Cryptographic standards are years ahead of the crackers. To take one example, a 256 bit AES key has 1.1 x 1077 possible combinations. Assuming a very optimistic brute force rate, that’s still going to take about 3.31 x 1056 years to crack [source]. Great right? Well the biggest weakness in the cryptography arena is not the standards themselves but the way that they are (mis)implemented. For a couple of examples; just take a look at the weaknesses in the now obsolete WEP standard, which don’t target the RC4 algorithm itself but rather the implementation. Don’t also forget the Debian OpenSSL blunder.



Certivox have launched their new M-Pin Strong Authentication System and one of the most encouraging features is the 15 minute integration. The multi-factor authentication system based on proven elliptic curve cryptography is housed within the M-Pin code which means that application developers don’t need to worry about the cryptographic principles, just a simple API integration. This dramatically improves the security of custom applications that are built around the M-Pin system leaving no room for bad cryptographic implementations.

M-Pin supports HTML5 web integration, and they also provide a C client library allowing developers to integrate the M-Pin protocol into software applications of their choosing and also allow for additional layers of authentication to be utilised such as biometrics.

From CertiVox’s press release – Brian Spector, CEO, CertiVox, said: “M-Pin is a game changer in the authentication industry, a true alternative to username / password authentication that scales for the web. M-Pin is an open source multi-factor authentication system that can be deployed in minutes at a fraction of the cost of existing solutions while offering a degree of security greater than many existing solutions that cost an order of magnitude more. M-Pin is the only open source authentication solution that removes the threat vulnerability of username / passwords at the client and server level and replaces it with two-factor authentication based on a strong cryptographic protocol built for tomorrow’s internet.”

Contributing to the community is a huge plus point in my book, and providing a free community tier means that I’ll be giving this a go in my next authentication project!