Joe Birr-Pixton has an interesting new blog post — with source code — on using Intel SGX in enclaves to help with creating strong passwords:
Using SGX to harden password hashing: SGX is a way of running security-sensitive user-mode code in an ‘enclave’. Code running in an enclave has its memory encrypted and authenticated, and cannot be observed by code running anywhere else. It’s able to use device-specific keys to encrypt (‘seal’) data to future executions of itself or enclaves signed by the same key. We can use SGX to harden password hashing, by imposing the restriction that it is only possible on our hardware. That means offline attack is no longer possible, and a database leak only contains undecryptable ciphertext. […]
Full post:
https://jbp.io/2016/01/17/using-sgx-to-hash-passwords/
https://github.com/ctz/sgx-pwenclave
Firmware Security 