolster password protection in various digital environments.

Syllabus

Intro
Summary Passwords: Ubiquitous, but vulnerable to offline attack
Pseudorandom Function (PRF)
Password Database Compromises
Facebook's Password Onion
Remote HMAC Distributes Trust
Our Approach: Pythia PRF
PRF Query – New User
Compromise Recovery
Existing Crypto Primitives are Insufficient
Partially Obl. PRF Construction
Advantages of Partially Obl. PRF
Fast, Scalable PRF Service
Beyond Web Servers
Conclusion
Pythia Open Source Implementation

Reviews

Start your review of Protecting Passwords with Oblivious Cryptography

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.