Thursday, August 4, 2016

Announcing Rock Salt™

Rock Salt™ is a method for storing and accessing password verification data on multi-user computer systems that resists remote attacks. Along with commonly-employed measures that limit the number of unsuccessful attempts to login or otherwise verify a password, it allows users to choose relatively simple passwords with full security. The secret component cannot be easily leaked or exfiltrated by malware, does not require periodic backup and is isolated in a way that allows it to be protected by conventional security measures, such as safes, alarm systems and video surveillance, from attackers who somehow gain access to the computing facility.

I announced Rock Salt on Tuesday, August 2, 2016 at the Passwords16 conference in Las Vegas. My presentation slides are now available at

Video of the presentation should be available soon at