Make offline password cracking impossible
Protecting passwords with CIPHRA eliminates offline password cracking for now and for the future. Authentico Technologies guarantee organizations that their password database is secure even if the database gets hacked or stolen in a data breach, regardless of the password strength and the computing resources the attacker has access to. In other words, the database is useless for any offline password recovery attacks. The only attack hackers can mount to crack passwords is to launch an online attack. Existing defenses against online attacks are already effective.
CIPHRA uses standard cryptography together with unclonable keys to process user passwords. No secret key, not even the root key of trust, is stored anywhere in memory. CIPHRA is a plug and play solution that does not require any changes to existing system architecture.
Unclonable keys – How?
CIPHRA utilizes SRAM PUF (physically unclonable function) to generate a secure key which is then used in a cryptographic algorithm to process passwords. SRAM PUFs derives cryptographic keys and identities from a digital fingerprint in the start-up behavior of SRAM cells. This means that the secret material is never stored in memory and that no physical traces can be found on a chip that lead to the secret material. There are no secrets that are present on the chip in any physical form. Storing keys with SRAM PUF also provides a level of security that cannot be achieved with any other form of key storage, due to the fact that keys are not physically stored on the chip. This technology has been silicon proven, having been used to secure more than 125 million devices.
Plug and play – How?
CIPHRA is designed to be implemented within existing architectures without requiring any system changes. The communication between the server and CIPHRA appliance takes place over HTTPS and REST API. It is easy to install and does not require any special expertise or training to set it up and running.
Scalable – How?
A CIPHRA appliance has a minimum processing throughput of 20 000 login requests per second, but can be increased to any number of requests an organization demands by adding additional appliances.
What if a CIPHRA device breaks down?
Additional CIPHRA appliances are also used for redundancy. If a CIPHRA appliance breaks down due to unforeseen events, then the redundant appliance replaces the broken appliance and the system runs as normal.
Facilitate key management
An optional functionality that CIPHRA provides is the ability to generate unclonable user specific keys that can be used for protection of user data. For example, when a user authenticates him/herself, CIPHRA can generate a key specific to that user which is then used to decrypt the user profile data without having the key stored anywhere in memory.
This means that if the server database gets hacked, there are not any keys available in the memory, since they are generated once the user logs in and deleted as soon as the authentication is completed.