Most of us are used to signing in to our favorite websites and services through providing a username/password and we're done! This is fine for the majority of people, but for those that need a bit more sophistication in their security life, public key cryptography is the way to go. Krypt.co, a security startup founded by two former MIT students and one of their professors has made the road to security sophistication much easier with Kryptonite.
An example of how public key cryptography works is if Bill wants to send Michael a top-secret plans on how they'll take over the World (or maybe he just wants to remotely login to Rocket Wagon's dev environment on WFH Wednesday), they'll be using two compentents to do so: a public key, which everyone knows, and a private key, which is personal. So, Bill will send an encoded message with Michael's public key. Once Michael receives said message, he will decode it with his super top-secret private key that he never shares with anyone. Basically, a private key is what you need to prove you are who you say you are over the interwebs.
In reality, Michael and Bill are software developers (krypt.co's target market) who deal with sensitive client information and source code for our client's websites and applications. Security of their private keys is of the utmost importance to us and our clients, so they utilize public key cryptography with an SSH private key (a protocol for secure remote login and other secure network services over an insecure network) to deploy their code and log into servers. A place to store this highly valuable private SSH key is the solution Krypt.co is solving with Kryptonite.
Historically, most would store their SSH private key as a plain text file on their computer, which is only as secure as you've built your laptop security. Kryptonite mentions why this way of storing your SSH key can be troublesome "Any application you run can read, use, and send off your private key without your knowledge. Even if your key is encrypted with a passphrase, every application can still use your private key. Kryptonite requires your explicit permission to use the private key and records every SSH access." Kryptonite securely generates and stores your private key on your smartphone through their app using the phone's built-in OS security. You can read more on that here.
In the end, this technology allows users to connect their computer(s) and initiate log in to a remote server. When a login attempt is made, the computers will send an authentication request directly to a user's phone where a push notication allows them to approve or deny access. "SSH using your phone as the authenticator?!...super super clever!" said Zac Siegel, RW's VP of Solution Architecture. Update: As of Monday 6/5, Rough Draft Ventures, General Catalyst, Slow Ventures, SV Angel and Akamai Labs also thought it was super clever when they provided a $1.2M seed round of funding to Krypt.co.
To find out more, download the app and up your security game, check it out yourself!
Sources: Krypto.co ; Techcrunch