Skip to main content
banner image
venafi logo

Blockchain May Be Leading Us Toward More Secure Human Authentication. But What About Machines?

Blockchain May Be Leading Us Toward More Secure Human Authentication. But What About Machines?

blockchain and machine identities
September 17, 2019 | Guest Blogger: Kim Crawley

Blockchain has really been a buzzword for the past few years, and many people still don’t understand what it is. It’s not voodoo, and it’s not the answer to all of our problems.

There are good uses of Blockchain and bad uses. One of the good uses that I just learned about is to protect human identities—usernames and passwords. This is good news, but it also highlights the fact that, while we’re devoting significant resources to protect human identities, we’re still not doing enough to protect the identities of machines. I’ll discuss that in more detail later.



Good Uses for Blockchain

But before I move on, let me write briefly about good applications for Blockchain: in particular, the way it’s used for Bitcoin and many other cryptocurrencies. It makes sure that people’s transactions for buying, selling, and spending the currency are trustworthy and secure. Blockchain isn’t a magic wand. Blockchain is a way to chain a lot of data in blocks, in a decentralized manner. Blockchain binds each transaction or other such ledger data to the other transactions through encryption. A transaction record is only made when it’s cryptographically compatible with the other data on the ledger. And Blockchains are on millions of devices worldwide. Many copies of the Blockchains that Bitcoin uses could go offline, and the system would still work with its built-in redundancy. Plus, that redundancy makes everything more efficient.


All of that goodness has led to some pretty exciting new applications based on Blockchain technology, such as protecting human identities. Enter Tide.

The Tide Foundation Throws Down the Gauntlet

The Tide Foundation isn’t about laundry detergent or surfing. They’re a non-profit organization that’s working on an opensource framework for protecting personally identifiable information. That’s something we really need, and their proposal for using Blockchain technology could make user logins a lot more secure. Passwords are a notoriously problematic form of authentication. People forget their passwords, or they get sloppy and choose memorable passwords which are a lot weaker, and those often get reused, too. Data breaches expose passwords all the time, and cracking applications work quickly on passwords that are less than 30 characters. Password managers solve some of these problems, and I use one myself. But then I cross my fingers and hope my password manager doesn’t get breached, because then none of my passwords would be safe.

Tide’s Blockchain-based authentication system uses their technique which they call splintering. A detailed description of splintering is featured in a report by Tide’s José Luis Lobo, Yuval Hertzog, and Michael Loewy:


“The technique is intended to improve security without placing any further burden on an end-user, however, it is also complementary to existing secondary security techniques, such as Second Factor Authentication.

Blockchain-Based 'Splintering' is ...Extremely Safe

In pursuit of this objective, a technique named ‘Splintering’ was developed. At a high level, it involves reducing the size of any password fragments shared with ORKs (‘Orchestrated Recluder of Keys’) and spreads them across additional ORKs. This in order to achieve a level of fragmentation where conceptually, any individual ORK’s fragment is so common that the number of potential false positive matches to password alternatives renders a dictionary attack impractical...


If, rather than storing a full password hash on each ORK, only the first 16 bits (i.e. a 16 bit ‘Splinter’) is stored, then only that Splinter is available for comparison and we begin to see collisions, where the Splinter could potentially apply to numerous passwords. For example, a Splinter of ‘8d96’ could apply to both ‘123456’ and ‘linked92’. When an attacker attempts to employ a dictionary attack on these Splinters the result is no longer 100% certain, since different passwords share the same Splinters. If we reduce the size of the Splinter even further to 8 bits, the number of false positives becomes even greater.”


The Tide Foundation has put splintering through some thorough tests. They used a sample of 60 million user records from a publicly reported data breach. According to their research, splintering is 140,000 times more secure than conventional protections against a dictionary attack on passwords. In May, Tide offered a Bitcoin (worth around $10,000 USD, depending on the day) to whoever could crack single username and password combination encrypted and splintered using their technique. More than 6.5 million attempts were made, and none were successful. This sounds very promising!


"More than 6.5 million attempts were made, and none were successful."

I’m glad we’re making headway when it comes to better securing user identities. Unfortunately, it’s easy to overlook the vulnerability of machine identities. Machine identities are vital to securing everything from shopping on the web, to banking both online and offline, to assuring that cloud-driven applications aren’t tampered with. And many of the machines that need machine identities for security also govern encryption. Including the encryption of those user identities!


Forrester Weighs in on Machine Identity Intelligence

In March 2018, Venafi commissioned Forrester Consulting to examine the importance of managing and protecting machine identities in enterprises today, and to explore how prepared companies are to implement those protections. The study surveyed 350 IT and security decision makers across the US, UK, France, Germany, and Australia. From the Executive Summary:

“Ninety-six percent of companies agree that effective protection of machine and human identities is critical to the long-term security and viability of their companies, but 80% struggle with the delivery of important machine identity protection capabilities.


Seventy percent of companies are tracking less than half of potential machine identities, leaving them vulnerable to a wide range of security risks.”

That last statistic about the large number of machine identities that go untracked is the one that worries me the most. Let’s take the ingenuity that was applied to inventing a Blockchain technique to secure user identities and apply it to improving the security of machine identities. It doesn’t even have to involve Blockchain.



Related posts

Like this blog? We think you will love this.
image representing big data
Featured Blog

Was ist homomorphe Verschlüsselung, und wie wird sie verwendet?

Was ist homomorphe Verschlüsselung? Zweck der

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Guest Blogger: Kim Crawley
Guest Blogger: Kim Crawley

Kim Crawley writes about all areas of cybersecurity, with a particular interest in malware and social engineering. In addition to Venafi, she also contributes to Tripwire, AlienVault, and Cylance’s blogs. She has previously worked for Sophos and Infosecurity Magazine.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more