“Completely secure your passwords against offline attack, even if your password database is stolen.”

That’s the message from TapLink, one of the two winners of the Clouded Leopards Den! On April 23 at the NetEvents Cloud Innovation Summit, we learned that the early-stage startup winner of the 2015 competition was TapLink, a security company based in San Jose, California. The later-stage startup was Viptela. This week, we’re going to get up close with TapLink.

According to the company, “TapLink was founded by serial entrepreneur Jeremy Spilman after his own password was compromised in a major credential breach in 2012. That kicked off the search for a better way to completely protect passwords from offline attack, even if the password database is stolen. TapLink’s patented Blind Hashing Technology works in conjunction with a company’s existing password defenses, systems and processes to provide this landmark level of security in the face of persistent attacks.”

Based on that experience, Spilman invented a technology called Blind Hashing, which combines traditional hashing methods with a large pool of random, uncompressed data. A user’s password hash is essentially an index into TapLink’s data pool — which is so large that it can’t be stolen or copies, and protected against corruption or destruction. After a hash lookup, the results are used a key for further hashing or for validation.

“In this manner, your hashes are blinded by the data pool such that each attempt to store or verify a password would need to be able to read the same block from the data pool to complete. An attacker would need to query the data pool separately for each guess at a single user’s password,” says the company.

Cool, eh? Learn more about TapLink through this short one-minute video. Congratulations to TapLink, one of the two winners of the Clouded Leopards Den 2015 competition for cloud innovation!

Taplink