Thursday, August 4, 2016

Announcing Rock Salt™

Rock Salt™ is a method for storing and accessing password verification data on multi-user computer systems that resists remote attacks. Along with commonly-employed measures that limit the number of unsuccessful attempts to login or otherwise verify a password, it allows users to choose relatively simple passwords with full security. The secret component cannot be easily leaked or exfiltrated by malware, does not require periodic backup and is isolated in a way that allows it to be protected by conventional security measures, such as safes, alarm systems and video surveillance, from attackers who somehow gain access to the computing facility.

I announced Rock Salt on Tuesday, August 2, 2016 at the Passwords16 conference in Las Vegas. My presentation slides are now available at https://www.researchgate.net/publication/305849439_Rock_Salt_A_Method_for_Securely_Storing_and_Utilizing_Password_Validation_Data

Video of the presentation should be available soon at passwordscon.org.