Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

RSA splits password and stores two halves separately to stop hackers

The RSA Distributed Credential Protection should protect simple passwords stored within businesses for authentication purposes

Article comments

RSA, the security division of EMC, has announced a security product intended to protect simple passwords stored within businesses for authentication purposes, by splitting these passwords in two pieces kept separately, in theory making it harder for hackers to get hold of them.

This year has seen a large number of password hacking exploits, including those against dating site eHarmony, Yahoo, and e-commerce site Zappos. The password-protection software, called RSA Distributed Credential Protection (DCP), was designed to make cyberattacks targeting large numbers of stored passwords more of a challenge, according to Liz Robinson, RSA senior product marketing manager.

"It scrambles, randomises and splits passwords, credentials and PINs," she says. DCP splits password information into halves that are supposed to be stored separately, and during an authentication process, the two halves are compared. Storing split passwords separately means "we're forcing the attacker to break two locations," she points out, by eliminating a single, primary point of compromise.

RSA DCP, which costs about $150,000, will ship at year end in the form of a virtual appliance for VMware-based networks. It will work with passwords held in either unencrypted form, or passwords that have been hashed and salted through an encryption process. DCP allows for on-demand re-randomisation of the DCP-scrambled and split passwords.

However, there will need to be attention paid to availability issues associated with DCP in the password authentication process since it has to rely on correct information obtained from two separate places in the network rather than one, thus potentially raising risk that a network malfunction could impact the process. Robinson acknowledged that, and said RSA is advising customers that use it to ensure DCP is working in high-availability, redundant environments.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *