Protecting Passwords with Oblivious Cryptography
Offered By: YouTube
Course Description
Overview
Explore password protection techniques using oblivious cryptography in this conference talk from CypherCon 2.0. Delve into the vulnerabilities of ubiquitous passwords and learn about Pseudorandom Functions (PRF) and their role in enhancing security. Examine password database compromises and Facebook's Password Onion approach. Discover the concept of Remote HMAC for distributing trust and the innovative Pythia PRF approach. Understand the PRF query process for new users and strategies for compromise recovery. Analyze why existing crypto primitives fall short and explore the construction and advantages of Partially Oblivious PRF. Learn about fast, scalable PRF services and their applications beyond web servers. Conclude with an overview of the open-source Pythia implementation, equipping you with cutting-edge knowledge to bolster password protection in various digital environments.
Syllabus
Intro
Summary Passwords: Ubiquitous, but vulnerable to offline attack
Pseudorandom Function (PRF)
Password Database Compromises
Facebook's Password Onion
Remote HMAC Distributes Trust
Our Approach: Pythia PRF
PRF Query – New User
Compromise Recovery
Existing Crypto Primitives are Insufficient
Partially Obl. PRF Construction
Advantages of Partially Obl. PRF
Fast, Scalable PRF Service
Beyond Web Servers
Conclusion
Pythia Open Source Implementation
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube