Skip to content

opensistemas-hub/thesibyl

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

87 Commits
doc
doc
 
 
src
src
 
 
LICENCE
LICENCE
 
 
README.md
README.md
 
 

Repository files navigation

#The Sibyl

Secure storage of the shadow file and, in general, of any database of secret authentication tokens (think of passwords of users of a Web-based service) is one of the main security concerns of a Systems Administrator.

With the advent of rainbow tables and cheap fast hardware, this problem has become especially relevant: today, dictionary attacks take negligible time (and the fact is that users will end up using passwords as simple as possible).

We present a different approach for storing shadow files: using a separate server for checking the correctness of the password introduced by the user, taking advantage of symmetric key encryption.

In summary: instead of keeping the hash (as crypt(3) does, or SHA1) of the password in the shadow file, store an OAEP RSA-cyphertext of the password (using a public encryption key) and, each time the user tries to log in, ask someone (the owner of the private key) if the OAEP-encryption of the password issued by the logging user matches the stored cyphertext. That is: use an oracle to ask if the user has entered the correct password or not. This oracle is the Sibyl.

See the website for more up-to-date documentation.

About

Another layer of security for authentication

thesibyl.net

Resources

Readme

License

View license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C 47.8%
  • Perl 44.7%
  • TeX 7.5%