Meet NoCrack - an Original Way to Protect Your Passwords
Using a password manager is an intelligent security solution, but it has one major flaw. If someone is dead set on hacking into your account, he or she won't stop until cracking your master password and thus getting access to all your user names and passwords. So how does a tool (that will let you see the data saved inside of it no matter what password you enter) sound like? Not good? Well, you might reconsider when I tell you that there is a new kind of password manager that allows anyone to access it, but replaces the actual user names and passwords with bogus ones if the password isn't the one originally set.
The concept behind this new kind of password manager called NoCrack is pretty simple. The attacker has no idea which ones are real passwords and which are aren't so now, instead of knowing when he failed and when he succeeded, he will have to check all the data that he runs across. This makes it much more time consuming for the hacker and since there is no way of knowing when the key is incorrect, it will render the classical decrypting attacks (brute force, dictionary, mixed attacks, etc.) completely useless. Truth being told, there already is a somewhat similar tool on the market called Kamouflage, but it uses decoy master passwords which are pretty close to the actual one, so the attacker will at least have the information that he's close to cracking it. Something that will not happen with NoCrack.
Unfortunately, at this time this software is just a concept and is nowhere near being marketable just yet. However, the group of security researchers who came up with the idea will present a paper on it at IEEE Symposium on Security and Privacy in San Jose, California on May 19th. If you like the idea and you want the read more about NoCrack, you can view its documentation papers by clicking on this link.
