BostInno
With Krypt.co, Not Even Superman Could Steal Your Password
By: Lucia Maffei
The fact that Krypt.co is somehow the buzz of the tech scene in Boston is ironic since this company's name sounds almost like the ancient Greek prefix for "hidden" or "secret." In reality, the name Krypt.co is a play on two words.
The first one is cryptography - the art of using codes to protect private information is at the core of the services the company provides.
The second word is kryptonite - the fictional radioactive element that makes Superman weak. Since Krypt.co is in the field of information security, the name is meant to evoke something so secure that even a superhero would not be able to break it.
"Of course, nothing is unbreakable in security," Alex Grinman, one of the three co-founders, acknowledged in an interview with BostInno.
Grinman got in touch with the other tow co-founders, Kevin King and David Gifford, in late 2015. At that time, David was Alex’s academic adviser at MIT and Alex met Kevin in an advanced cryptography class. The three shared a passion for public key cryptography that ultimately led them to found the company.
To explain what public key cryptography is, and what Krypt.co does, let's start with a common scenario. Traditionally, most people log into websites and other services by providing a username and password, as I did on Wordpress to write this story.
“The problem with this form of authentication is that you actually give away your password every time you use it,” Grinman said. “It can be stolen in many different ways: for instance, if someone tricks you into going to Facebook2.com, and then you enter your Facebook password, they can steal your password and steal your account.”
Public key cryptography addresses the needs of users who need a more sophisticated level of security. In this case, users send and receive messages by using two components: a public key, which everybody knows, and a private key, which is personal. For example: if John wants to send Jane a secret message, he will cipher the message with Jane’s public key, which John knows. Once Jane got the message, she will decipher it with her exclusive private key she never discloses. Ultimately, a private key is what you need to prove your identity on the web.
Finding a safe enough place to store such a valuable information is the problem that Krypt.co wants to solve. According to Alex, most software developers - which are the target market of the company - use public key cryptography combined with a protocol called SSH to deploy code and log into servers. They store their SSH private key as a plain text file on their computer, Alex said, where it’s not protected by anything.
Thanks to the technology enabled by the company, the private key is generated on the smartphone of the private key owner and never leaves it.
“Instead, you can pair your phone with all your computers,” Alex said. “So, every time you want to log into a remote server or deploy code, you do exactly what you did before, except now your computer calls out your phone and ask it to do this signature.”
Should someone lose a smartphone, the owner could change his or her private key and store it on a new phone. Another procedure to strengthen access security is the two-step authentication. After providing a password, users have to type into a new page a six-digit code they receive on their phone.
The difference with what Krypt.co offers is that a six-digit code is potentially more easy to hack than a private key, which can be longer and include text and symbols. But the main advantage of Krypt.co is the usability, the company said. “We send a push notification to your phone, and you just say ‘allow’ or ‘reject,’” Alex said.
Located in the South End, the company offers two products: Core, free to use and meant for single developers, and Command, for teams. Currently, Krypt.co is figuring out the pricing for its Command version.
Grinman said they’re not ready to release their funding information yet. But the fact that this company grabbed a lot of attention is not a secret anymore.
