How QWERX Uses Time to Strengthen Device Authentication

Keys with clocks floating on a black background

Conventional thinking measures security in terms of the strength of the key and the lock. We are all familiar with the concept that a 256-bit key is stronger than a 64-bt key, even though a 64-bit key can produce 18,446,744,073,709,551,616 distinct values.

Conventional thinking measures strength by determining how long it would take a fast computer to break a strong key. The number is usually measured in years and that is considered to be good enough.

There are two basic problems with this approach:

  1. Computers are getting faster -- and even faster quantum computers are almost a reality.
  2. It only takes a fraction of a second to steal a key, regardless of how strong it might be.

At QWERX, we take an entirely different view: that of security over time. Instead of measuring a key simply as a matter of bits, we measure it in bits divided by its useful life, expressed in seconds. We chose seconds, because fast computers can do a lot of computations in a second and an attacker can steal millions of keys in a second. 

For example: A very strong key, like a 2048-bit key refreshed every 30 days (the best of today's best practices) would have a security value of 2048 (bits) divided by 2,592,000 (the number of seconds in 30 days). The result is a QWERX security value of 0.00079012345679.

A 64-bit key refreshed every tenth of a second in a QWERX-protected device would be treated as a value of 64 (bits) divided by 0.1. The result is a QWERX security value of 640, or 810,000 times stronger than the 2048-bit key in standard application for securing device authentication.

Bits plus time equals exponentially stronger security. That’s the QWERX solution.

Interested in how QWERX designed exponentially stronger device authentication into a lightweight, quantum-proof SaaS solution? Click here to learn more.

Leave a Comment