Beruflich Dokumente
Kultur Dokumente
Abstract— Password based authentication is the widely used Negative Password from a given plain password for securely
form of authentication. Secure storage of this password is vital storing passwords on the database. According to this
for any authentication system. Our implementation provides framework, first, the plain password given by the client is
secure authentication and password storage scheme that can be hashed using a cryptographic hash function. Then, this
integrated with existing authentication systems. This scheme hashed password is transformed into a negative password.
uses Encrypted Negative Password(ENP) which is capable of
crippling precomputation attacks to a greater extent. Our
Finally, the negative password is encrypted using a
authentication solution receives plain password from the client symmetric-key algorithm that results in an Encrypted
and runs it down through multiple layers of security functions. negative password.
Initially, received plain password from the client is hashed using
The cryptographic hash function and symmetric
cryptographic hash function. Intermediate phase of this solution
involves transforming this hashed password into a negative
encryption gives strong security that makes it difficult to
password. Using a symmetric key algorithm the generated crack passwords. Furthermore, for a given plain password
negative password is encrypted. Finally, solution is deployed on there exists lots of corresponding ENPs this makes it
a virtual machine as a cloud service that can be used by various impervious to precomputation attacks. The authors have put
application vendors. forth two implementations of ENP: ENP1 and ENP2
including their generation and verification algorithms.
KEYWORDS: authentication, encryption, security, negative
password, password storage. The analysis and comparison of attack complexity
of hashed password, salted password, key stretching and the
ENP shows that the ENP could withstand lookup table
I. INTRODUCTION attacks, it does so without introducing extra element(e.g.,
Despite a growing number of graphical and biometric salt) and under dictionary attacks ENP provides stronger
authentication mechanisms, passwords remain the dominant password protection[1].
method of authentication due to for its low cost availability
M. C. Ah Kioon, Z. S. Wang, and S. Deb, In their
and ease of deployment. Since passwords are commonly used
paper provide analyses and security risks of a variant of
to protect accounts with valuable assets (e.g., Bank or Email
hashing algorithm called MD5 and they also provide different
accounts), they have increasingly been subjected to several
solutions, such as salts and iterative hashing. They have also
attacks[*]. Carrying out an online guessing attack is usually
proposed new approaches to using the MD5 algorithm in
limited by keeping a fixed number of login attempts.
password protection[2].
However, passwords may be leaked from weak systems.
Vulnerabilities are constantly being discovered, and not all MD5 is a commonly used form of Hashing
systems could be timely patched to resist attacks, which gives algorithm. An hashing algorithm takes a plain password of
adversaries an opportunity to illegally access weak systems arbitrary size and converts it into strings of fixed size.
[*]. Since passwords are often reused, adversaries may log Hashing provides a one-way encryption feature which makes
into high security systems through cracked passwords from it theoretically difficult for hackers to decipher them.
less secured systems. However, dictionary attacks and rainbow table attacks are
possible to thwart these attacks the authors have proposed six
Typical password protection schemes include hashed
solutions viz; using a strong password whose probability of
password, salted password and key stretching. Studying and
existing in a dictionary are less, using salts, key stretching,
analyzing complexities introduced by various schemes, we
chaining method of hashing, encrypting the password before
incorporated Encrypted Negative Password scheme in our
hashing and XORing cipher [2]
solution as it does not introduce extra elements and is more
efficient than the typical password protection schemes. A. Biryukov,D. Dinu, and D. Khovratovich have
proposed an hashing scheme called Argon2. Argon2
II. LITERATURE REVIEW summarizes the state of the art in the design of memory-hard
functions. It is a streamlined and simple design. It aims at the
W. Luo, Y. Hu, H. Jiang and J. Wang have proposed
highest memory filling rate and effective use of multiple
a password protection scheme that derives Encrypted
computing units, while still providing defense against