/plushcap/analysis/cloudflare/privacy-preserving-compromised-credential-checking

Privacy-Preserving Compromised Credential Checking

What's this blog post about?

Researchers from Cornell Tech and the University of Wisconsin-Madison have developed a next-generation, privacy-preserving compromised credential checking protocol called MIGP (Might I Get Pwned). The protocol allows clients to check for leaked credentials without revealing any information about their queried passwords or usernames. Unlike existing services that only alert users if their exact password is present in a data breach, MIGP also checks for similar passwords that have been exposed. This approach helps detect credential tweaking attacks, an advanced version of credential stuffing. Cloudflare has implemented and deployed the protocol within its infrastructure and open-sourced it under the BSD-3 License.

Company
Cloudflare

Date published
Oct. 14, 2021

Author(s)
Luke Valenta, Cefan Daniel Rubin, Christopher Wood

Word count
3115

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.