RSA, the security division of EMC, has announced a security product intended to protect simple passwords stored within businesses for authentication purposes, by splitting these passwords in two pieces kept separately, in theory making it harder for hackers to get hold of them.
This year has seen a large number of password hacking exploits, including those against dating site eHarmony, Yahoo, and e-commerce site Zappos. The password-protection software, called RSA Distributed Credential Protection (DCP), was designed to make cyberattacks targeting large numbers of stored passwords more of a challenge, according to Liz Robinson, RSA senior product marketing manager.
"It scrambles, randomises and splits passwords, credentials and PINs," she says. DCP splits password information into halves that are supposed to be stored separately, and during an authentication process, the two halves are compared. Storing split passwords separately means "we're forcing the attacker to break two locations," she points out, by eliminating a single, primary point of compromise.
RSA DCP, which costs about $150,000, will ship at year end in the form of a virtual appliance for VMware-based networks. It will work with passwords held in either unencrypted form, or passwords that have been hashed and salted through an encryption process. DCP allows for on-demand re-randomisation of the DCP-scrambled and split passwords.
However, there will need to be attention paid to availability issues associated with DCP in the password authentication process since it has to rely on correct information obtained from two separate places in the network rather than one, thus potentially raising risk that a network malfunction could impact the process. Robinson acknowledged that, and said RSA is advising customers that use it to ensure DCP is working in high-availability, redundant environments.