Airlock supports IBM Research - Zurich in developing optimal distributed password verification
Airlock engineers have supported IBM Research – Zurich in developing a highly efficient cryptographic protocol for protecting user passwords against server compromise. The protocol distributes password verification over multiple servers in a way that requires adversaries to compromise all involved servers to gain any information about passwords.
The implementation and integration in Airlock IAM as an add-on has provided valuable insights regarding practicability and usability of the new protocol. Potential new customers with high security demands could now benefit from the new technology.
The result was presented at the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS) in October 2015. For further details, please refer to the paper at http://www.zurich.ibm.com/pdf/csc/CCS15_passwords.pdf.
Interview with Roman Hugelshofer in Computerwoche "How simple passwords get secure again"