Skip to main content

Distinguished Seminar:  Making Password Checking Systems Better

Date:March 21, 2016 
Talk Title:Making Password Checking Systems Better
Speaker:Tom Ristenpart, Associate Professor, Cornell Tech
Time & Location:12:00pm - 1:00pm
DEC, CIC Building, Pittsburgh

Abstract

Most computing systems still rely on user-chosen passwords to authenticate access to data and systems.  But passwords are hard to use, easy to guess, and tricky to securely store.  In practice one sees high failure rates of (legitimate) password login attempts, as well as a never-ending stream of damaging password database compromises.  I will present a sequence of new results that target making password authentication systems better. 

We will look at how to address concerns in three areas: (1) usability by way of easy-to-deploy typo-tolerant password authentication validated using experiments at Dropbox; (2) hardening password storage against cracking attacks via our new Pythia crypto service; and, time allowing, (3) building cracking-resistant password vaults via a new cryptographic primitive called honey encryption. 

The talk will cover joint work with Anish Athayle, Devdatta Akawhe, Joseph Bonneau, Rahul Chatterjee, and Ari Juels.

 

Speaker Bio

Thomas Ristenpart is an Associate Professor at Cornell Tech and a member of the Computer Science department at Cornell University. Before joining Cornell Tech in May 2015, he spent four years as an Assistant Professor at the University of Wisconsin-Madison.

His research spans a wide range of computer security topics, with a recent focus on cloud computing security, as well as topics in applied and theoretical cryptography. 

His work has been featured in numerous publications including the New York Times, The MIT Technology Review, ABC News, and U.S. News and World Report. He completed his Ph.D. at UC San Diego in 2010. 

His awards include the UC San Diego Computer Science and Engineering Department Dissertation Award, an NSF CAREER Award, the Best Paper Award at USENIX Security 2014, and a Sloan Research Fellowship.