Honey Encryption

Honey Encryption is a security tool that makes it difficult for an attacker who is carrying out a brute force attack to know if he has correctly guessed a password or encryption key.

Typically, an attacker will know he's guessed wrong because the decrypted results will be unintelligible. If Honey Encryption has been used, however, the wrong guess will generate phony results that appear to be genuine. Because each incorrect guess generates a plausible result, it will be difficult for the attacker to know when he has guessed correctly.

Honey Encryption was created by Ari Juels, former chief scientist of the RSA, and Thomas Ristenpart from the University of Wisconsin. At the time of this writing, Honey Encryption is best-suited for constructions in which encrypted data is derived from passwords.

See also: honey pot, honeynet, honey monkey


This was last updated in April 2014

Continue Reading About Honey Encryption

Dig Deeper on Risk management and governance