Stacked Up

Jeremy Spilman


Recent Posts

So what is the answer for those who can't afford or want an alternative to HSM's?

November 27, 2018 / by Jeremy Spilman posted in BlindHash Technology, password security, ecommerce cybersecurity

0 Comments

BlindHash Cyber Protection is similar to an HSM in some ways -- both are an additive layer of security to protect crucial secrets, even if an attacker is able to access the database. But the BlindHash approach is quite different. Instead of playing the same game of trying to hide a tiny secret key from an attacker, we protect secrets with our patented data pool model. With BlindHash, an attacker would have to physically steal the entire data pool off our servers. Just based on the physics of the size of the pool versus the speed of the network, this process becomes easy to detect and easy to defend against.

Read More

An Alternative to HSMs?

November 27, 2018 / by Jeremy Spilman posted in BlindHash Technology, password security, ecommerce cybersecurity

0 Comments

For years, large sized banks and corporations have been using Hardware Security Modules (HSMs) to help perform their secure cryptographic operations. HSMs are certified by NIST under FIPS 140-2, which is a set of standards and requirements governing the design of the hardware and software components of the HSM. FIPS 140-2 can provide some assurance that the overall system, including hardware tamper resistance, cryptographic primitives, and even user management and configuration, are designed to resist intrusion. HSMs provide a system to generate and store secret keys, and perform cryptographic operations using those keys inside a protected enclave. In short, an HSM holds secret keys inside a closed-source “black box” which in theory an attacker cannot access.

Read More

Once Cracked Twice Shy - A Blacklist Too Far?

February 26, 2018 / by Jeremy Spilman

0 Comments

Read More