Big Changes at InnoviGuard: A New Name, Same Mission—But Expanded!
As of today, we’ve officially changed our name from PassWard to InnoviGuard. Why the change? Over time, our P55 technology has grown beyond just passwords. It’s now a dynamic, versatile solution that enhances security across multiple areas—from user authentication to safeguarding critical infrastructure. Our new name reflects this broader vision of innovation and protection. But that’s not all! We’ve also joined the Ideon incubator program, which is helping us take InnoviGuard to the next level. We’re surrounded by great minds, building new connections, and strengthening our mission to rethink cybersecurity in ways that are not just static but dynamic and adaptable. We’d like to take a moment to thank Maria Sjödin for her incredible work on our new logo, which perfectly captures the fresh, bold direction we’re heading in. It’s a small thing that makes a big statement about who we are and where we’re going. As we continue to grow, we remain focused on the same mission: pioneering the next generation of cybersecurity. With P55 at the heart of it all, we are committed to providing innovative, reliable, and adaptable security solutions that meet the ever-evolving challenges of today’s digital world. Stay tuned for what’s to come. Exciting times are ahead! Carl Hendrix – Founder
The Enduring Legacy of Passwords in an Age of Digital Innovation
Introduction In the dynamic landscape of online security, conversations often turn to new innovations aimed at replacing the venerable password. Despite significant technological advancements, passwords continue to be a fundamental part of our digital lives. This article explores why, in an era filled with digital innovations, the straightforward password maintains its importance. The Universal Appeal of Passwords Passwords stand as the cornerstone of digital security. They are familiar to users and straightforward for developers to implement. This universal familiarity, coupled with the minimal technical requirements for their usage, ensures that passwords are accessible to everyone. This accessibility bridges the gap between regions rich in technological advancements and those with limited access to the latest digital tools. Technological Contenders: The Quest to Replace Passwords Over the years, many technologies have been heralded as the final replacements for passwords. From biometric authentication to hardware tokens and beyond, each innovation has promised enhanced security and greater convenience. However, rather than replacing passwords, these technologies have often found roles supplementing them. This is due to various challenges related to adoption and implementation. For example: Biometric Authentication: Once thought to be the end of passwords, biometrics now often complements them in multi-factor authentication systems. Hardware Tokens: These devices generate unique codes but have been overshadowed by the convenience of software-based solutions. Passphrase Picture Cards: Despite their innovative approach, they have not gained widespread popularity due to challenges with scalability and memorability. Cognitive Passwords: These have proven insecure, as attackers can easily guess or obtain the personal information used. Graphical Passwords: While intuitive, they have faced practicality issues and security vulnerabilities. Despite the promise of new security technologies, several factors have prevented them from completely replacing passwords. Issues such as compatibility, user autonomy, recovery options, and the costs of implementation have all contributed to the persistence of passwords in digital security strategies. Special Considerations in Hardware-Limited Environments In areas like IoT, critical infrastructure, and factory OT, the security landscape is markedly different. These environments often involve hardware with limited computational capabilities, posing challenges for the adoption of advanced security technologies. Moreover, the critical nature of these systems necessitates a cautious approach to security updates to avoid disrupting essential services. Navigating Security in IoT and OT Systems For IoT and OT systems, achieving a balance between security, operational efficiency, and hardware limitations requires creative solutions. Passwords continue to provide a foundational layer of security. However, the development of lightweight cryptographic solutions and secure communication protocols is essential. These efforts aim to bolster security without straining the limited resources of these critical systems, underscoring the importance of ongoing research and development in this area. Key Reasons Passwords Persist The reasons for the enduring presence of passwords are numerous: Universal Familiarity: Passwords are like old keys that fit many locks, understood by everyone without the need for special technology. Systemic Inertia: The internet’s infrastructure is deeply embedded with password-based security, making transitions to new systems costly and complex. Compatibility Concerns: The simplicity of passwords ensures they work everywhere, unlike newer technologies which may face support issues. User Autonomy: People appreciate the ease of creating and changing passwords, giving them control over their online security. Recovery Options: Passwords offer simpler account recovery processes compared to some newer technologies. Economic Considerations for Businesses: Adopting new security methods can be expensive, involving updates to systems and employee training. Technological Disparities: Passwords provide a low-tech solution that remains effective worldwide, regardless of technological access. Regulatory Compatibility: Many security regulations are designed with passwords in mind, requiring updates to accommodate technological changes. From their universal familiarity and ease of use to the significant challenges associated with overhauling existing systems and regulations, passwords offer simplicity and control that newer technologies struggle to match. The Future of Digital Authentication As we navigate the complexities of digital security, the future of authentication seems to lie not in eliminating passwords but in evolving and integrating them with other security measures. In both personal and professional realms, especially within environments like IoT and OT, the journey towards more secure, efficient, and user-friendly authentication methods continues. Passwords, celebrated for their adaptability and accessibility, are likely to remain a crucial part of this journey, complementing new technologies to ensure the security of our digital world. At InnoviGuard, we believe that passwords will continue to be a central element of authentication processes for years to come. Recognizing the diverse challenges outlined earlier, we have developed P55 ProGuard and other P55 low-impact solutions tailored to a variety of environments. Managing passwords effectively allows for comprehensive protection, avoiding the pitfalls many companies face when their customers’ credentials are compromised. If you would like to know more you are welcome to contact sales@innoviguard.com.
Stargazing into Security: The Journey to Crafting P55, the Uncrackable Hash
Introduction: The Poetic Musings of Hashing Explaining complex concepts can be challenging, and I’ve been wrestling with this task for the past few days. The idea is crystal clear in my mind, almost as if I can see it right before my eyes. Let me attempt to articulate it. However, I must caution you that it might come across as the musings of a budget poet or a rambling, inebriated author. The Legacy of Hashes: A Starlit Comparison For many years, hashing technology has been the cornerstone for storing passwords securely, enabling their later verification. This method involves hashing an incoming password in the same way as the stored hash, then comparing the two. Because legacy hashes consistently produce identical outcomes, they facilitate easy comparison. The Limitations of Predictability in Cybersecurity This system is generally effective, but the predictability of legacy hashes is a drawback. Their security strength is limited to the number of characters represented. By systematically guessing each character, from ‘a’ to ‘b’ and so forth, until the guessed input’s hash matches the stored hash, one can deduce the original input through brute force. Envisioning a New Universe: The Birth of Faux-Dynamic Hashes Now a mental exercise: We are standing in a field on a clear night, looking up to see the vast emptiness of space without stars, nebulae, or even the moon. This represents the hash with no input. When we input a character, it’s as if the heavens light up with trillions of stars, the Milky Way, and stunning constellations, reminiscent of the night sky we’re accustomed to. Though these celestial bodies appear fixed and the stars are an illusion. With one character input, our star-filled sky actually contains only one star. Guessing this character allows us to produce a sky that looks identical. Once we achieve the same celestial view, we’ve found the original input. Naturally, changing or adding to the input alters the positions of the stars in the sky, representing the new input. Hashes have always functioned in this manner. Over time, more complex algorithms have been developed, with a notable increase in hash length to counteract rising computational abilities and cryptanalytic methods. However, the complexity of the algorithm becomes irrelevant if its output is predictable, leaving it susceptible to brute-force attacks. To combat this, new technology have been introduced, significantly lengthening the time required to brute-force a password. This approach comes at a cost: not only does generating the hash require more power and sometimes more time, but guessing it also demands more energy. From my perspective, this approach seems like a desperate measure and an unfavorable path, as it incurs higher costs for legitimate users as well. In the cybersecurity field, we’ve attempted to innovate what I refer to as ‘faux-dynamic hashes’. We try to move the stars to trick the hacker. This method involves adding random characters, known as salt and pepper, to either the beginning or end of the password. This strategy effectively extends the number of characters that must be brute-forced. However, this approach has its shortcomings. Firstly, the salt and pepper must be stored somewhere, peppers are often saved in a configuration file and the salts are often placed in the database alongside the hash they’re meant to secure. If an attacker accesses the hash but not the salt, the hash remains static. The Milky Way is still appearing as still as time to a child on the eve of Christmas. The P55 Revolution: A Cosmic Shift in Hashing We need to break free from the bonds of the past and invent a solution that is as good as SHA512 but that does not generate predicable results. We are trapped in Schrodinger’s box, frozen in time, and all we focus on is the vial with poison that may or may not be broken. At least that’s how I felt about static hashing algorithms before I started working on the creation of, what now is called, P55. Standing on the shoulders of giants I decided to take SHA512 and use it in new and imaginative ways. Creating something that has never been seen before and making the impossible, possible. In other words work towards making a verifiable dynamic technology. Redefining Security: The Simplicity and Strength of P55 Imagine once more gazing into the night sky, but through the lens of P55. With a single letter input, “a” we introduce it into this vastness, resulting in a space filled with a nearly infinite array of stars, galaxies, and nebulae, all radiating in an array of unimaginable colors. Moreover, you can perceive across 10^379 dimensions, each teeming with as many stars. The most astonishing aspect is that each time you look at the sky, the positions of the stars shift across all dimensions, including our own. In the blink of an eye, the familiar becomes unrecognizable. The illusion of a plentiful sky but in reality only contain one star is no longer there. We can no longer use brute-force to get the same sky since the sky is constantly changing. Even if you know the one letter password of “a” getting the same sky twice is virtually impossible thereby eliminating the brute force threat and we don’t need to bother with salt or pepper. I might have gone overboard with the length of the hash but computers are fast and getting faster so we might as well overdo it. The strength, no longer, come from long and complex passwords with special characters. It comes from the extreme complexity of the technology and the resulting hash. We can return to easy to remember passwords, although they should not be easily guessable. There are plenty more security features built into the technology that I can’t go into now. Beyond the Technology: Ensuring Unique System Security with P55 But that was not enough, I had to make sure that each system that uses P55 is completely different from other P55 systems so that an adversary can’t purchase a P55 system and then