RSA’s figured out how to implement an extremely simple security precaution on a large scale: splitting stored passwords into two separate locations, significantly reducing the odds of a break. The increase in security comes at the cost of halving reliability, since if either location is inaccessible the whole thing stops workng.
Also, mostly offtopic but — the universe might /actually/ be a computer simulation:
a) Physicists — is this legit?
b) Where do I get a red pill?
c) Thoughts on how to hack it?
’cause yeah, rule #0 of defensive security: never allow anyone to control you, always be free.
“RSA, the security division of EMC, today announced a security product intended to protect simple passwords stored within businesses for authentication purposes, by splitting these passwords in two pieces kept separately, in theory making it harder for hackers to get hold of them. […]
“It scrambles, randomizes and splits passwords, credentials and PINs,” she says. DCP splits password information into halves that are supposed to be stored separately, and during an authentication process, the two halves are compared. Storing split passwords separately means “we’re forcing the attacker to break two locations,” she points out, by eliminating a single, primary point of compromise.
RSA DCP, which costs about $150,000, will ship at year end in the form of a virtual appliance for VMware-based networks. It will work with passwords held in either unencrypted form, or passwords that have been hashed and salted through an encryption process. DCP allows for on-demand re-randomization of the DCP-scrambled and split passwords.
However, there will need to be attention paid to availability issues associated with DCP in the password authentication process since it has to rely on correct information obtained from two separate places in the network rather than one, thus potentially raising risk that a network malfunction could impact the process. Robinson acknowledged that, and said RSA is advising customers that use it to ensure DCP is working in high-availability, redundant environments.”