A Security Analysis of Honey Vaults
Fei Duan, Ding Wang, Chunfu Jia, Zhenduo Hou
IEEE Symposium on Security and Privacy 2024 · Day 1 · Continental Ballroom 6
This talk, presented by Fei Duan at the IEEE S&P 2024 conference, delves into a comprehensive security analysis of **Honey Vaults**, a specialized type of password manager designed to thwart offline password guessing attacks. Collaborating with Ding Wang, Chunfu Jia, and Zhenduo Hou, the research critically examines the underlying cryptographic principles and implementations of these systems. While conventional password managers are susceptible to offline attacks due to their predictable error responses, Honey Vaults leverage **honey encryption** to return semantically plausible but incorrect information when an attacker attempts a wrong master password.
AI review
This research delivers a brutal, highly technical dissection of Honey Vaults, exposing critical vulnerabilities through novel, optimal attack strategies. It's a masterclass in cryptographic analysis, providing both deep insights for attackers and essential design principles for anyone foolish enough to build these systems.