Comment Great idea in theory, pointless in the real world (Score 1) 277
After reading though their paper and getting a better understanding of the exact protocols etc. I can say assuredly that this method of protecting a database from use-after-theft is pointless.
Here is my reasoning (Ignoring the possible patch to allow pre-knowledge authentication for now, as that leaks way too much information);
1/ The whole system relies on the use of a threshold system of password login attempts to dynamically build the in-memory database decryption key.
2/ That can either happen by one or more administrators attempting login after restart or by using a queued user authentication stack.
3/ In their own FAQ they state that weak passwords should be avoided as this weakens the system.
My assertion is that any real world use of this system is open to humans picking passwords, and humans are really bad at that. That being so, if I were to run an SQL injection to steal the user table I would do the following:-
a) From a dictionary of common "non-weak" human passwords (see recent thefts for the list) pick a password.
b) Run it using the sites hash, using the record salt against every entry, producing a possible hash Hp.
c) XOR that with the hash in the table to get a possible Shamir share Sp.
d) pick random lists of Sp and combine (derive constant from equasion) to see if a statistically significant number of entries agree on a table key C and the share ratio R.
e) If not successful, rinse and repeat with another password and/or repeat to confirm C.
This algorithm should under any normal use derive C in quite short order provided there are at least R+1 repeats of any provided password guess.