Wayner security flip gets real-life play in Wesabe's Grendel

Wesabe recently announced a a cool security trick called Grendel that can eliminate the most common kind of data breaches threatening identity theft (the kind that Albert Gonzalez perpetrated on TJX and other companies). Reading the description of Grendel, I realized it uses a simple idea independently discovered by security expert Peter Wayner, to be found in his chapter of O'Reilly's Beautiful Security and his own book Translucent Databases.

Wayner tells me his friends encouraged him to patent his idea, but he successfully resisted the urge, thinking that there was plenty of prior art in places like the classic Unix password hash. Conceptually, the idea is pretty simple: instead of allowing the vendor to store customer information and encrypt it while it passes over the Internet, let the client software encrypt in on the customer's side and store useless encrypted tokens in the central vendor database. Any attacker hitting a TJX in this scenario would get only gibberish instead of social security numbers.

This has certain downsides--the customer will lose his data if he forgets his password, and the vendor can't perform certain kinds of data mining--but it's impressive how much information a vendor can still get from manipulating the encrypted strings. For more information, check out Beautiful Security, Translucent Databases, and Wesabe.