Cryptographic standards are years ahead of the crackers. To take one example, a 256 bit AES key has 1.1 x 1077 possible combinations. Assuming a very optimistic brute force rate, that’s still going to take about 3.31 x 1056 years to crack [source]. Great right? Well the biggest weakness in the cryptography arena is not the standards themselves but the way that they are (mis)implemented. For a couple of examples; just take a look at the weaknesses in the now obsolete WEP standard, which don’t target the RC4 algorithm itself but rather the implementation. Don’t also forget the Debian OpenSSL blunder.

M-Pin

M-Pin

Certivox have launched their new M-Pin Strong Authentication System and one of the most encouraging features is the 15 minute integration. The multi-factor authentication system based on proven elliptic curve cryptography is housed within the M-Pin code which means that application developers don’t need to worry about the cryptographic principles, just a simple API integration. This dramatically improves the security of custom applications that are built around the M-Pin system leaving no room for bad cryptographic implementations.

M-Pin supports HTML5 web integration, and they also provide a C client library allowing developers to integrate the M-Pin protocol into software applications of their choosing and also allow for additional layers of authentication to be utilised such as biometrics.

From CertiVox’s press release – Brian Spector, CEO, CertiVox, said: “M-Pin is a game changer in the authentication industry, a true alternative to username / password authentication that scales for the web. M-Pin is an open source multi-factor authentication system that can be deployed in minutes at a fraction of the cost of existing solutions while offering a degree of security greater than many existing solutions that cost an order of magnitude more. M-Pin is the only open source authentication solution that removes the threat vulnerability of username / passwords at the client and server level and replaces it with two-factor authentication based on a strong cryptographic protocol built for tomorrow’s internet.”

Contributing to the community is a huge plus point in my book, and providing a free community tier means that I’ll be giving this a go in my next authentication project!