Privacy-Preserving Compromised Credential Checking
Researchers from Cornell Tech and the University of Wisconsin-Madison have developed a next-generation, privacy-preserving compromised credential checking protocol called MIGP (Might I Get Pwned). The protocol allows clients to check for leaked credentials without revealing any information about their queried passwords or usernames. Unlike existing services that only alert users if their exact password is present in a data breach, MIGP also checks for similar passwords that have been exposed. This approach helps detect credential tweaking attacks, an advanced version of credential stuffing. Cloudflare has implemented and deployed the protocol within its infrastructure and open-sourced it under the BSD-3 License.
Company
Cloudflare
Date published
Oct. 14, 2021
Author(s)
Luke Valenta, Cefan Daniel Rubin, Christopher Wood
Word count
3115
Language
English
Hacker News points
None found.