Rock Salt - A Method for Securely Storing and Utilizing Password Validation Data

Explore a comprehensive method for secure password storage and validation in this 43-minute conference talk from BSidesLV 2016. Delve into the concept of Rock Salt, a technique designed to address enterprise-level password security challenges and mitigate the risks associated with database breaches. Learn about the implementation of Rock Salt, including its use of encryption, Very Large Keys (VLK), and two-person integrity systems. Examine the block diagram of Rock Salt, understand its advantages and limitations, and discover how it tackles various potential attacks. Additionally, gain insights into handling short passwords, business-related issues, and compare Rock Salt to existing password security methods. This presentation by Arnold Reinhold offers valuable knowledge for cybersecurity professionals and organizations seeking to enhance their password protection strategies.

Slideout Crypt
Dice
Password Advice
Email for Dummies
Todays Problem
Enterprise Problem
Database Breaches
Two Types of Companies
Existing Methods
Arms Race
Are we there yet
Encryption
What is Rock Salt
What is VLK
How Rock Salt Works
Block Diagram of Rock Salt
Two Person Integrity
Data Guard
Password Verification
Short Passwords
Potential Attacks
Advantages
Limitations
Business Problems