One Password: An Encryption Scheme for Hiding Users' Register Information

TL;DR

This paper introduces a novel encryption scheme that hides user registration info to prevent database collision attacks, enabling users to maintain a single password across multiple applications.

Contribution

It proposes a new encryption method that uses hash functions and coefficient vectors to securely hide registration data, reducing the need for multiple passwords.

Findings

The scheme effectively prevents dictionary and database collision attacks.

Users can use one password for multiple applications.

The method is practical and enhances security against registration info leaks.

Abstract

In recent years, the attack which leverages register information (e.g. accounts and passwords) leaked from 3rd party applications to try other applications is popular and serious. We call this attack "database collision". Traditionally, people have to keep dozens of accounts and passwords for different applications to prevent this attack. In this paper, we propose a novel encryption scheme for hiding users' register information and preventing this attack. Specifically, we first hash the register information using existing safe hash function. Then the hash string is hidden, instead a coefficient vector is stored for verification. Coefficient vectors of the same register information are generated randomly for different applications. Hence, the original information is hardly cracked by dictionary based attack or database collision in practice. Using our encryption scheme, each user only needs to keep one password for dozens of applications.