# How QWERX Uses Time to Strengthen Device Authentication Conventional thinking measures security in terms of the strength of the key and the lock. We are all familiar with the concept that a 256-bit key is stronger than a 64-bt key, even though a 64-bit key can produce 18,446,744,073,709,551,616 distinct values.

Conventional thinking measures strength by determining how long it would take a fast computer to break a strong key. The number is usually measured in years and that is considered to be good enough.

There are two basic problems with this approach:

1. Computers are getting faster -- and even faster quantum computers are almost a reality.
2. It only takes a fraction of a second to steal a key, regardless of how strong it might be.

At QWERX, we take an entirely different view: that of security over time. Instead of measuring a key simply as a matter of bits, we measure it in bits divided by its useful life, expressed in seconds. We chose seconds, because fast computers can do a lot of computations in a second and an attacker can steal millions of keys in a second.

For example: A very strong key, like a 2048-bit key refreshed every 30 days (the best of today's best practices) would have a security value of 2048 (bits) divided by 2,592,000 (the number of seconds in 30 days). The result is a QWERX security value of 0.00079012345679.

A 64-bit key refreshed every tenth of a second in a QWERX-protected device would be treated as a value of 64 (bits) divided by 0.1. The result is a QWERX security value of 640, or 810,000 times stronger than the 2048-bit key in standard application for securing device authentication.

Bits plus time equals exponentially stronger security. That’s the QWERX solution.