Cynorix Password Guardian
Benefits: Enables users to locally reconstruct forgotten passwords/keys without storing any information about the password/key (neither on the client’s device, nor external to the client’s device in the cloud), with zero information leakage.
Cynorix Password Guardian (CPG) is a novel technique to protect your password(s), and encryption key(s). Vast majority of data breaches occur when a hacker gains access to your password. Although passwords are converted into a gibberish form using hashing technique, in most cases hackers can reverse engineer the hashing operation and extract the password in plain text. On the other hand, when you encrypt a file on your local hard-drive or smart phone, the encryption key is constructed from your password. This means if hackers gain access to your password, they can use it to decipher your encrypted files. One solution is that you use a complex password. The danger is that, complex passwords are hard to remember, and if forgotten, encrypted files will be lost forever. To avoid such undesirable and potentially life changing circumstances, people are advised to keep a record of their passwords, either by taking some form of a note, or by using services available for password storage. The problem with either of these approaches is that the password is recorded and this act alone contradicts the first and most basic requirement for security. To address this shortcoming, CPG provides means to recover lost passwords without keeping a copy of the password on any external server, nor storing any information that could help hackers to extract the password. CPG achieves this goal by storing a transformation that can be used to recover the password. The transformation itself does not provide any information about the password. For the transformation to work, its input should be formed from valid answers to some security questions that are selected by the password owner. Cynorix server stores the transformation and the questions, which by themselves do not disclose any information about the password. To recover the password, upon carefully authenticating the claimant, the corresponding transformation and its associated questions are sent to the password owner over a transmission path which is doubly secured using Cynorix key generation technology. These are used on the owner’s local device (computer or PDA) to recover the password. The recovered password is shown to the owner, and then it is erased, and the transformation is discarded as well (is replaced by a new, independent transformation).