Making password databases impossible to steal

A new technology, called Blind Hashing, that prevents offline password attacks by making databases impossible to steal, has been introduced at RSA Conference 2015 by start-up TapLink.

TapLink is completely invisible to the end-user, easy to integrate, has minimal impact on back-end systems, and works in conjunction with existing password defenses, systems and processes.

The Blind Hashing technology transforms a password hash into a lookup function within a massive pool of completely random data. The result of the lookup is used to decrypt the hash and allow the authentication process to be completed with no latency impact to the log in process.

A petabyte-sized data pool acts as a “data anchor” to prevent an attacker from ever cracking a single password. In order to begin the password cracking process, an attacker would have to steal the entire data pool, spanning hundreds of solid state drives (SSD) across multiple data centers. In what pundits have dubbed “security by obesity”, the TapLink data pool is so large that simply trying to transfer it over the network at full line rate would take years.

Meanwhile, the TapLink data pool acts as a common defense fund for all the passwords under its protection. Since every new company that uses TapLink grows the size of the data pool, and increases the security for everyone using it.

“Password theft puts our entire digital identity in the hands of internet pranksters and cybercriminals, who use stolen credentials to cause billions of dollars in damages every year,” said Jeremy Spilman, CTO and Founder of TapLink. “TapLink Blind Hashing protects an organization’s systems, operations, brand, and most importantly, its customers from the most prevalent attack vector online today.”

TapLink Blind Hashing is available immediately. Pricing is per protected password. TapLink can be deployed in test mode to monitor performance, reliability and security.

TapLink has been in deployment on over 40 websites and protecting millions of passwords for the past two years.