Authenticated Networked Guided Environment for Learning
technology watch doc 142
| Title: | RSA: Split passwords make secrets safer |
| Subject: | authentication and authorisation |
| Author: | Peter Judge |
| Format: | html |
| Location: | http://uk.news.yahoo.com/030416/152/dxvdr.html |
Abstract:
Breaking passwords in two and storing them in two places will make systems more secure, said RSA Security at its eponymous security show in San Francisco on Tuesday. The company also launched a framework for increased integration of its identity management products.
RSA's Nightingale uses "secret-splitting", a cryptographic technique previously used in very high-end systems. A Nightingale server holds part of the password, which has been cryptographically split in two, according to a process invented by cryptographer Adi Shamir in the 1970s. The process has previously only been used in high-end bespoke systems for banking.
"This is secret-splitting for the masses," said Burt Kaliski, chief scientist at RSA Security. The developers' kit will be available in June, aimed at early adopters. It will be used alongside smartcard systems, so that users' passwords, and the personal life secrets they give to the company to retrieve their password, are not accessible if the server's data store is accessed by a hacker.