Latest encryption trick to thwart hackers is as sweet as Honey

Latest encryption trick to thwart hackers is as sweet as Honey

It seems like every other week another high-profile company’s servers are hacked. Last November, for example, Adobe suffered a security breach and as many as 150 million users’ may have been affected. Instead of crying about it, two security researchers are using these data dumps to try to thwart the next attackers, with a clever new method called Honey Encryption, reports MIT Technology Review.

With Honey Encryption, when hackers try to decrypt a secure database, they won’t know if they’ve correctly guessed the encryption key. Normally, an incorrect guess would return a garbled mess. But with Honey Encryption, an incorrect guess will return a fake, but legitimate-looking database that is based in part on the database dumps from previous security breaches.

Security researchers Ari Juels and Thomas Ristenpart developed Honey Encryption because they believed “[decoys] and deception are really underexploited tools in fundamental computer security.”

Right now, Juels is using Honey Encryption to create a fake password vault generator for password managers. While password managers may help users create complex and unique passwords for individual accounts, users often use weak master passwords because they frequently have to type them in. As a result, password managers are frequently the target of attackers.

To build the fake password vault generator, Juels is taking advantage of previous security breaches, using collections from previously hacked password managers and from other services.

More from BGR: How to slash your wireless bill just by whispering ‘T-Mobile’ in AT&T’s ear

This article was originally published on

Related stories

Web privacy guru designing anti-spying iPhone app

U.S. Army testing smartphones and tablets for combat

Apple sued again for collecting location data

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting