Pythia is a verifiable, cryptographic protocol that hardens passwords with the help of a remote service.
Passwords protected with Pythia are impervious to offline dictionary attacks (password cracking). And strict rate-limiting by the Pythia service makes online guessing attacks ineffective.
Pythia can be used with any application that uses passwords. This page has links and instructions to download and install proof-of-concept applications that use Pythia.
SafeID is a Python module that demonstrates how a web server uses Pythia to protect and verify passwords.
pip install safeid
Or download SafeID from GitHub.
Once installed, there is a simple command-line tool to try out SafeID. Protect a password with:
PPASS=`safeid new "passphrase"`
safeid check "passphrase" "$PPASS"
We host a test and development Pythia service at remote-crypto.io. This service is free to use, but it's currently only a development and demonstration service (not a production service), so it's reliability and longevity are not guaranteed.
You can download the prototype Pythia server source code from GitHub .