One of the central problems in modern computer security is the need to protect an ever-increasing amount of user data from an enormous array of potential threats. Researchers at the security firm RSA have proposed a new method of securing passwords from database hacks: Breaking them into pieces and storing them in separation locations.
From the user’s perspective, nothing would change – you’d visit a website, type your password, and log in normally. Server-side authentication, however, would be considerably different. Currently, when you transmit a password to a website, the password is typically hashed or encrypted in some fashion. The server doesn’t actually store your password in plaintext, but the encrypted value of your password. Cryptographic hashing functions are theoretically reversible, but well-designed hashes are impossible to brute-force within reasonable amounts of time, using conventional hardware. The problem with this approach is it looks good in theory, but is often flawed in practice.
Splitting the password between multiple servers ensures that if one server was compromised, the hackers would gain nothing but halved hash values with no way to combine them into an appropriate authentication scheme. Without knowledge of the second combination function, there’s no way to reverse engineer the hashes back to plaintext. The halved password hashes themselves would refresh periodically, further limiting the usefulness of a database hack.
As for the real-world impact of such an approach, there’s good news and bad news. The good news is that RSA’s method of splitting and combining password hashes would have prevented attacks, like the one that hit LinkedIn, from having any security consequences.
The bad news is that the method itself is only as good as the specifics of its implementation (LinkedIn’s own security was poorly implemented) and it can’t address individual account compromises that arise from malware infections (i.e. user error).
This last issue highlights one of the most frustrating facts about online security. The size and scope of the technical attack vectors is overwhelming and shifts on a yearly basis as new methods are discovered or come into vogue. Still, the RSA approach does at least close one potential loophole, and it’s scalable. The current implementation uses two servers, but the method could be deployed across four or more separate locations.