have an account?【sign in】Zero-Knowledge Password Proof Examples:A Guide to Secure Passwords in a Post-Snowden World
hpauthorIn the aftermath of the Edward Snowden revelations, the public's attention has turned to the importance of protecting their online privacy and security. One of the most critical aspects of online security is the password, and the need for more secure methods of storage and verification. In this article, we will explore some of the latest innovations in zero-knowledge password proofing, a technique that ensures passwords are stored without exposing the actual password, yet allowing seamless log-in without the need for a physical token or additional device.
1. Passkey Auto-Generate (PAG)
Passkey Auto-Generate (PAG) is a Google-developed technique that allows users to generate a unique, one-time password that can be used to log into their accounts. PAG is based on the idea of a secret shared between the user and the service provider. The user generates a passkey on their device, which they then send to the service provider. The service provider then stores the passkey, but not the actual passkey itself. When the user attempts to access their account, the service provider generates a new passkey and compares it to the one generated by the user's device. If the passkeys match, the user is granted access. This approach ensures that the service provider does not have access to the user's actual password, but still provides a strong level of security.
2. Password Hash+ (PHS)
Password Hash+ (PHS) is another method that uses a hashing algorithm to store passwords without exposing the actual password. When a user attempts to log in, their password is hashed using a strong, secure hash function, such as bcrypt or scrypt. The result of the hashing process is then stored along with a random "salt" value. When the user attempts to log in, their password is hashed again using the same hash function and salt, but with the knowledge of the stored hash and salt. If the hashed passwords match, the user is granted access. This approach ensures that even if an attacker gets hold of the stored hash, they still need access to the salt, making it more difficult for them to compromise the user's password.
3. Seeded Passwords
Seeded passwords are a technique where users generate a strong, random password and then use a shared secret (called a seed) to generate multiple passwords. The user then stores these generated passwords, but not the actual passwords themselves. When the user attempts to access their account, they provide the seed and the service provider generates the corresponding password(s). This approach ensures that the service provider does not have access to the user's actual password, but still provides a strong level of security.
In a world where online privacy and security are increasingly important, using zero-knowledge password proofing techniques can help users protect their passwords more effectively. By storing passwords without exposing the actual passwords, these techniques provide an additional layer of security and ensure that even if an attacker gets hold of the stored information, they still need access to specific secrets, making it more difficult for them to compromise the user's password. As technology continues to advance, we can expect to see more innovative solutions for secure password storage and verification in the future.