Don't wait to fix your password storage

2015-11-01

Over the past few years, I have given a talk on Cryptography Pitfalls at a variety of conferences. One section of the talk covers the evolution of password storage and the various data breaches the last few years. In addition to covering the ways password storage has been done wrong, I also present the best solutions. Instead of recapping it again, take a look at Coda Hale’s blog post on the topic. A few brave souls will occasionally come up to me later and admit their company still stores passwords in a less than ideal way. There are many reasons for this, but they generally boil down to the fact that the software is old and developers just didn’t know any better when they wrote that part of the system. …

Read More

Introducing Trustworthy

We’ve all seen the tense scene in a war movie where the order has come down to launch the nuclear missiles. The captain and his first officer each take out a special key they’ve had around their neck the whole time. Then they both insert their individual keys into the weapons computer and turn simultaneously. Despite being a popular motif, this is a real policy implemented by many military organizations, including the U.S. Air Force. Once you think about it this kind of policy is obvious, one person shouldn’t be able to launch nuclear weapons on their own. Trustworthy is like having a two-man rule for your data. …

Read More