Protecting Passwords with Pythia

Pythia is a verifiable, cryptographic protocol that hardens passwords with the help of a remote service.

View Presentation

Passwords protected with Pythia are impervious to offline dictionary attacks (password cracking). And strict rate-limiting by the Pythia service makes online guessing attacks ineffective.

Pythia can be used with any application that uses passwords. This page has links and instructions to download and install proof-of-concept applications that use Pythia.

SafeID

SafeID is a Python module that demonstrates how a web server uses Pythia to protect and verify passwords.

pip install safeid

Or download SafeID from GitHub.

Once installed, there is a simple command-line tool to try out SafeID. Protect a password with:

PPASS=`safeid new "passphrase"`
And verify a protected password with:
safeid check "passphrase" "$PPASS"

Test and Development Service

We host a test and development Pythia service at remote-crypto.io. This service is free to use, but it's currently only a development and demonstration service (not a production service), so it's reliability and longevity are not guaranteed.

Pythia Server Source Code

You can download the prototype Pythia server source code from GitHub .