A Private Key So Strong They Call it Kryptonite

Developers take note! This MIT-born security startup has developed a mobile home for your SSH private key.

Cyber security breaches are on the rise — up 38% in 2015 alone according to PwC. That’s the biggest increase in 12 years. What’s more, cybercrime is expected to cost businesses over $2 trillion by 2019 with the average US breach costing $7M.

The first line of defense in protecting a company from being hacked is its software engineers. Their credentials are often dubbed “the keys to the kingdom” because they grant access to a whole host of proprietary and confidential information including the company’s code base. But despite being so important, most developers store their login info in plain-text on their computer meaning any software a developer installs (i.e. Spotify, Slack, or a simple game) could read — and potentially steal — this info.

To address this problem, most sophisticated tech companies require developers to store this info on a separate USB device called a YubiKey. When stored on a YubiKey, the private key cannot be stolen by other applications. While this process is more secure, YubiKeys are expensive, difficult to configure, and are another device for developers to carry (not to mention lose/forget).

MIT-born krypt.co addresses this very problem with a next-generation, mobile-first security product based on strong cryptography. Founded in collaboration between MIT Masters students Alex Grinman and Kevin King and MIT Professor David Gifford, the startup’s marquee product, Kryptonite, is a new home for the developer’s SSH private key, right on their phone.

Kryptonite provides the best of both worlds: the security of having your private key never leave your phone with the convenience of using git and SSH as you normally do on your computer. It can be used without modifying any servers, allowing developers to secure their GitHub, AWS, and Google Cloud SSH credentials without any changes to their infrastructure. Kryptonite makes it easy to create an SSH key pair and store it securely.

The founding team brings strong backgrounds in cryptography, iOS development, and entrepreneurship. Professor David Gifford, who teaches computer science and engineering at MIT, is an expert in cryptography and secure electronic commerce. He has a notable background having co-founded Open Market (one of the first e-commerce IPOs), and Sightpath (acquired by Cisco for $800 million). He first got to know krypt.co co-founder Alex Grinman as his undergraduate advisor The two frequently discussed ideas about creating a commercial product to enable encrypted communication over any web application like Facebook or Reddit.

Founders Alex Grinman, Kevin King, and Professor Gifford

Alex brings an impressive background in iOS development having worked on iOS products at startups like Kayak, and Microsoft. At MIT, he studied mathematics and computer science, with a focus on cryptography for his Masters of Engineering.

Kevin started programming as an Android developer before studying Computer Science at MIT, specializing in Cryptography for his Masters of Engineering on the HElib encryption library. The two became friends when they took a theoretical cryptography class at MIT and bonded further over the need for well designed tools that enable anyone to use strong cryptography in their everyday work.

When Alex started working with David, he knew Kevin would be perfect for the team and the three joined forces to found krypt.co. The team attributes the resources at MIT as being vital to launching their company.

“At MIT, almost anyone you meet is willing and happy to give you their honest feedback and share their experiences with you. This is the most valuable resource.”

We’re excited to continue supporting Alex, Kevin, and Professor Gifford as they build a new home for the SSH key that even Superman can’t break. Follow the team on Twitter or read more on their blog!

Sources:

[1] 20 Eye-Opening Cybercrime Statistics [IBM]

[2] Cybercrime will cost businesses over $2 Trillion by 2019 (Juniper Research)

[3] 2016 Ponemon Cost of Data Breach Study: Global Analysis (IBM)