Listen to this articleBelow is our recent interview with Philip Lundin, the Founder and CEO at Authentico:
Q: What’s wrong with the conventional password protection solutions?
A: Conventional password protection is based on different cryptographic hashing algorithms and key derivation functions in combination with salt. Cryptographic hashing is a one-way function meaning that for a given input it is easy to compute the output but computationally infeasible to find a corresponding input for a given output. However, the major problem with the current state-of-the-art approaches is that they do not stop data from being stolen in the first place and that they do not provide sufficient protection against offline password recovery attacks. Hackers can still recover passwords from the stolen database records using, for instance, dictionary attacks. Under these conventional best practices for password storage, the only protection against offline password recovery attacks is the strength of the user password itself. However, the majority of passwords chosen by users are not strong enough to withstand offline password recovery attacks, regardless of which hashing algorithm is used.
Hackers are improving the efficiency of their password cracking attacks using dedicated hardware. Hardware is getting faster and cheaper every year, and password cracking attacks are getting more sophisticated and effective. Most password hashing algorithms focus on making it more time consuming and expensive to crack passwords; however, as mentioned earlier, this is only true for strong passwords. Weaker passwords, which are the case for the majority of passwords, can be cracked in a matter of seconds or minutes.
Today, there are approximately 8 billion stolen passwords that are accessible via the dark web and by next year, it is estimated that 300 billion passwords will be used globally and this is what Authentico wants to address by eliminating password cracking in case of a stolen database.
Recommended: Q: What exactly is CIPHRA and how does it work?
A: CIPHRA is a hardware based cryptographic processor that does not store encryption keys anywhere which means that hackers can not decipher sensitive data or passwords without access to those keys.
CIPHRA uses unclonable and user specific keys to protect user data and they are generated only when the user is authenticated which means that the data is never accessible at rest.
CIPHRA securely processes user passwords inside the hardware using a standard cryptographic function in combination with an unclonable key. It is designed as a plug-andplay solution, meaning that organisations install CIPHRA simply by connecting it to their infrastructure’s LAN. It does not require any changes to the existing system architecture. Put it differently, it is easy to setup and use, and does not require special training.
Q: What are the benefits of using CIPHRA?
A: CIPHRA benefits include, but not limited to:
-No key storage
-No programmed secret material
-Generation of unclonable keys
-No need to backup any data, only hardware redundancy is needed
-High throughput
-Reduced risk from compromised insider and/or system admins
-Plug & Play
Q: What can we expect from Authentico in the future?
A: Authentico is working towards building an enterprise key management solution following the key principles applied to CIPHRA.
Activate Social Media:
