Haseeb Ur Rahman, Mohd Asghar, Mohd Abdul Salman
Student, ISL Engineering college
Abstract
Secure password storage is a vital aspect in systems based on password authentication, which is most widely used authentication technique, despite some security flaws. In this paper, we propose a password authentication framework that is designed for secure password storage and could be easily integrated into existing authentication systems. In our framework, first, the received plain password from a client is hashed through a cryptographic hash function (e.g., SHA-256). The hashed password is converted into a negative password. Finally, the negative password is encrypted into an encrypted negative password (ENP) using a symmetric-key algorithm (e.g., AES), and multi-iteration encryption could be employed to further improve security. The cryptographic hash function and symmetric encryption make it difficult to crack passwords from ENPs. Moreover, there are lots of corresponding ENPs for a given plain password, which makes precomputation attacks (e.g., lookup table attack) infeasible. The algorithm complexity analyses and shows that the ENP could resist lookup table attack and provide stronger password protection under dictionary attack. It is worth mentioning that the ENP does not introduce extra elements; besides, the ENP could still resist precomputation attacks. Most importantly, the ENP is the first password protection scheme that combines the cryptographic hash function, the negative password, and the symmetric-key algorithm, without the need for additional information except the plain password.
Keywords: Plain parole, Cryptographic hash function, Encrypted negative parole,
Journal Name :
EPRA International Journal of Research & Development (IJRD)

VIEW PDF
Published on : 2021-05-17

Vol : 6
Issue : 5
Month : May
Year : 2021
Copyright © 2024 EPRA JOURNALS. All rights reserved
Developed by Peace Soft