IACR News item: 07 August 2015
Rahul Chatterjee, Joseph Bonneau, Ari Juels, Thomas Ristenpart
ePrint ReportOur contributions are as follows. We present an attack and supporting analysis showing that a previous design for cracking-resistant vaults--the only one of which we are aware--actually degrades security relative to conventional password-based approaches. We then introduce a new type of secure encoding scheme that we call a natural language encoder (NLE). An NLE permits the construction of vaults which, when
decrypted with the wrong master password, produce plausible-looking decoy passwords. We show how to build NLEs using existing tools from natural language processing, such as n-gram models and probabilistic context-free grammars, and evaluate their ability to generate plausible decoys. Finally, we present, implement, and evaluate a full, NLE-based cracking-resistant vault system called NoCrack.
Additional news items may be found on the IACR news page.