Password-Hardened Encryption Revisited
Baecker R, Gerhart P, Schröder D (2025)
Publication Type: Conference contribution
Publication year: 2025
Journal
Publisher: Springer Science and Business Media Deutschland GmbH
Book Volume: 16250 LNCS
Pages Range: 205-234
Conference Proceedings Title: Lecture Notes in Computer Science
Event location: Melbourne, VIC, AUS
ISBN: 9789819551187
DOI: 10.1007/978-981-95-5119-4_7
Abstract
Passwords remain the dominant form of authentication on the Internet. The rise of single sign-on (SSO) services has centralized password storage, increasing the devastating impact of potential attacks and underscoring the need for secure storage mechanisms. A decade ago, Facebook introduced a novel approach to password security, later formalized in Pythia by Everspaugh et al. (USENIX’15), which proposed the concept of password hardening. The primary motivation behind these advances is to achieve provable security against offline brute-force attacks. This work initiated significant follow-on research (CCS’16, USENIX’17), including Password-Hardened Encryption (PHE) (USENIX’18, CCS’20), which was introduced shortly thereafter. Virgil Security commercializes PHE as a software-as-a-service solution and integrates it into its messenger platform to enhance security. In this paper, we revisit PHE and provide both negative and positive contributions. First, we identify a critical weakness in the original design (USENIX’18) and present a practical cryptographic attack that enables offline brute-force attacks – the very threat PHE was designed to mitigate. This weakness stems from a flawed security model that fails to account for real-world attack scenarios and the interaction of security properties with key rotation, a mechanism designed to enhance security by periodically updating keys. Our analysis shows how the independent treatment of security properties in the original model leaves PHE vulnerable. We demonstrate the feasibility of the attack by extracting passwords in seconds that were secured by the commercialized but open-source PHE provided by Virgil Security. On the positive side, we propose a novel, highly efficient construction that addresses these shortcomings, resulting in the first practical PHE scheme that achieves security in a realistic setting. We introduce a refined security model that accurately captures the challenges of practical deployments, and prove that our construction meets these requirements. Finally, we provide a comprehensive evaluation of the proposed scheme, demonstrating its robustness and performance.
Authors with CRIS profile
Ruben Baecker
Lehrstuhl für Informatik 13 (Angewandte Kryptographie)
Dominique Schröder
Lehrstuhl für Informatik 13 (Angewandte Kryptographie)
Involved external institutions
Austria (AT)How to cite
APA:
Baecker, R., Gerhart, P., & Schröder, D. (2026). Password-Hardened Encryption Revisited. In Goichiro Hanaoka, Bo-Yin Yang (Eds.), Lecture Notes in Computer Science (pp. 205-234). Melbourne, VIC, AUS: Springer Science and Business Media Deutschland GmbH.
MLA:
Baecker, Ruben, Paul Gerhart, and Dominique Schröder. "Password-Hardened Encryption Revisited." Proceedings of the 31st Annual International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2025, Melbourne, VIC, AUS Ed. Goichiro Hanaoka, Bo-Yin Yang, Springer Science and Business Media Deutschland GmbH, 2026. 205-234.
BibTeX: Download