I’ve been presenting a talk on Cryptography Pitfalls at various conferences the last few years. One section of the talk covers the evolution of password storage and the various data breaches the last few years. In addition to covering the various ways password storage has been done wrong, I also present the best solutions. Instead of recapping it again, you should just read Coda Hale’s blog post on the topic.
We’ve all seen the tense scene in a war movie where the order has come down to launch the nuclear missiles. The captain and his first officer each take out a special key they’ve had around their neck the whole time. Then they both insert their individual keys into the weapons computer and turn simultaneously. Despite being a popular motif, this is a real policy implemented by many military organizations, including the U.S. Air Force. Once you think about it this kind of policy is obvious, one person shouldn’t be able to launch nuclear weapons on their own. Trustworthy is like having a two-man rule for your data.