Resources

Downloads and FAQ

Downloads for On Prem solution

FAQ

Are passwords still secure?

To start with, passwords can be very secure if it´s handled correctly on each level.

The main problem is the tradeoff between security and user friendliness.

In general, the weaknesses are:

  1. People tend to create weak passwords that are easy to predict and guess
  2. People reuse the same password among different websites
  3. Organizations don’t use password storage solutions that are secure enough

The problem with password online attacks

Users tend to reuse the same password across multiple different websites.

This creates the problem where the attacker copies the leaked passwords from another website and try to authenticate with the same credentials on your website. This can be true for both employees with deeper access to more vulnerable parts of your system but also for your customers and users.

How many of your users have very strong
passwords?


As described previously, most users tend to
create weak and predictable passwords which
are easy to crack regardless of which software
hashing algorithm that is used

Do all of your users have two-factor authentication turned on?

No, only about 10 % is using 2FA when it is available. For those who is not, the attacker is only one step from being able to access the account.
Even if two-factor authentication is turned on, it is still possible to go around

Isn´t 2FA enough?

We strongly recommend 2FA. However, if the hardware, where the communication takes place for the 2FA in the first step, breaks down, how do you solve the authentication?
In addition, there is usually a master password that enables the initiation of hardware / telephone etc, where is this stored? This is usually stored in another server, which can easily be breached.

What are the major risks if your database leaks?


Think about:
• Financial impacts – Remediation costs
• Reputation costs – Customer loss
• Account takeover – Abuse
• Competitors can get access to your customers
• GDPR – Sensitive data
• PR issues

What is CIPHRA?

Ciphra is a HSM (Hardware Security Module) that is 10-20 times faster than a traditional HSM and also safer. CIPHRA can handle 25.000 + calls per second. Furthermore, unlike a regular HSM, CIPHRA does not store its keys locally on the hard drive. The master root key is stored on any separate memory (USB) that is locked into a safe or similar. And encryption keys are generated on-demand and erased once used with the PUF Technology.

What is a PUF-key?

In cryptography and within embedded security ICs, the PUF is used to create keys that are generated on-demand and instantaneously erased once used. PUF is dependent on random physical factors (unpredictable and uncontrollable) that exist natively and/or are incidentally introduced during a manufacturing process.

What if I run my service in the cloud?

First, CIPHRA CLOUD enabeles companies that run their services partially or as a whole on the cloud ,a cloud service, where we help to secure your passwords and customer credentials in the best secure environment possible, powered by our CIPHRA module. We direct to and redirect back  from our cloud to dismantle any off-line attacks being a threat. to your organisation. 

What if a CIPHRA device breaks down?

Additional CIPHRA appliances are also used for redundancy. If a CIPHRA appliance breaks down due to unforeseen events, then the redundant appliance replaces the broken appliance and the system runs as normal.

Unclonable keys – How?

CIPHRA utilizes SRAM PUF (physically unclonable function) to generate a secure key which is then used in a cryptographic algorithm to process passwords. SRAM PUFs derives cryptographic keys and identities from a digital fingerprint in the start-up behavior of SRAM cells. This means that the secret material is never stored in memory and that no physical traces can be found on a chip that lead to the secret material. There are no secrets that are present on the chip in any physical form. Storing keys with SRAM PUF also provides a level of security that cannot be achieved with any other form of key storage, due to the fact that keys are not physically stored on the chip. This technology has been silicon proven, having been used to secure more than 125 million devices.

Hardware Plug and play – How?

CIPHRA is designed to be implemented within existing architectures without requiring any system changes. The communication between the server and CIPHRA appliance takes place over HTTPS and REST API. It is easy to install and does not require any special expertise or training to set it up and running.