Split passwords will mean secure web services, says RSA

RSA has taken the wraps off a security technology that promises to give IT departments an extra layer of protection against...

Security specialist RSA has taken the wraps of a new technology that promises to give IT departments an extra layer of protection against computer hackers.

The technology, dubbed Nightingale, uses a technique known as secret splitting to protect passwords, and other sensitive personal data from prying eyes.

Nightingale relies on sophisticated mathematics to randomly divide sensitive data such as passwords into two parts, which are then stored on two physically isolated servers.

A hacker would have to break into both servers before they could even attempt to reassemble a password, said RSA cryptographer, Burt Kaliski, who is developing the system.

Businesses will become increasingly interested in Nightingale as the trend towards single sign-on systems - which allow the public to access a wide range of web services using a single user name and password - accelerates, RSA believes.

"As companies realise their responsibility to protect the personal information of their staff and customers, they will want some technological alternatives that will help them manage the risk. You can invest in firewalls, virus detection and so on, but you are focusing on a single point of compromise. Nightingale gives you much better protection," said Kaliski.

The Nightingale technology can be combined with intrusion detection systems to provide an early warning system if one of the servers containing the sensitive split data is attacked.

"If one server is attacked, the administrator for the other server can be informed and it can be turned off. It gives you time to react," said Kaliski.

The technology is still at a prototype stage, but RSA expects to have a software developer's kit available by June.

Read more on IT risk management