IntroductionVirgil Security’s Password-Hardened Encryption (PHE) service replaces password hashing with a more cryptographic solution that prevents brute-force attacks on passwords and sensitive data stored in the database, and allows developers to instantly render a stolen database useless without any inconvenience to the end users.Transparent Data Encryption (TDE) protects you from stealing database files but useless if someone got access to a live instance via stealing credits or SQL injection. End-to-end encryption is immune to live instance breaches & insiders who might want to have a look at your client's data. It allows client to explicitly chose who has access to his data using encryption before data even gets to the database.Virgil created PureKit - the ultimate password & personal data protecting solution, and E3Kit - end-to-end secure data sharing solution. Together these products overcome TDE flaws and allow companies to build secure infrastructures no matter on or offline.The Virgil PureKit SDK makes implementing PHE’s advanced cryptography accessible to the average developer. Take a look at the Virgil Security's PHE Service Technical Paper for more information about the technical details.How does PHE work?Virgil’s offering consists of a cloud service plus open source SDKs which together implement the PHE protocol.The protocol consists of two phases:Enrollment. During the enrollment phase, the client requests cryptographic data from the server to bind a user's password and random encryption key to it thereby creating an enrollment record.Login. During the login phase, the client attempts to unbind the server's cryptographic information from the enrollment record using the user provided password and if this process succeeds, only then is the client able to decode the encryption key used to protect the user's personal data.To verify a user's password, the client communicates with the server and provides the same cryptographic data that was supplied during the enrollment phase. This makes it impossible to get to the user's passwords even if the database was compromised, which is an especially useful feature for SMBs who don’t have the resources to manage the fallout from a data breach.Having a unique encryption key per user record makes it possible to decrypt personal data only if the user supplied the correct passwordThis technology can be used within any database or login system that uses a password, so it’s accessible for SMBs of any industry or size. And the potential impact could eliminate password and database breaches completely, which is not an exaggeration.Virgil provides PureKit SDK that allows developers to communicate with the PHE service and perform necessary operation to protect users' passwords and personal identifiable information.