Since standard HTTPS and SSL are not secure, we take what they did well and do it better. It’s been 20 years since they were implemented!
Tools like BREACH can crack HTTPS in a relatively short time (30 seconds) and worse, tools like SSLStrip can pretty much eliminate the need for cracking HTTPS just to steal passwords.
Experts say that in 2 to 5 years, HTTPS may be so easily cracked that we will need a a newer, tougher standard. A newer tougher standard needs to start being implemented now.
A newer tougher system is exactly what CipherTooth is.
CipherTooth’s unique methodology allows it to detect MItM attacks in real time. We keep all the good stuff and get rid of the weaknesses in HTTPS. CipherTooth can even run over the top of HTTPS, works well with Multi Factor Authentication, and when a site is constructed correctly, eliminates MItM, Phishing and Spoofing attacks.
What are some of the keys to our success?
- You are not dependent on a ‘third party’ to authenticate you – your website’s knowledge of your customer authenticates you.
- We don’t publish our code. Yes, publishing code lets others’ help you review it – it also lets the hackers review it.
- Constantly changing algorithms, keys, and protocols thwart deduction-based attacks like BREACH.
- You can throw away old keys, protocols and algorithms, and make hackers start over at will.
- Your security is where you can validate it, not layers away in a driver somewhere.
- You can automate generating new controls and updating your website.
- Hardened tunnels keep data safe from MItM, Sniffers, etc.
- You can randomize when new controls happen.
- Your customers can choose to use it or not; but if they ‘opt-out’, you are no longer liable.