Frequently Asked Questions
This is the place where we answer frequently asked questions:
If you have any questions not answered here you are welcome to contact us. You find the link in the top menu.
Why do we not adhere to Kerckhoffs's principle, you ask?
The answer is simple: we’re not reinventing cryptography. P55 isn’t about creating a new cryptographic algorithm; it’s about building on the solid foundation of existing ones. For example, we’ve openly stated that SHA512 and/or Blake3 plays a role in our solution, but that’s just one piece of what makes P55 unique.
Think of it like cooking. Just as chefs use familiar ingredients to create something entirely new, we blend proven cryptographic methods in a way that’s unique to us. While we mention SHA3512 or Blake3, much like a recipe listing chicken, the real magic is in how we combine these elements — our secret sauce, if you will, similar to KFC's famous recipe. That’s why you won’t see SHA3512 or Blake3 in our branding; they’re just part of the mix behind the P55 technology.
If we’d developed an entirely new cryptographic algorithm, we’d have leaned more into Kerckhoffs’s principle. But with our current approach, it’s not a necessity.
Also, take a look at the answer to “Is P55 ProGuard using a cryptographic hash?” below.
But static hashing algorithms doesn't always generate static results. What about salt and pepper?
The essence of static hashing algorithms lies precisely in their static nature. By definition, they produce consistent outcomes. Even when incorporating a salt, the resultant hash remains static; altering the salt for every instance necessitates storing it, which does not fundamentally alter the vulnerability of the system. The equation of salt+password equating to a static hash underscores this limitation.
P55, on the other hand, obviates the need for either salt or pepper. Its design inherently embraces dynamism, distinguishing it from the superficial variability introduced by salt and pepper.
How does the P55 generate dynamic hashes?
The P55 algorithm is a groundbreaking innovation in the realm of dynamic hash creation and verification. Its core is built on decades of research and has been scrutinized by top universities in the world. Exactly how the P55 technology works will remain a closely guarded secret.
Does P55 ProGuard save anything?
No. The system is completely self-contained and only need enough space for logs.
What are the requirements?
In short, Linux. You can either run it as a daemon or use our conventient Docker container. The hardware depends on the number of simultanious logins. We have successfully tested P55 ProGuard on a Raspberry Pi 4 and could create a few thousands P55 hashes per second.
For our P55 DynaKey you will have to incoporate the libraries into your own program. See the interfaces on https://docs.innoviguard.com
How do I get P55 ProGuard/P55 OTP?
By contacting us. For now we build each Docker container or daemon manually.
Where can I download the P55 DynaKey libraries?
Contact us.
Can the P55 hash be brute-forced?
The answer is unequivocally no. The P55 hash is designed with built-in security features that make it immune to brute-force attacks. However, there is a nuanced point to consider: the P55 ProGuard software that generates these hashes can, theoretically, be used to brute-force the password. To mitigate this risk, we've engineered each installation of P55 ProGuard to be unique. This means that if P55 hashes are acquired during a data breach, only the specific P55 ProGuard installation that created those hashes can be used to brute-force them.
To put it plainly: If a hacker has their own installation of P55 ProGuard, they would only be able to brute-force the P55 hashes generated by their own system, not those created by any other system.
Is P55 ProGuard complicated to set up and use?
The short answer is: No. The long answer is: No, not at all. Somewhat of an explanation: The hashes you, today, have in your database will be replaced by P55 hashes. This will be synced in the background. The P55 ProGuard will handle the verification of the password when the user logs in. The user does not even need to know, but we hope you will tell them that their passwords are finaly safe.
How do you know that the P55 hash is Quantum-Resilient?
This has not been tested yet, but considering how the P55 hash is calculated, it SHOULD be resistant. We welcome any and all attempts to prove us right or wrong.
Is P55 ProGuard using a cryptographic hash?
No, it's not cryptographic hash. At it's core it has cryptographic algorithms that has been test and tried by world leading universities and cryptologists around the world such as SHA3 512 and Blake3.
Can I have a demo license to try it out?
I am sure something can be arranged. Just contact us.