EEJournal

industry news
Subscribe Now
September 11, 2019

Tide Foundation’s Splintering Mechanism Makes Passwords 14 Million Percent Harder to Hack in the Face of Continued Data Breaches

Online test of “splintered” password proves resilient over three months and 6.5 million attempts; first step in development of a new personal data economy

Sydney, Australia, September 5, 2019 – In the wake of daily data breaches where hundreds of millions of individuals’ sensitive data has been stolen by hackers, a non-profit community-driven organization is on a mission to provide the world with an unprecedented level of protection against personal data loss. Tide.org has developed a new encryption scheme called “splintering” that makes username/password authentication 14 million percent more difficult to hack. 

In May 2019, Tide.org invited hackers to break a single username/password in the ongoing Tide H4X campaign, with a Bitcoin up for grabs – to elicit scrutiny from the community. Even with hints and help from the Tide team, after 6.5 million attempts no hacker has managed to break through. 

Splintering is one of several ground-breaking open-source technologies from Tide.org designed to form the backbone of a new, secure “personal data economy” with the aim of securing the privacy of data for businesses, consumers and data seekers (marketing or research firms). Comprised of a team of engineers and entrepreneurs, Tide is developing an overarching technology infrastructure that aims to give control of personal data back to the consumer and create a broad opportunity beyond simply making passwords millions of times more difficult to crack. Called the Tide Protocol, the entire open-source software solution will be distributed free.

Splintering Authentication Mechanism

According to research done by the Yuan Pay Group, data breaches like those suffered by Capital One, Equifax and Marriott cost companies in many ways, including large fines, legal problems and PR crises, not to mention loss of customer trust. With the new Tide splintering mechanism for data encryption, companies can deliver exponentially higher levels of security for customers’ passwords. The approach enables username/password authentication that is closer to the security level of a bitcoin private key, but with the familiar username/password experience. For businesses, the authentication is seamlessly integrated with any website user interface. 

The encrypted passwords within the authentication system are splintered — essentially broken up into tiny pieces and stored using a decentralized scheme. This technique makes it tremendously more difficult to reconstruct one complete password, let alone all the passwords, using either reverse engineering or common brute force attack methods.

Tide engineers tested the technique in a focused research project by using 60 million LinkedIn credentials that had been exposed in a previous attack. The team found that splintering dropped the odds of a “dictionary attack” breach — the most common kind of attack — from 100 percent to 0.00072 percent (an improvement of 14,064,094 percent when the splintering mechanism was deployed). 

“Even though the database of exposed LinkedIn usernames/passwords that Tide used in the study of splintering had been hashed and salted, all 60 million passwords were cracked when they hit the black market,” said Professor Willy Susilo, a cryptology expert and advisor to the company. “In contrast, Tide’s algorithm is very powerful and is significantly less vulnerable. We expect it to improve personal data security by orders of magnitude.”

The Tide Protocol

Splintering is the element of the overarching Tide Protocol that enables a ubiquitous authentication mechanism (i.e. username / password). Beyond splintering, Tide has developed a stack of additional ground-breaking technology to form the backbone of a new “personal data economy.” 

“The Tide Protocol is intended to be a global standard to power a sustainable personal data ecosystem. It will help organizations maintain privacy compliance, mitigate risks posed from data breaches and improve their trust with consumers to do better business. It enables data seekers to access permissioned, highly-relevant and motivated audiences. Most importantly, it puts consumers in control of their data, who has access to it and why, and–if they agree to trade it–share in its monetization,” Dominique Valladolid, Co-founder, Tide.org, said. “We believe personal data is everyone’s business and that we can ultimately make privacy profitable.”

About Tide Foundation

Tide is a not-for-profit, community-driven foundation creating a new global personal data economy. Its open source framework operates on a decentralized distributed network. As part of the backbone for this personal data economy, Tide has created a suite of technology designed to protect sensitive consumer data. With a goal of developing a significant shift in the power and ownership of personal data, Tide’s advisory board and board of directors is made up of leaders from global media companies, the banking industry, the political sphere and world-renowned scholars in cryptography, along with a founding team of experienced entrepreneurs. For more, visit tide.org.

Leave a Reply

featured blogs
Don't Let Cavitation Sink Your Boat's Performance!
Nov 29, 2023
Cavitation poses a formidable challenge to modern boat design, especially for high-speed sailing vessels participating in events like America's Cup , Vendee Globe , and Route du Rhum . Hydrofoils, in particular, are susceptible to cavitation, which can cause surface dama...
More from Cadence...
Meet Synopsys.ai Copilot, Industry's First GenAI Capability for Chip Design
Nov 27, 2023
See how we're harnessing generative AI throughout our suite of EDA tools with Synopsys.AI Copilot, the world's first GenAI capability for chip design.The post Meet Synopsys.ai Copilot, Industry's First GenAI Capability for Chip Design appeared first on Chip Design....
More from Synopsys...
A Haunting World Underwater
Nov 6, 2023
Suffice it to say that everyone and everything in these images was shot in-camera underwater, and that the results truly are haunting....
More from Max's Cool Beans...

featured video

TDK CLT32 power inductors for ADAS and AD power management

Sponsored by TDK

Review the top 3 FAQs (Frequently Asked Questions) regarding TDK’s CLT32 power inductors. Learn why these tiny power inductors address the most demanding reliability challenges of ADAS and AD power management.

Click here for more information

featured paper

3D-IC Design Challenges and Requirements

Sponsored by Cadence Design Systems

While there is great interest in 3D-IC technology, it is still in its early phases. Standard definitions are lacking, the supply chain ecosystem is in flux, and design, analysis, verification, and test challenges need to be resolved. Read this paper to learn about design challenges, ecosystem requirements, and needed solutions. While various types of multi-die packages have been available for many years, this paper focuses on 3D integration and packaging of multiple stacked dies.

Click to read more

featured chalk talk

Achieving Reliable Wireless IoT
Sponsored by Mouser Electronics and CEL
Wireless connectivity is one of the most important aspects of any IoT design. In this episode of Chalk Talk, Amelia Dalton and Brandon Oakes from CEL discuss the best practices for achieving reliable wireless connectivity for IoT. They examine the challenges of IoT wireless connectivity, the factors engineers should keep in mind when choosing a wireless solution, and how you can utilize CEL wireless connectivity technologies in your next design.
Click here for more information about CEL CMP9010 Wi-Fi® Modules
Nov 28, 2023
261 views