Submit Search
Upload
A Survey of Password Attacks and Safe Hashing Algorithms
•
0 likes
•
42 views
IRJET Journal
Follow
https://www.irjet.net/archives/V4/i12/IRJET-V4I12284.pdf
Read less
Read more
Engineering
Report
Share
Report
Share
1 of 3
Download now
Download to read offline
Recommended
Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011
Kieon
Securing Mobile Data using Cryptography
Securing Mobile Data using Cryptography
Eswar Publications
Network security cryptographic hash function
Network security cryptographic hash function
Mijanur Rahman Milon
Se
Se
Kingg Ravi
How Hashing Algorithms Work
How Hashing Algorithms Work
CheapSSLsecurity
Security in Manets using Cryptography Algorithms
Security in Manets using Cryptography Algorithms
IRJET Journal
Hash function
Hash function
Salman Memon
Hash Function
Hash Function
stalin rijal
Recommended
Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011
Kieon
Securing Mobile Data using Cryptography
Securing Mobile Data using Cryptography
Eswar Publications
Network security cryptographic hash function
Network security cryptographic hash function
Mijanur Rahman Milon
Se
Se
Kingg Ravi
How Hashing Algorithms Work
How Hashing Algorithms Work
CheapSSLsecurity
Security in Manets using Cryptography Algorithms
Security in Manets using Cryptography Algorithms
IRJET Journal
Hash function
Hash function
Salman Memon
Hash Function
Hash Function
stalin rijal
Hashing
Hashing
Hossain Md Shakhawat
IRJET- Encrypted Negative Password using RSA Algorithm
IRJET- Encrypted Negative Password using RSA Algorithm
IRJET Journal
Hashing
Hashing
yashwantsingh122
Encrypted Negative Password using for Authentication
Encrypted Negative Password using for Authentication
ijtsrd
Securing Messages from Brute Force Attack by Combined Approach of Honey Encry...
Securing Messages from Brute Force Attack by Combined Approach of Honey Encry...
IRJET Journal
Hash crypto
Hash crypto
Harry Potter
Brute Force Attacks - Finding and Stopping them
Brute Force Attacks - Finding and Stopping them
FlowTraq
IRJET- Message Encryption using Hybrid Cryptography
IRJET- Message Encryption using Hybrid Cryptography
IRJET Journal
SPCHS Construction for Expeditious Keyword Search in Cipher Text
SPCHS Construction for Expeditious Keyword Search in Cipher Text
IJMTST Journal
Modified MD5 Algorithm for Password Encryption
Modified MD5 Algorithm for Password Encryption
International Journal of Computer and Communication System Engineering
Welcome to the world of hacking
Welcome to the world of hacking
Tjylen Veselyj
State of the art parallel approaches for
State of the art parallel approaches for
ijcsa
Proper passwordhashing
Proper passwordhashing
fangjiafu
White Paper on Cryptography
White Paper on Cryptography
Durgesh Malviya
Password hacking
Password hacking
Mr. FM
Searchable Encryption Systems
Searchable Encryption Systems
Christopher Frenz
Crypto
Crypto
university of Gujrat, pakistan
Paper id 311201535
Paper id 311201535
IJRAT
The SHA Hashing Algorithm
The SHA Hashing Algorithm
Bob Landstrom
IRJET- Login System for Web: Session Management using BCRYPTJS
IRJET- Login System for Web: Session Management using BCRYPTJS
IRJET Journal
Secure passwords-theory-and-practice
Secure passwords-theory-and-practice
Akash Mahajan
01204427-Hash_Crypto (1).ppt
01204427-Hash_Crypto (1).ppt
GnanalakshmiV
More Related Content
What's hot
Hashing
Hashing
Hossain Md Shakhawat
IRJET- Encrypted Negative Password using RSA Algorithm
IRJET- Encrypted Negative Password using RSA Algorithm
IRJET Journal
Hashing
Hashing
yashwantsingh122
Encrypted Negative Password using for Authentication
Encrypted Negative Password using for Authentication
ijtsrd
Securing Messages from Brute Force Attack by Combined Approach of Honey Encry...
Securing Messages from Brute Force Attack by Combined Approach of Honey Encry...
IRJET Journal
Hash crypto
Hash crypto
Harry Potter
Brute Force Attacks - Finding and Stopping them
Brute Force Attacks - Finding and Stopping them
FlowTraq
IRJET- Message Encryption using Hybrid Cryptography
IRJET- Message Encryption using Hybrid Cryptography
IRJET Journal
SPCHS Construction for Expeditious Keyword Search in Cipher Text
SPCHS Construction for Expeditious Keyword Search in Cipher Text
IJMTST Journal
Modified MD5 Algorithm for Password Encryption
Modified MD5 Algorithm for Password Encryption
International Journal of Computer and Communication System Engineering
Welcome to the world of hacking
Welcome to the world of hacking
Tjylen Veselyj
State of the art parallel approaches for
State of the art parallel approaches for
ijcsa
Proper passwordhashing
Proper passwordhashing
fangjiafu
White Paper on Cryptography
White Paper on Cryptography
Durgesh Malviya
Password hacking
Password hacking
Mr. FM
Searchable Encryption Systems
Searchable Encryption Systems
Christopher Frenz
Crypto
Crypto
university of Gujrat, pakistan
Paper id 311201535
Paper id 311201535
IJRAT
What's hot
(18)
Hashing
Hashing
IRJET- Encrypted Negative Password using RSA Algorithm
IRJET- Encrypted Negative Password using RSA Algorithm
Hashing
Hashing
Encrypted Negative Password using for Authentication
Encrypted Negative Password using for Authentication
Securing Messages from Brute Force Attack by Combined Approach of Honey Encry...
Securing Messages from Brute Force Attack by Combined Approach of Honey Encry...
Hash crypto
Hash crypto
Brute Force Attacks - Finding and Stopping them
Brute Force Attacks - Finding and Stopping them
IRJET- Message Encryption using Hybrid Cryptography
IRJET- Message Encryption using Hybrid Cryptography
SPCHS Construction for Expeditious Keyword Search in Cipher Text
SPCHS Construction for Expeditious Keyword Search in Cipher Text
Modified MD5 Algorithm for Password Encryption
Modified MD5 Algorithm for Password Encryption
Welcome to the world of hacking
Welcome to the world of hacking
State of the art parallel approaches for
State of the art parallel approaches for
Proper passwordhashing
Proper passwordhashing
White Paper on Cryptography
White Paper on Cryptography
Password hacking
Password hacking
Searchable Encryption Systems
Searchable Encryption Systems
Crypto
Crypto
Paper id 311201535
Paper id 311201535
Similar to A Survey of Password Attacks and Safe Hashing Algorithms
The SHA Hashing Algorithm
The SHA Hashing Algorithm
Bob Landstrom
IRJET- Login System for Web: Session Management using BCRYPTJS
IRJET- Login System for Web: Session Management using BCRYPTJS
IRJET Journal
Secure passwords-theory-and-practice
Secure passwords-theory-and-practice
Akash Mahajan
01204427-Hash_Crypto (1).ppt
01204427-Hash_Crypto (1).ppt
GnanalakshmiV
Hash_Crypto.ppt
Hash_Crypto.ppt
ssuser5297f5
Hashing Considerations In Web Applications
Hashing Considerations In Web Applications
Islam Heggo
Techniques for password hashing and cracking
Techniques for password hashing and cracking
Nipun Joshi
Passwords good badugly181212-2
Passwords good badugly181212-2
Iftach Ian Amit
Hash crypto
Hash crypto
Fraboni Ec
Hash crypto
Hash crypto
David Hoen
Hash crypto
Hash crypto
Luis Goldster
Hash crypto
Hash crypto
Young Alista
Hash crypto
Hash crypto
Tony Nguyen
Hash crypto
Hash crypto
James Wong
TM112 Meeting12-Cryptography.pptx
TM112 Meeting12-Cryptography.pptx
MohammedYusuf609377
HASH FUNCTIONS.pdf
HASH FUNCTIONS.pdf
KalsoomTahir2
The MD5 hashing algorithm
The MD5 hashing algorithm
Bob Landstrom
Mj2521372142
Mj2521372142
IJERA Editor
Implementation of De-Duplication Algorithm
Implementation of De-Duplication Algorithm
IRJET Journal
Comparative hash algorithm power point presentation
Comparative hash algorithm power point presentation
HajaAjmeerdeen
Similar to A Survey of Password Attacks and Safe Hashing Algorithms
(20)
The SHA Hashing Algorithm
The SHA Hashing Algorithm
IRJET- Login System for Web: Session Management using BCRYPTJS
IRJET- Login System for Web: Session Management using BCRYPTJS
Secure passwords-theory-and-practice
Secure passwords-theory-and-practice
01204427-Hash_Crypto (1).ppt
01204427-Hash_Crypto (1).ppt
Hash_Crypto.ppt
Hash_Crypto.ppt
Hashing Considerations In Web Applications
Hashing Considerations In Web Applications
Techniques for password hashing and cracking
Techniques for password hashing and cracking
Passwords good badugly181212-2
Passwords good badugly181212-2
Hash crypto
Hash crypto
Hash crypto
Hash crypto
Hash crypto
Hash crypto
Hash crypto
Hash crypto
Hash crypto
Hash crypto
Hash crypto
Hash crypto
TM112 Meeting12-Cryptography.pptx
TM112 Meeting12-Cryptography.pptx
HASH FUNCTIONS.pdf
HASH FUNCTIONS.pdf
The MD5 hashing algorithm
The MD5 hashing algorithm
Mj2521372142
Mj2521372142
Implementation of De-Duplication Algorithm
Implementation of De-Duplication Algorithm
Comparative hash algorithm power point presentation
Comparative hash algorithm power point presentation
More from IRJET Journal
TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...
TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...
IRJET Journal
STUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTURE
STUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTURE
IRJET Journal
A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...
A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...
IRJET Journal
Effect of Camber and Angles of Attack on Airfoil Characteristics
Effect of Camber and Angles of Attack on Airfoil Characteristics
IRJET Journal
A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...
A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...
IRJET Journal
Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...
Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...
IRJET Journal
Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...
Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...
IRJET Journal
A Review of “Seismic Response of RC Structures Having Plan and Vertical Irreg...
A Review of “Seismic Response of RC Structures Having Plan and Vertical Irreg...
IRJET Journal
A REVIEW ON MACHINE LEARNING IN ADAS
A REVIEW ON MACHINE LEARNING IN ADAS
IRJET Journal
Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...
Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...
IRJET Journal
P.E.B. Framed Structure Design and Analysis Using STAAD Pro
P.E.B. Framed Structure Design and Analysis Using STAAD Pro
IRJET Journal
A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...
A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...
IRJET Journal
Survey Paper on Cloud-Based Secured Healthcare System
Survey Paper on Cloud-Based Secured Healthcare System
IRJET Journal
Review on studies and research on widening of existing concrete bridges
Review on studies and research on widening of existing concrete bridges
IRJET Journal
React based fullstack edtech web application
React based fullstack edtech web application
IRJET Journal
A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...
A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...
IRJET Journal
A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.
A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.
IRJET Journal
Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...
Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...
IRJET Journal
Multistoried and Multi Bay Steel Building Frame by using Seismic Design
Multistoried and Multi Bay Steel Building Frame by using Seismic Design
IRJET Journal
Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...
Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...
IRJET Journal
More from IRJET Journal
(20)
TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...
TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...
STUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTURE
STUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTURE
A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...
A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...
Effect of Camber and Angles of Attack on Airfoil Characteristics
Effect of Camber and Angles of Attack on Airfoil Characteristics
A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...
A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...
Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...
Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...
Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...
Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...
A Review of “Seismic Response of RC Structures Having Plan and Vertical Irreg...
A Review of “Seismic Response of RC Structures Having Plan and Vertical Irreg...
A REVIEW ON MACHINE LEARNING IN ADAS
A REVIEW ON MACHINE LEARNING IN ADAS
Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...
Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...
P.E.B. Framed Structure Design and Analysis Using STAAD Pro
P.E.B. Framed Structure Design and Analysis Using STAAD Pro
A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...
A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...
Survey Paper on Cloud-Based Secured Healthcare System
Survey Paper on Cloud-Based Secured Healthcare System
Review on studies and research on widening of existing concrete bridges
Review on studies and research on widening of existing concrete bridges
React based fullstack edtech web application
React based fullstack edtech web application
A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...
A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...
A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.
A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.
Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...
Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...
Multistoried and Multi Bay Steel Building Frame by using Seismic Design
Multistoried and Multi Bay Steel Building Frame by using Seismic Design
Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...
Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...
Recently uploaded
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
Call Girls in Nagpur High Profile
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
SIVASHANKAR N
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
ssuser5c9d4b1
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
Tsuyoshi Horigome
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZTE
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
hassan khalil
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
soniya singh
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
Asutosh Ranjan
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
SIVASHANKAR N
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
upamatechverse
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
Mark Billinghurst
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
null - The Open Security Community
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
RajaP95
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
Suhani Kapoor
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
Soham Mondal
Internship report on mechanical engineering
Internship report on mechanical engineering
malavadedarshan25
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
rakeshbaidya232001
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Dr.Costas Sachpazis
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Dr.Costas Sachpazis
Recently uploaded
(20)
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
Internship report on mechanical engineering
Internship report on mechanical engineering
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
A Survey of Password Attacks and Safe Hashing Algorithms
1.
International Research Journal
of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 04 Issue: 12 | Dec-2017 www.irjet.net p-ISSN: 2395-0072 © 2017, IRJET | Impact Factor value: 6.171 | ISO 9001:2008 Certified Journal | Page 1554 A Survey of Password Attacks and Safe Hashing Algorithms Tejaswini Bhorkar Student, Dept. of Computer Science and Engineering, RGCER, Nagpur, Maharashtra, India ---------------------------------------------------------------------***--------------------------------------------------------------------- Abstract - To authenticate users, most web services use pair of username and password. When a user wish to login to a web application of the service, he/she sends their user name and password to the web server, which checks if the given username already exist in the databaseandthat the passwordisidenticalto the password set by that user. This last step of verifying the password oftheuser can be performed in different ways.Theuser password maybe directly storedin the databaseorthehashvalue of the password may be stored. This survey will include the study of password hashing. It will also include the need of password hashing, algorithms used for password hashing along with the attacks possible on the same. Key Words: Password, Hashing, Algorithms, bcrypt, scrypt, attacks, SHA-1 1.INTRODUCTION Web servers store the username and password of its users to authenticate its users.If the web servers store the passwordsof its users directly in the database, then in such case, password verification is just comparison of two strings. However, this is extremely risky and irresponsive approach as the attacker who gains access to theserverdatabase has access to the passwords of all the users. Thus,now-a-days websitesstoresthehashvalue of the password of its users instead of storing the password directly. The goal of password hashing is to preventan attacker to read the passwords even if he/she gains access to the database. 1.1 Hashing Hashing is a type of algorithm that takes data of any size and converts it into data of fixed size. The main difference between hashing and encryption is that a hash is irreversible. Hash functions are used for hashing. A hash function is any function that can be used to map data of arbitrary size to data of fixed size. The output of the hash function is called hash codes, hash values, hash sums, or hashes. A hash function should satisfy the following: a) Two different messages should not have the same hash value. Thus, the hash function should be resistant against collision. b) Given a hash value, it should be difficult or practically impossible to generate the correspondingmessage.Thus,the hash function should have pre-image resistance. c) Given a message, it should be infeasible to find another message that would generate the same hash as that of the first message. Thus, the hash function should be resistant to second-pre-image. 1.2 Hashing Algorithms Different hash algorithmsare used in order to generatehash values. Some commonly used hash functions include the following: • MD5 • SHA-1 • SHA-2 • SHA-3 MD5: This algorithm takes data of arbitrary length and produces message digest of 128 bits (i.e. 16 bytes). In this algorithm, the input message is broken into chunks of 512-bit blocks. The message is padded by a 1 followed by zeros so that the message length is 64 bitslessthan a multiple of512.Therest of the bitsare filled with 64 bitsrepresenting to thelengthof original message. This hashing algorithm is broadly utilized but it is inclined to collisions. However, in practise, the collision attack is too slow to be useful. This is broken in regard to collisions but not in regard to pre-images or second-pre-images. SHA-1: Secured hash function 1 is a hash algorithm that takes a string of any length and reducesit to a message digestof160 bits. In this algorithm, message is "padded" by a 1 and followed by as many 0's required to make the message length equal to 64 bits less than an even multiple of 512. 64- bits indicating the length of original message are appended to the end of padded message. Padded message is processed in 512-bit blocks. Cryptographic shortcomings have been found for SHA-1, and along these lines, the standard was never again endorsed for most cryptographic users after 2010. SHA-2: Secured hash function 2 is a hash algorithm that takes a string of any length and reduces it to a message digest. The SHA-2 family comprises of six hash functions with hash values thatare
2.
International Research Journal
of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 04 Issue: 12 | Dec-2017 www.irjet.net p-ISSN: 2395-0072 © 2017, IRJET | Impact Factor value: 6.171 | ISO 9001:2008 Certified Journal | Page 1555 224, 256, 384 or 512 bits: SHA-224, SHA-256, SHA-384, SHA- 512, SHA-512/224, and SHA-512/256. In this algorithm, message is “padded” with a 1 and as many 0’s as necessary to bring the message length to 64 bits less than an even multiple of 512. 64-bits indicating the length of original message are appended to the end of padded message. Padded message is processed in 512-bit blocks. SHA-3: SHA-3 standard was released on 5th of august 2015. SHA3 uses sponge construction which has two phases, absorbing phase and squeezing phase. The message blocks must be XORed into subset in the absorbing phase,which is thentransformed.Inthe squeezed phase, output blocks are read from thesamesubsetof state, alternated with state transformations. Different variants of SHA-3 include SHA3-224, SHA3-256, SHA3-384, and SHA3- 512 producing messagedigest of 224,256,384 and 512 bits and uses block size of 1152, 1088, 832, and 576 bits respectively. 2. Password Attacks Most web servers force their users to generate password which is at least 8 characters long and contain letters, numbers, signs, and at least one capital letter. This is because, in order to prevent attackers to identify user’s password, we should force the users to select a strong password apart from choosing a good hashing function. There are different strategies to attack user passwords. Some of them include the following: a. Dictionary attacks: With a dictionary attack, the attacker will try to use word list, these can consist of mostly used words, passwords, years, names, etc. For each word, the attacker will run the hash algorithm and see if the generated hash is same as the hash in the database. If this is the case, then the attacker knows the word from which the hash was derived is the password. b. Brute force: With brute force attack, the attacker will try all the possible combinations of characters. Whenusing password of at least 8 characters long, only using the ASCII character set, there are 128^8 possibilities of passwords. c. Lookup Tables: The general idea is to pre-compute the hashes of the passwords in a password dictionary and store them, and their corresponding password, in a lookup tabledata structure. Lookup tables are great way for cracking many hashes of a similar sort quickly. A good implementation of a lookup table canprocess hundreds of hash lookups per second, even when they contain many billions of hashes. Rainbow tables: Rainbow tables are a time-memory trade- off technique. They are similar to lookup tables, except that the hash cracking speed is compromised to reducethesizeof lookup tables. Because they are smaller, the solutions to more hashes can be stored in the same amount of space, making them more effective. Rainbow tables are capable of cracking any md5 hash of a password which is up to 8 characters long exist. 2.2 Need for Hashing & its Properties If an attacker gets a red access to our database, we don’t want him to retrieve the passwords plaintext hence we hash passwords. We often store usernames, email addresses and other personal information in our database. Security rule #1 dictates that users need to be protected from themselves. We can make them aware of the risks,we can tell themnottore-use passwords, but we all know that in the end there will still be people who use the same password for their Facebook, Gmail, LinkedIn and corporate email. What you do not want is that when the attacker gets his hand on your database, he immediately has access to all the above accounts (usernames/email addresses will be the same). Hashing passwords is to keep this from happening, when the attacker gets his hands on yourdatabase; you want to makeit as difficult as possible to redeem those passwords using a brute-force attack. Hashing passwords won't make your site any more secure, however it will perform harm regulation in case of a breach. Properties- Following are the properties that should be fulfilled by password hashing: a) In order to prevent brute force attack of compromising the data in one run, password hashing should have a unique salt per password. Salt and Pepper: Before hashing a password, a unique value, known as salt, is appended (depending on the algorithm) to the password. Salt is used to prevent attack using rainbow tables. Information provided by the user should not be used in the generation of salt asthis will result in the generation of same hash value from different databases given the same user information and password. Pepper is a secret value or key that is used to turn the hash into a HMAC. HMAC is a hash function. However, it cannot be reproduced without knowing the key. Thus, this increases the security if the attacker has access to database but doesn’t have the access to the place where the key is stored. If the key can be obtained by the attacker, then, the pepper will not add any security to the hash function. b) Executing the function once must be faster i.e. the algorithm should be fast on software. c) In order to prevent brute force attack on distributed systems, execution of the function concurrently should be slow i.e. the function should be slow on hardware.
3.
International Research Journal
of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 04 Issue: 12 | Dec-2017 www.irjet.net p-ISSN: 2395-0072 © 2017, IRJET | Impact Factor value: 6.171 | ISO 9001:2008 Certified Journal | Page 1556 Thus, from the above properties, it is clear that a password hashing algorithm should be slow in order to prevent brute force attack. This eliminates the use of MD5, SHA-1, SHA-2 and SHA-3 hash algorithms. Below algorithms can be used for password hashing. 2.3 Safe Password Hashing Algorithms Following are the three algorithms that are safe to use for password hashing: a) PBKDF2: This algorithm is used to derivekeys.Duetothe property of being slow, the PBKDF2 algorithm is used for hashing passwords even though it was not intended for password hashing. The resulting derived key can be used to securely store password. The following is done by PBKDF2 in order to derive a key: K = PBKDF2 (PRF, Password, Salt, c, dkLen) where, DK: Derived key. PRF: Preferred HMAC function. c: amount of iterations. dkLen: length of delivered key. A salt should be at least 64-bits in length and the minimum amount of iterations should be 1024. The algorithm applies HMAC function and repeats the calculations 1024 times of the result. This means that hashing the password is 1024 times slower. However, when brute forcing on distributed systems, this algorithm does not offer a lot of protection. b) bcrypt: Currently the default secure standard for password hashing is bcrypt. It is derived from the Blowfish block cipher. Blowfish block cipher uses loop up tables, which are initially in memory, to generate the hash. Bcrypt has been around for 14 years, based on a cypher that is that has been around for over 20 years. This algorithm has been well tested and hence is considered as the standard of password hashing. c) scrypt: scrypt is a hashing algorithm which has same properties as bcrypt, except for that when the number rounds increase, the computation time and memory space required to produce hash increments exponentially. Scrypt concentrates on operations that are hard for anything else than a computer, for example, random memory access. Scrypt was created in response to the increasing attack on bcrypt. Scrypt uses snapshots that are storage of series of intermediate state data. These snapshots areusedinfurther derivation operations. These snapshots, that are stored in memory, grow exponentially when a round is increased. So, when a round is added, it makes the brute force attack on the password exponentially harder. Scrypt hasbeenaround for only couple of years and thus is still relatively new compared to bcrypt. 3. CONCLUSIONS This survey paper compares different hashing algorithms and their drawbacks. The user must know the types of attacks and must apply appropriate hashing algorithm to avoid attacks. REFERENCES 1. Review Paper on Secure Hashing Algorithm and Its Variants – By Priyanka Vadhera, Bhumika Lall ( http://www.ijsr.net/archive/v3i6/MDIwMTQxOA==.pdf) 2. Cryptographic Hash Functions: A Review – by Rajeev Sobti,G.Geetha( http://citeseerx.ist.psu.edu/viewdoc/download?doi=1 0.1.1.402.7241&rep=rep1&type=pdf) 3. https://en.wikipedia.org/wiki/Cryptographic_hash_functi on 4. SHA-1 hash function under pressure – heise Security 5. Henri Gilbert, Helena Handschuh: Security Analysis of SHA-256 and Sisters. Selected Areas in cryptography2003 6. http://www.unixwiz.net/techtips/iguide- cryptohashes.html 7. https://media.blackhat.com/us-13/US-13-Aumasson- Password-Hashing-the-Future-is-Now-WP.pdf 8. http://stackoverflow.com/questions/326699/differenc e-between-hashing-a-password-and-encrypting-it
Download now