Password Protect™ Challenge

Steal the credentials from our hardware
authentication appliance

and win Google Glass

Each month one hundred plain text usernames and passwords are pre-loaded onto our secure password storage and authentication appliance. You are invited to try to steal them! The first entrant to steal the credentials will win a Google Glass.*

What is Silicon Safe Password Protect?

Password Protect™ is a secure password storage and authentication appliance that stops the theft of password databases from bulk storage. The hardware appliance replaces conventional software authentication repositories which are vulnerable to remote attacks by hackers.

Passwords can be stored against a user name, and tested against a user name but you can never read out the password associated with a user name. At least that is our claim!

The hardware architecture is a radical departure from conventional identity storage solutions and would have prevented the eBay, LinkedIn, kickStarter and many other bulk password thefts - dead!

The Password Protect challenge is an open beta that is intended to exercise the technology and to validate our claims that credentials cannot be stolen from the appliance.

The challenge is not about breaking encryption because there isn't any to break. It is about stealing plain text usernames and passwords. How hard can that be right?

If you would like to test Password Protect under our closed Beta programme then please contact us.

The Challenge Arena

The challenge arena comprises a number of authentication appliances behind a server load balancer. The appliances can be accessed directly or via this challenge website.

Using the challenge website you can easily explore the capabilities of Password Protect without having to write any code. You can perform common operations such as login, register an account or change a password. A 'raw mode' is provided which allows you to send bespoke commands or launch attacks from your web browser.

Alternatively you can perform penetration testing on Password Protect directly by writing your own connection scripts that open sockets and send TCP packets to the server. See the developer page for sample PHP and Python code.

In a real deployment the Password Protect appliance will not be "naked on the Internet" as it is in this challenge. We have stripped out the cryptographic protection and stripped out IP filtering. We have not hooked up denial of service protection because that is not the point of the challenge. We take denial of service as an admission of defeat and will publicise it as such.

Good luck!

Enter site