Reusing Passwords on Different Sites Should be OK

Concept Blossom, creator of Synctuary encrypted file sync and sharing, declares that it is ok to reuse passwords at different sites where passwords are never exposed to servers. Hackers and bad employees cannot access any information that was never exposed. Concept Blossom produces the CBCrypt MIT open-source crypto library, performing login and encryption while never exposing any passwords or encryption keys.

News provided by

Concept Blossom, Inc.

Sep 17, 2015, 01:59 ET

ARLINGTON, Mass., Sept. 17, 2015 /PRNewswire/ -- Everyone knows they shouldn't reuse passwords across different sites, but it's common practice anyway. The problem is, despite using secure HTTPS and encryption on the server, you must assume that any hackers or bad employees with access to the password file can also tamper with the server-side encryption programs or access passwords in server memory before encryption. So imagine if it were possible during login, for users to prove they know their password, without exposing it. Suddenly, it wouldn't matter so much if they reuse passwords on different sites. Passwords and encrypted data would remain secure, even against hackers or bad employees on the server.

To cryptographers, the phrase "prove you know something secret without exposing it" instantly suggests "use asymmetric cryptography." Asymmetric cryptography has been around for decades. It's very well understood, stable, and secure, but in the past when users have used asymmetric keys, they needed to carry some sort of key manager, key files, or other device. Asymmetric keys are simply too large for a human to memorize or type in. The CBCrypt MIT open-source crypto library developed by Concept Blossom, solves this problem by standardizing a technique to derive asymmetric keys from the user's password.

The goal of CBCrypt is to integrate with every web browser and every app. There is never an advantage to using the old, current industry standard of sending passwords to servers. CBCrypt does not require users to change any behavior or learn anything new. It's all gain and no pain for users, and a total loss for cybercriminals.

About Concept Blossom, Inc.
Concept Blossom, Inc. www.conceptblossom.com leads the industry with file sync and sharing that never exposes passwords or encryption keys under any circumstances, and aims to lead all industries worldwide into a new age of improved security.

CONTACT:
Edward Ned Harvey, CEO 
[email protected] 
(617) 863-3324

Logo - http://photos.prnewswire.com/prnh/20150917/267705LOGO

SOURCE Concept Blossom, Inc.

Related Links

http://www.synctuary.org

21%

more press release views with 
Request a Demo