Rock Salt: A Method for Securely Storing and Utilizing Password Validation Data

Presented at BSidesLV 2016, Aug. 2, 2016, 2 p.m. (50 minutes)

Rock Salt™ is a method for storing and accessing password verification data on multi-user computer systems that resists remote attacks. Along with commonly-employed measures that limit the number of unsuccessful attempts to login or otherwise verify a password, it allows users to choose relatively simple passwords with full security. The secret component cannot be easily leaked or exfiltrated by malware, does not require periodic backup and is isolated in a way that allows it to be protected by conventional security measures, such as safes, alarm systems and video surveillance, from attackers who somehow gain access to the computing facility.

Presenters:

• Arnold Reinhold - A G Reinhold
  Arnold Reinhold has been involved with password and passphrase security since the mid-1990s. He is the developer of Diceware, RockSalt, CipherSaber and HEKS, the first password hash designed to consume memory resources as well as CPU time. He has worked on spacecraft navigation at NASA, apparel industry automation at Marcon, computer-aided design software at Computervision Corp. and helped found Automatix Inc., an early robotics and machine vision company. Mr. Reinhold is co-author of several For Dummies books, including The Internet For Dummies Quick Reference and Email For Dummies, and contributes regularly to Wikipedia. Mr. Reinhold studied mathematics at MIT and management at Harvard.

Links:

• https://bsideslv2016.sched.com/event/7YOE/rock-salt-a-method-for-securely-storing-and-utilizing-password-validation-data

Similar Presentations:

• CackalackyCon 2 (2023) / Password Attacks 101: Exploiting Human Weaknesses
• CHCon '20 (2020) / A Recipe for Password Storage: Add Salt to Taste