SlideShare a Scribd company logo

A Survey of Password Attacks and Safe Hashing Algorithms

IRJET Journal
IRJET Journal

https://www.irjet.net/archives/V4/i12/IRJET-V4I12284.pdf

Engineering
1 of 3
Download to read offline
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 04 Issue: 12 | Dec-2017 www.irjet.net p-ISSN: 2395-0072 © 2017, IRJET | Impact Factor value: 6.171 | ISO 9001:2008 Certified Journal | Page 1554 A Survey of Password Attacks and Safe Hashing Algorithms Tejaswini Bhorkar Student, Dept. of Computer Science and Engineering, RGCER, Nagpur, Maharashtra, India ---------------------------------------------------------------------***--------------------------------------------------------------------- Abstract - To authenticate users, most web services use pair of username and password. When a user wish to login to a web application of the service, he/she sends their user name and password to the web server, which checks if the given username already exist in the databaseandthat the passwordisidenticalto the password set by that user. This last step of verifying the password oftheuser can be performed in different ways.Theuser password maybe directly storedin the databaseorthehashvalue of the password may be stored. This survey will include the study of password hashing. It will also include the need of password hashing, algorithms used for password hashing along with the attacks possible on the same. Key Words: Password, Hashing, Algorithms, bcrypt, scrypt, attacks, SHA-1 1.INTRODUCTION Web servers store the username and password of its users to authenticate its users.If the web servers store the passwordsof its users directly in the database, then in such case, password verification is just comparison of two strings. However, this is extremely risky and irresponsive approach as the attacker who gains access to theserverdatabase has access to the passwords of all the users. Thus,now-a-days websitesstoresthehashvalue of the password of its users instead of storing the password directly. The goal of password hashing is to preventan attacker to read the passwords even if he/she gains access to the database. 1.1 Hashing Hashing is a type of algorithm that takes data of any size and converts it into data of fixed size. The main difference between hashing and encryption is that a hash is irreversible. Hash functions are used for hashing. A hash function is any function that can be used to map data of arbitrary size to data of fixed size. The output of the hash function is called hash codes, hash values, hash sums, or hashes. A hash function should satisfy the following: a) Two different messages should not have the same hash value. Thus, the hash function should be resistant against collision. b) Given a hash value, it should be difficult or practically impossible to generate the correspondingmessage.Thus,the hash function should have pre-image resistance. c) Given a message, it should be infeasible to find another message that would generate the same hash as that of the first message. Thus, the hash function should be resistant to second-pre-image. 1.2 Hashing Algorithms Different hash algorithmsare used in order to generatehash values. Some commonly used hash functions include the following: • MD5 • SHA-1 • SHA-2 • SHA-3 MD5: This algorithm takes data of arbitrary length and produces message digest of 128 bits (i.e. 16 bytes). In this algorithm, the input message is broken into chunks of 512-bit blocks. The message is padded by a 1 followed by zeros so that the message length is 64 bitslessthan a multiple of512.Therest of the bitsare filled with 64 bitsrepresenting to thelengthof original message. This hashing algorithm is broadly utilized but it is inclined to collisions. However, in practise, the collision attack is too slow to be useful. This is broken in regard to collisions but not in regard to pre-images or second-pre-images. SHA-1: Secured hash function 1 is a hash algorithm that takes a string of any length and reducesit to a message digestof160 bits. In this algorithm, message is "padded" by a 1 and followed by as many 0's required to make the message length equal to 64 bits less than an even multiple of 512. 64- bits indicating the length of original message are appended to the end of padded message. Padded message is processed in 512-bit blocks. Cryptographic shortcomings have been found for SHA-1, and along these lines, the standard was never again endorsed for most cryptographic users after 2010. SHA-2: Secured hash function 2 is a hash algorithm that takes a string of any length and reduces it to a message digest. The SHA-2 family comprises of six hash functions with hash values thatare
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 04 Issue: 12 | Dec-2017 www.irjet.net p-ISSN: 2395-0072 © 2017, IRJET | Impact Factor value: 6.171 | ISO 9001:2008 Certified Journal | Page 1555 224, 256, 384 or 512 bits: SHA-224, SHA-256, SHA-384, SHA- 512, SHA-512/224, and SHA-512/256. In this algorithm, message is “padded” with a 1 and as many 0’s as necessary to bring the message length to 64 bits less than an even multiple of 512. 64-bits indicating the length of original message are appended to the end of padded message. Padded message is processed in 512-bit blocks. SHA-3: SHA-3 standard was released on 5th of august 2015. SHA3 uses sponge construction which has two phases, absorbing phase and squeezing phase. The message blocks must be XORed into subset in the absorbing phase,which is thentransformed.Inthe squeezed phase, output blocks are read from thesamesubsetof state, alternated with state transformations. Different variants of SHA-3 include SHA3-224, SHA3-256, SHA3-384, and SHA3- 512 producing messagedigest of 224,256,384 and 512 bits and uses block size of 1152, 1088, 832, and 576 bits respectively. 2. Password Attacks Most web servers force their users to generate password which is at least 8 characters long and contain letters, numbers, signs, and at least one capital letter. This is because, in order to prevent attackers to identify user’s password, we should force the users to select a strong password apart from choosing a good hashing function. There are different strategies to attack user passwords. Some of them include the following: a. Dictionary attacks: With a dictionary attack, the attacker will try to use word list, these can consist of mostly used words, passwords, years, names, etc. For each word, the attacker will run the hash algorithm and see if the generated hash is same as the hash in the database. If this is the case, then the attacker knows the word from which the hash was derived is the password. b. Brute force: With brute force attack, the attacker will try all the possible combinations of characters. Whenusing password of at least 8 characters long, only using the ASCII character set, there are 128^8 possibilities of passwords. c. Lookup Tables: The general idea is to pre-compute the hashes of the passwords in a password dictionary and store them, and their corresponding password, in a lookup tabledata structure. Lookup tables are great way for cracking many hashes of a similar sort quickly. A good implementation of a lookup table canprocess hundreds of hash lookups per second, even when they contain many billions of hashes. Rainbow tables: Rainbow tables are a time-memory trade- off technique. They are similar to lookup tables, except that the hash cracking speed is compromised to reducethesizeof lookup tables. Because they are smaller, the solutions to more hashes can be stored in the same amount of space, making them more effective. Rainbow tables are capable of cracking any md5 hash of a password which is up to 8 characters long exist. 2.2 Need for Hashing & its Properties If an attacker gets a red access to our database, we don’t want him to retrieve the passwords plaintext hence we hash passwords. We often store usernames, email addresses and other personal information in our database. Security rule #1 dictates that users need to be protected from themselves. We can make them aware of the risks,we can tell themnottore-use passwords, but we all know that in the end there will still be people who use the same password for their Facebook, Gmail, LinkedIn and corporate email. What you do not want is that when the attacker gets his hand on your database, he immediately has access to all the above accounts (usernames/email addresses will be the same). Hashing passwords is to keep this from happening, when the attacker gets his hands on yourdatabase; you want to makeit as difficult as possible to redeem those passwords using a brute-force attack. Hashing passwords won't make your site any more secure, however it will perform harm regulation in case of a breach. Properties- Following are the properties that should be fulfilled by password hashing: a) In order to prevent brute force attack of compromising the data in one run, password hashing should have a unique salt per password. Salt and Pepper: Before hashing a password, a unique value, known as salt, is appended (depending on the algorithm) to the password. Salt is used to prevent attack using rainbow tables. Information provided by the user should not be used in the generation of salt asthis will result in the generation of same hash value from different databases given the same user information and password. Pepper is a secret value or key that is used to turn the hash into a HMAC. HMAC is a hash function. However, it cannot be reproduced without knowing the key. Thus, this increases the security if the attacker has access to database but doesn’t have the access to the place where the key is stored. If the key can be obtained by the attacker, then, the pepper will not add any security to the hash function. b) Executing the function once must be faster i.e. the algorithm should be fast on software. c) In order to prevent brute force attack on distributed systems, execution of the function concurrently should be slow i.e. the function should be slow on hardware.
International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 04 Issue: 12 | Dec-2017 www.irjet.net p-ISSN: 2395-0072 © 2017, IRJET | Impact Factor value: 6.171 | ISO 9001:2008 Certified Journal | Page 1556 Thus, from the above properties, it is clear that a password hashing algorithm should be slow in order to prevent brute force attack. This eliminates the use of MD5, SHA-1, SHA-2 and SHA-3 hash algorithms. Below algorithms can be used for password hashing. 2.3 Safe Password Hashing Algorithms Following are the three algorithms that are safe to use for password hashing: a) PBKDF2: This algorithm is used to derivekeys.Duetothe property of being slow, the PBKDF2 algorithm is used for hashing passwords even though it was not intended for password hashing. The resulting derived key can be used to securely store password. The following is done by PBKDF2 in order to derive a key: K = PBKDF2 (PRF, Password, Salt, c, dkLen) where, DK: Derived key. PRF: Preferred HMAC function. c: amount of iterations. dkLen: length of delivered key. A salt should be at least 64-bits in length and the minimum amount of iterations should be 1024. The algorithm applies HMAC function and repeats the calculations 1024 times of the result. This means that hashing the password is 1024 times slower. However, when brute forcing on distributed systems, this algorithm does not offer a lot of protection. b) bcrypt: Currently the default secure standard for password hashing is bcrypt. It is derived from the Blowfish block cipher. Blowfish block cipher uses loop up tables, which are initially in memory, to generate the hash. Bcrypt has been around for 14 years, based on a cypher that is that has been around for over 20 years. This algorithm has been well tested and hence is considered as the standard of password hashing. c) scrypt: scrypt is a hashing algorithm which has same properties as bcrypt, except for that when the number rounds increase, the computation time and memory space required to produce hash increments exponentially. Scrypt concentrates on operations that are hard for anything else than a computer, for example, random memory access. Scrypt was created in response to the increasing attack on bcrypt. Scrypt uses snapshots that are storage of series of intermediate state data. These snapshots areusedinfurther derivation operations. These snapshots, that are stored in memory, grow exponentially when a round is increased. So, when a round is added, it makes the brute force attack on the password exponentially harder. Scrypt hasbeenaround for only couple of years and thus is still relatively new compared to bcrypt. 3. CONCLUSIONS This survey paper compares different hashing algorithms and their drawbacks. The user must know the types of attacks and must apply appropriate hashing algorithm to avoid attacks. REFERENCES 1. Review Paper on Secure Hashing Algorithm and Its Variants – By Priyanka Vadhera, Bhumika Lall ( http://www.ijsr.net/archive/v3i6/MDIwMTQxOA==.pdf) 2. Cryptographic Hash Functions: A Review – by Rajeev Sobti,G.Geetha( http://citeseerx.ist.psu.edu/viewdoc/download?doi=1 0.1.1.402.7241&rep=rep1&type=pdf) 3. https://en.wikipedia.org/wiki/Cryptographic_hash_functi on 4. SHA-1 hash function under pressure – heise Security 5. Henri Gilbert, Helena Handschuh: Security Analysis of SHA-256 and Sisters. Selected Areas in cryptography2003 6. http://www.unixwiz.net/techtips/iguide- cryptohashes.html 7. https://media.blackhat.com/us-13/US-13-Aumasson- Password-Hashing-the-Future-is-Now-WP.pdf 8. http://stackoverflow.com/questions/326699/differenc e-between-hashing-a-password-and-encrypting-it

Recommended

Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011Kieon
 
Securing Mobile Data using Cryptography
Securing Mobile Data using CryptographySecuring Mobile Data using Cryptography
Securing Mobile Data using CryptographyEswar Publications
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash functionMijanur Rahman Milon
 
Se
SeSe
SeKingg Ravi
 
How Hashing Algorithms Work
How Hashing Algorithms WorkHow Hashing Algorithms Work
How Hashing Algorithms WorkCheapSSLsecurity
 
Security in Manets using Cryptography Algorithms
Security in Manets using Cryptography AlgorithmsSecurity in Manets using Cryptography Algorithms
Security in Manets using Cryptography AlgorithmsIRJET Journal
 
Hash function
Hash function Hash function
Hash function Salman Memon
 
Hash Function
Hash FunctionHash Function
Hash Functionstalin rijal
 

Recommended

Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011Kieon secure passwords theory and practice 2011
Kieon secure passwords theory and practice 2011Kieon
 
Securing Mobile Data using Cryptography
Securing Mobile Data using CryptographySecuring Mobile Data using Cryptography
Securing Mobile Data using CryptographyEswar Publications
 
Network security cryptographic hash function
Network security cryptographic hash functionNetwork security cryptographic hash function
Network security cryptographic hash functionMijanur Rahman Milon
 
Se
SeSe
SeKingg Ravi
 
How Hashing Algorithms Work
How Hashing Algorithms WorkHow Hashing Algorithms Work
How Hashing Algorithms WorkCheapSSLsecurity
 
Security in Manets using Cryptography Algorithms
Security in Manets using Cryptography AlgorithmsSecurity in Manets using Cryptography Algorithms
Security in Manets using Cryptography AlgorithmsIRJET Journal
 
Hash function
Hash function Hash function
Hash function Salman Memon
 
Hash Function
Hash FunctionHash Function
Hash Functionstalin rijal
 
Hashing
HashingHashing
HashingHossain Md Shakhawat
 
IRJET- Encrypted Negative Password using RSA Algorithm
IRJET- Encrypted Negative Password using RSA AlgorithmIRJET- Encrypted Negative Password using RSA Algorithm
IRJET- Encrypted Negative Password using RSA AlgorithmIRJET Journal
 
Hashing
HashingHashing
Hashingyashwantsingh122
 
Encrypted Negative Password using for Authentication
Encrypted Negative Password using for AuthenticationEncrypted Negative Password using for Authentication
Encrypted Negative Password using for Authenticationijtsrd
 
Securing Messages from Brute Force Attack by Combined Approach of Honey Encry...
Securing Messages from Brute Force Attack by Combined Approach of Honey Encry...Securing Messages from Brute Force Attack by Combined Approach of Honey Encry...
Securing Messages from Brute Force Attack by Combined Approach of Honey Encry...IRJET Journal
 
Hash crypto
Hash cryptoHash crypto
Hash cryptoHarry Potter
 
Brute Force Attacks - Finding and Stopping them
Brute Force Attacks - Finding and Stopping themBrute Force Attacks - Finding and Stopping them
Brute Force Attacks - Finding and Stopping themFlowTraq
 
IRJET- Message Encryption using Hybrid Cryptography
IRJET- Message Encryption using Hybrid CryptographyIRJET- Message Encryption using Hybrid Cryptography
IRJET- Message Encryption using Hybrid CryptographyIRJET Journal
 
SPCHS Construction for Expeditious Keyword Search in Cipher Text
SPCHS Construction for Expeditious Keyword Search in Cipher TextSPCHS Construction for Expeditious Keyword Search in Cipher Text
SPCHS Construction for Expeditious Keyword Search in Cipher TextIJMTST Journal
 
Modified MD5 Algorithm for Password Encryption
Modified MD5 Algorithm for Password EncryptionModified MD5 Algorithm for Password Encryption
Modified MD5 Algorithm for Password EncryptionInternational Journal of Computer and Communication System Engineering
 
Welcome to the world of hacking
Welcome to the world of hackingWelcome to the world of hacking
Welcome to the world of hackingTjylen Veselyj
 
State of the art parallel approaches for
State of the art parallel approaches forState of the art parallel approaches for
State of the art parallel approaches forijcsa
 
Proper passwordhashing
Proper passwordhashingProper passwordhashing
Proper passwordhashingfangjiafu
 
White Paper on Cryptography
White Paper on Cryptography White Paper on Cryptography
White Paper on Cryptography Durgesh Malviya
 
Password hacking
Password hackingPassword hacking
Password hackingMr. FM
 
Searchable Encryption Systems
Searchable Encryption SystemsSearchable Encryption Systems
Searchable Encryption SystemsChristopher Frenz
 
Crypto
CryptoCrypto
Cryptouniversity of Gujrat, pakistan
 
Paper id 311201535
Paper id 311201535Paper id 311201535
Paper id 311201535IJRAT
 
The SHA Hashing Algorithm
The SHA Hashing AlgorithmThe SHA Hashing Algorithm
The SHA Hashing AlgorithmBob Landstrom
 
IRJET- Login System for Web: Session Management using BCRYPTJS
IRJET- Login System for Web: Session Management using BCRYPTJSIRJET- Login System for Web: Session Management using BCRYPTJS
IRJET- Login System for Web: Session Management using BCRYPTJSIRJET Journal
 
Secure passwords-theory-and-practice
Secure passwords-theory-and-practiceSecure passwords-theory-and-practice
Secure passwords-theory-and-practiceAkash Mahajan
 
01204427-Hash_Crypto (1).ppt
01204427-Hash_Crypto (1).ppt01204427-Hash_Crypto (1).ppt
01204427-Hash_Crypto (1).pptGnanalakshmiV
 

More Related Content

What's hot

IRJET- Encrypted Negative Password using RSA Algorithm
IRJET- Encrypted Negative Password using RSA AlgorithmIRJET- Encrypted Negative Password using RSA Algorithm
IRJET- Encrypted Negative Password using RSA AlgorithmIRJET Journal
 
Encrypted Negative Password using for Authentication
Encrypted Negative Password using for AuthenticationEncrypted Negative Password using for Authentication
Encrypted Negative Password using for Authenticationijtsrd
 
Securing Messages from Brute Force Attack by Combined Approach of Honey Encry...
Securing Messages from Brute Force Attack by Combined Approach of Honey Encry...Securing Messages from Brute Force Attack by Combined Approach of Honey Encry...
Securing Messages from Brute Force Attack by Combined Approach of Honey Encry...IRJET Journal
 
Brute Force Attacks - Finding and Stopping them
Brute Force Attacks - Finding and Stopping themBrute Force Attacks - Finding and Stopping them
Brute Force Attacks - Finding and Stopping themFlowTraq
 
IRJET- Message Encryption using Hybrid Cryptography
IRJET- Message Encryption using Hybrid CryptographyIRJET- Message Encryption using Hybrid Cryptography
IRJET- Message Encryption using Hybrid CryptographyIRJET Journal
 
SPCHS Construction for Expeditious Keyword Search in Cipher Text
SPCHS Construction for Expeditious Keyword Search in Cipher TextSPCHS Construction for Expeditious Keyword Search in Cipher Text
SPCHS Construction for Expeditious Keyword Search in Cipher TextIJMTST Journal
 
Welcome to the world of hacking
Welcome to the world of hackingWelcome to the world of hacking
Welcome to the world of hackingTjylen Veselyj
 
State of the art parallel approaches for
State of the art parallel approaches forState of the art parallel approaches for
State of the art parallel approaches forijcsa
 
Proper passwordhashing
Proper passwordhashingProper passwordhashing
Proper passwordhashingfangjiafu
 
White Paper on Cryptography
White Paper on Cryptography White Paper on Cryptography
White Paper on Cryptography Durgesh Malviya
 
Password hacking
Password hackingPassword hacking
Password hackingMr. FM
 
Searchable Encryption Systems
Searchable Encryption SystemsSearchable Encryption Systems
Searchable Encryption SystemsChristopher Frenz
 
Paper id 311201535
Paper id 311201535Paper id 311201535
Paper id 311201535IJRAT
 

What's hot (18)

Hashing
HashingHashing
Hashing
 
IRJET- Encrypted Negative Password using RSA Algorithm
IRJET- Encrypted Negative Password using RSA AlgorithmIRJET- Encrypted Negative Password using RSA Algorithm
IRJET- Encrypted Negative Password using RSA Algorithm
 
Hashing
HashingHashing
Hashing
 
Encrypted Negative Password using for Authentication
Encrypted Negative Password using for AuthenticationEncrypted Negative Password using for Authentication
Encrypted Negative Password using for Authentication
 
Securing Messages from Brute Force Attack by Combined Approach of Honey Encry...
Securing Messages from Brute Force Attack by Combined Approach of Honey Encry...Securing Messages from Brute Force Attack by Combined Approach of Honey Encry...
Securing Messages from Brute Force Attack by Combined Approach of Honey Encry...
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Brute Force Attacks - Finding and Stopping them
Brute Force Attacks - Finding and Stopping themBrute Force Attacks - Finding and Stopping them
Brute Force Attacks - Finding and Stopping them
 
IRJET- Message Encryption using Hybrid Cryptography
IRJET- Message Encryption using Hybrid CryptographyIRJET- Message Encryption using Hybrid Cryptography
IRJET- Message Encryption using Hybrid Cryptography
 
SPCHS Construction for Expeditious Keyword Search in Cipher Text
SPCHS Construction for Expeditious Keyword Search in Cipher TextSPCHS Construction for Expeditious Keyword Search in Cipher Text
SPCHS Construction for Expeditious Keyword Search in Cipher Text
 
Modified MD5 Algorithm for Password Encryption
Modified MD5 Algorithm for Password EncryptionModified MD5 Algorithm for Password Encryption
Modified MD5 Algorithm for Password Encryption
 
Welcome to the world of hacking
Welcome to the world of hackingWelcome to the world of hacking
Welcome to the world of hacking
 
State of the art parallel approaches for
State of the art parallel approaches forState of the art parallel approaches for
State of the art parallel approaches for
 
Proper passwordhashing
Proper passwordhashingProper passwordhashing
Proper passwordhashing
 
White Paper on Cryptography
White Paper on Cryptography White Paper on Cryptography
White Paper on Cryptography
 
Password hacking
Password hackingPassword hacking
Password hacking
 
Searchable Encryption Systems
Searchable Encryption SystemsSearchable Encryption Systems
Searchable Encryption Systems
 
Crypto
CryptoCrypto
Crypto
 
Paper id 311201535
Paper id 311201535Paper id 311201535
Paper id 311201535
 

Similar to A Survey of Password Attacks and Safe Hashing Algorithms

The SHA Hashing Algorithm
The SHA Hashing AlgorithmThe SHA Hashing Algorithm
The SHA Hashing AlgorithmBob Landstrom
 
IRJET- Login System for Web: Session Management using BCRYPTJS
IRJET- Login System for Web: Session Management using BCRYPTJSIRJET- Login System for Web: Session Management using BCRYPTJS
IRJET- Login System for Web: Session Management using BCRYPTJSIRJET Journal
 
Secure passwords-theory-and-practice
Secure passwords-theory-and-practiceSecure passwords-theory-and-practice
Secure passwords-theory-and-practiceAkash Mahajan
 
01204427-Hash_Crypto (1).ppt
01204427-Hash_Crypto (1).ppt01204427-Hash_Crypto (1).ppt
01204427-Hash_Crypto (1).pptGnanalakshmiV
 
Hashing Considerations In Web Applications
Hashing Considerations In Web ApplicationsHashing Considerations In Web Applications
Hashing Considerations In Web ApplicationsIslam Heggo
 
Techniques for password hashing and cracking
Techniques for password hashing and crackingTechniques for password hashing and cracking
Techniques for password hashing and crackingNipun Joshi
 
Passwords good badugly181212-2
Passwords good badugly181212-2Passwords good badugly181212-2
Passwords good badugly181212-2Iftach Ian Amit
 
TM112 Meeting12-Cryptography.pptx
TM112 Meeting12-Cryptography.pptxTM112 Meeting12-Cryptography.pptx
TM112 Meeting12-Cryptography.pptxMohammedYusuf609377
 
The MD5 hashing algorithm
The MD5 hashing algorithmThe MD5 hashing algorithm
The MD5 hashing algorithmBob Landstrom
 
Implementation of De-Duplication Algorithm
Implementation of De-Duplication AlgorithmImplementation of De-Duplication Algorithm
Implementation of De-Duplication AlgorithmIRJET Journal
 
Comparative hash algorithm power point presentation
Comparative hash algorithm power point presentationComparative hash algorithm power point presentation
Comparative hash algorithm power point presentationHajaAjmeerdeen
 

Similar to A Survey of Password Attacks and Safe Hashing Algorithms (20)

The SHA Hashing Algorithm
The SHA Hashing AlgorithmThe SHA Hashing Algorithm
The SHA Hashing Algorithm
 
IRJET- Login System for Web: Session Management using BCRYPTJS
IRJET- Login System for Web: Session Management using BCRYPTJSIRJET- Login System for Web: Session Management using BCRYPTJS
IRJET- Login System for Web: Session Management using BCRYPTJS
 
Secure passwords-theory-and-practice
Secure passwords-theory-and-practiceSecure passwords-theory-and-practice
Secure passwords-theory-and-practice
 
01204427-Hash_Crypto (1).ppt
01204427-Hash_Crypto (1).ppt01204427-Hash_Crypto (1).ppt
01204427-Hash_Crypto (1).ppt
 
Hash_Crypto.ppt
Hash_Crypto.pptHash_Crypto.ppt
Hash_Crypto.ppt
 
Hashing Considerations In Web Applications
Hashing Considerations In Web ApplicationsHashing Considerations In Web Applications
Hashing Considerations In Web Applications
 
Techniques for password hashing and cracking
Techniques for password hashing and crackingTechniques for password hashing and cracking
Techniques for password hashing and cracking
 
Passwords good badugly181212-2
Passwords good badugly181212-2Passwords good badugly181212-2
Passwords good badugly181212-2
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
TM112 Meeting12-Cryptography.pptx
TM112 Meeting12-Cryptography.pptxTM112 Meeting12-Cryptography.pptx
TM112 Meeting12-Cryptography.pptx
 
HASH FUNCTIONS.pdf
HASH FUNCTIONS.pdfHASH FUNCTIONS.pdf
HASH FUNCTIONS.pdf
 
The MD5 hashing algorithm
The MD5 hashing algorithmThe MD5 hashing algorithm
The MD5 hashing algorithm
 
Mj2521372142
Mj2521372142Mj2521372142
Mj2521372142
 
Implementation of De-Duplication Algorithm
Implementation of De-Duplication AlgorithmImplementation of De-Duplication Algorithm
Implementation of De-Duplication Algorithm
 
Comparative hash algorithm power point presentation
Comparative hash algorithm power point presentationComparative hash algorithm power point presentation
Comparative hash algorithm power point presentation
 

More from IRJET Journal

TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...
TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...
TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...IRJET Journal
 
STUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTURE
STUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTURESTUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTURE
STUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTUREIRJET Journal
 
A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...
A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...
A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...IRJET Journal
 
Effect of Camber and Angles of Attack on Airfoil Characteristics
Effect of Camber and Angles of Attack on Airfoil CharacteristicsEffect of Camber and Angles of Attack on Airfoil Characteristics
Effect of Camber and Angles of Attack on Airfoil CharacteristicsIRJET Journal
 
A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...
A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...
A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...IRJET Journal
 
Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...
Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...
Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...IRJET Journal
 
Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...
Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...
Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...IRJET Journal
 
A Review of “Seismic Response of RC Structures Having Plan and Vertical Irreg...
A Review of “Seismic Response of RC Structures Having Plan and Vertical Irreg...A Review of “Seismic Response of RC Structures Having Plan and Vertical Irreg...
A Review of “Seismic Response of RC Structures Having Plan and Vertical Irreg...IRJET Journal
 
A REVIEW ON MACHINE LEARNING IN ADAS
A REVIEW ON MACHINE LEARNING IN ADASA REVIEW ON MACHINE LEARNING IN ADAS
A REVIEW ON MACHINE LEARNING IN ADASIRJET Journal
 
Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...
Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...
Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...IRJET Journal
 
P.E.B. Framed Structure Design and Analysis Using STAAD Pro
P.E.B. Framed Structure Design and Analysis Using STAAD ProP.E.B. Framed Structure Design and Analysis Using STAAD Pro
P.E.B. Framed Structure Design and Analysis Using STAAD ProIRJET Journal
 
A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...
A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...
A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...IRJET Journal
 
Survey Paper on Cloud-Based Secured Healthcare System
Survey Paper on Cloud-Based Secured Healthcare SystemSurvey Paper on Cloud-Based Secured Healthcare System
Survey Paper on Cloud-Based Secured Healthcare SystemIRJET Journal
 
Review on studies and research on widening of existing concrete bridges
Review on studies and research on widening of existing concrete bridgesReview on studies and research on widening of existing concrete bridges
Review on studies and research on widening of existing concrete bridgesIRJET Journal
 
React based fullstack edtech web application
React based fullstack edtech web applicationReact based fullstack edtech web application
React based fullstack edtech web applicationIRJET Journal
 
A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...
A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...
A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...IRJET Journal
 
A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.
A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.
A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.IRJET Journal
 
Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...
Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...
Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...IRJET Journal
 
Multistoried and Multi Bay Steel Building Frame by using Seismic Design
Multistoried and Multi Bay Steel Building Frame by using Seismic DesignMultistoried and Multi Bay Steel Building Frame by using Seismic Design
Multistoried and Multi Bay Steel Building Frame by using Seismic DesignIRJET Journal
 
Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...
Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...
Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...IRJET Journal
 

More from IRJET Journal (20)

TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...
TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...
TUNNELING IN HIMALAYAS WITH NATM METHOD: A SPECIAL REFERENCES TO SUNGAL TUNNE...
 
STUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTURE
STUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTURESTUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTURE
STUDY THE EFFECT OF RESPONSE REDUCTION FACTOR ON RC FRAMED STRUCTURE
 
A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...
A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...
A COMPARATIVE ANALYSIS OF RCC ELEMENT OF SLAB WITH STARK STEEL (HYSD STEEL) A...
 
Effect of Camber and Angles of Attack on Airfoil Characteristics
Effect of Camber and Angles of Attack on Airfoil CharacteristicsEffect of Camber and Angles of Attack on Airfoil Characteristics
Effect of Camber and Angles of Attack on Airfoil Characteristics
 
A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...
A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...
A Review on the Progress and Challenges of Aluminum-Based Metal Matrix Compos...
 
Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...
Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...
Dynamic Urban Transit Optimization: A Graph Neural Network Approach for Real-...
 
Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...
Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...
Structural Analysis and Design of Multi-Storey Symmetric and Asymmetric Shape...
 
A Review of “Seismic Response of RC Structures Having Plan and Vertical Irreg...
A Review of “Seismic Response of RC Structures Having Plan and Vertical Irreg...A Review of “Seismic Response of RC Structures Having Plan and Vertical Irreg...
A Review of “Seismic Response of RC Structures Having Plan and Vertical Irreg...
 
A REVIEW ON MACHINE LEARNING IN ADAS
A REVIEW ON MACHINE LEARNING IN ADASA REVIEW ON MACHINE LEARNING IN ADAS
A REVIEW ON MACHINE LEARNING IN ADAS
 
Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...
Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...
Long Term Trend Analysis of Precipitation and Temperature for Asosa district,...
 
P.E.B. Framed Structure Design and Analysis Using STAAD Pro
P.E.B. Framed Structure Design and Analysis Using STAAD ProP.E.B. Framed Structure Design and Analysis Using STAAD Pro
P.E.B. Framed Structure Design and Analysis Using STAAD Pro
 
A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...
A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...
A Review on Innovative Fiber Integration for Enhanced Reinforcement of Concre...
 
Survey Paper on Cloud-Based Secured Healthcare System
Survey Paper on Cloud-Based Secured Healthcare SystemSurvey Paper on Cloud-Based Secured Healthcare System
Survey Paper on Cloud-Based Secured Healthcare System
 
Review on studies and research on widening of existing concrete bridges
Review on studies and research on widening of existing concrete bridgesReview on studies and research on widening of existing concrete bridges
Review on studies and research on widening of existing concrete bridges
 
React based fullstack edtech web application
React based fullstack edtech web applicationReact based fullstack edtech web application
React based fullstack edtech web application
 
A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...
A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...
A Comprehensive Review of Integrating IoT and Blockchain Technologies in the ...
 
A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.
A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.
A REVIEW ON THE PERFORMANCE OF COCONUT FIBRE REINFORCED CONCRETE.
 
Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...
Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...
Optimizing Business Management Process Workflows: The Dynamic Influence of Mi...
 
Multistoried and Multi Bay Steel Building Frame by using Seismic Design
Multistoried and Multi Bay Steel Building Frame by using Seismic DesignMultistoried and Multi Bay Steel Building Frame by using Seismic Design
Multistoried and Multi Bay Steel Building Frame by using Seismic Design
 
Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...
Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...
Cost Optimization of Construction Using Plastic Waste as a Sustainable Constr...
 

Recently uploaded

College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSSIVASHANKAR N
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).pptssuser5c9d4b1
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZTE
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝soniya singh
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxupamatechverse
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineeringmalavadedarshan25
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 

Recently uploaded (20)

College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineering
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 

A Survey of Password Attacks and Safe Hashing Algorithms

  • 1. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 04 Issue: 12 | Dec-2017 www.irjet.net p-ISSN: 2395-0072 © 2017, IRJET | Impact Factor value: 6.171 | ISO 9001:2008 Certified Journal | Page 1554 A Survey of Password Attacks and Safe Hashing Algorithms Tejaswini Bhorkar Student, Dept. of Computer Science and Engineering, RGCER, Nagpur, Maharashtra, India ---------------------------------------------------------------------***--------------------------------------------------------------------- Abstract - To authenticate users, most web services use pair of username and password. When a user wish to login to a web application of the service, he/she sends their user name and password to the web server, which checks if the given username already exist in the databaseandthat the passwordisidenticalto the password set by that user. This last step of verifying the password oftheuser can be performed in different ways.Theuser password maybe directly storedin the databaseorthehashvalue of the password may be stored. This survey will include the study of password hashing. It will also include the need of password hashing, algorithms used for password hashing along with the attacks possible on the same. Key Words: Password, Hashing, Algorithms, bcrypt, scrypt, attacks, SHA-1 1.INTRODUCTION Web servers store the username and password of its users to authenticate its users.If the web servers store the passwordsof its users directly in the database, then in such case, password verification is just comparison of two strings. However, this is extremely risky and irresponsive approach as the attacker who gains access to theserverdatabase has access to the passwords of all the users. Thus,now-a-days websitesstoresthehashvalue of the password of its users instead of storing the password directly. The goal of password hashing is to preventan attacker to read the passwords even if he/she gains access to the database. 1.1 Hashing Hashing is a type of algorithm that takes data of any size and converts it into data of fixed size. The main difference between hashing and encryption is that a hash is irreversible. Hash functions are used for hashing. A hash function is any function that can be used to map data of arbitrary size to data of fixed size. The output of the hash function is called hash codes, hash values, hash sums, or hashes. A hash function should satisfy the following: a) Two different messages should not have the same hash value. Thus, the hash function should be resistant against collision. b) Given a hash value, it should be difficult or practically impossible to generate the correspondingmessage.Thus,the hash function should have pre-image resistance. c) Given a message, it should be infeasible to find another message that would generate the same hash as that of the first message. Thus, the hash function should be resistant to second-pre-image. 1.2 Hashing Algorithms Different hash algorithmsare used in order to generatehash values. Some commonly used hash functions include the following: • MD5 • SHA-1 • SHA-2 • SHA-3 MD5: This algorithm takes data of arbitrary length and produces message digest of 128 bits (i.e. 16 bytes). In this algorithm, the input message is broken into chunks of 512-bit blocks. The message is padded by a 1 followed by zeros so that the message length is 64 bitslessthan a multiple of512.Therest of the bitsare filled with 64 bitsrepresenting to thelengthof original message. This hashing algorithm is broadly utilized but it is inclined to collisions. However, in practise, the collision attack is too slow to be useful. This is broken in regard to collisions but not in regard to pre-images or second-pre-images. SHA-1: Secured hash function 1 is a hash algorithm that takes a string of any length and reducesit to a message digestof160 bits. In this algorithm, message is "padded" by a 1 and followed by as many 0's required to make the message length equal to 64 bits less than an even multiple of 512. 64- bits indicating the length of original message are appended to the end of padded message. Padded message is processed in 512-bit blocks. Cryptographic shortcomings have been found for SHA-1, and along these lines, the standard was never again endorsed for most cryptographic users after 2010. SHA-2: Secured hash function 2 is a hash algorithm that takes a string of any length and reduces it to a message digest. The SHA-2 family comprises of six hash functions with hash values thatare
  • 2. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 04 Issue: 12 | Dec-2017 www.irjet.net p-ISSN: 2395-0072 © 2017, IRJET | Impact Factor value: 6.171 | ISO 9001:2008 Certified Journal | Page 1555 224, 256, 384 or 512 bits: SHA-224, SHA-256, SHA-384, SHA- 512, SHA-512/224, and SHA-512/256. In this algorithm, message is “padded” with a 1 and as many 0’s as necessary to bring the message length to 64 bits less than an even multiple of 512. 64-bits indicating the length of original message are appended to the end of padded message. Padded message is processed in 512-bit blocks. SHA-3: SHA-3 standard was released on 5th of august 2015. SHA3 uses sponge construction which has two phases, absorbing phase and squeezing phase. The message blocks must be XORed into subset in the absorbing phase,which is thentransformed.Inthe squeezed phase, output blocks are read from thesamesubsetof state, alternated with state transformations. Different variants of SHA-3 include SHA3-224, SHA3-256, SHA3-384, and SHA3- 512 producing messagedigest of 224,256,384 and 512 bits and uses block size of 1152, 1088, 832, and 576 bits respectively. 2. Password Attacks Most web servers force their users to generate password which is at least 8 characters long and contain letters, numbers, signs, and at least one capital letter. This is because, in order to prevent attackers to identify user’s password, we should force the users to select a strong password apart from choosing a good hashing function. There are different strategies to attack user passwords. Some of them include the following: a. Dictionary attacks: With a dictionary attack, the attacker will try to use word list, these can consist of mostly used words, passwords, years, names, etc. For each word, the attacker will run the hash algorithm and see if the generated hash is same as the hash in the database. If this is the case, then the attacker knows the word from which the hash was derived is the password. b. Brute force: With brute force attack, the attacker will try all the possible combinations of characters. Whenusing password of at least 8 characters long, only using the ASCII character set, there are 128^8 possibilities of passwords. c. Lookup Tables: The general idea is to pre-compute the hashes of the passwords in a password dictionary and store them, and their corresponding password, in a lookup tabledata structure. Lookup tables are great way for cracking many hashes of a similar sort quickly. A good implementation of a lookup table canprocess hundreds of hash lookups per second, even when they contain many billions of hashes. Rainbow tables: Rainbow tables are a time-memory trade- off technique. They are similar to lookup tables, except that the hash cracking speed is compromised to reducethesizeof lookup tables. Because they are smaller, the solutions to more hashes can be stored in the same amount of space, making them more effective. Rainbow tables are capable of cracking any md5 hash of a password which is up to 8 characters long exist. 2.2 Need for Hashing & its Properties If an attacker gets a red access to our database, we don’t want him to retrieve the passwords plaintext hence we hash passwords. We often store usernames, email addresses and other personal information in our database. Security rule #1 dictates that users need to be protected from themselves. We can make them aware of the risks,we can tell themnottore-use passwords, but we all know that in the end there will still be people who use the same password for their Facebook, Gmail, LinkedIn and corporate email. What you do not want is that when the attacker gets his hand on your database, he immediately has access to all the above accounts (usernames/email addresses will be the same). Hashing passwords is to keep this from happening, when the attacker gets his hands on yourdatabase; you want to makeit as difficult as possible to redeem those passwords using a brute-force attack. Hashing passwords won't make your site any more secure, however it will perform harm regulation in case of a breach. Properties- Following are the properties that should be fulfilled by password hashing: a) In order to prevent brute force attack of compromising the data in one run, password hashing should have a unique salt per password. Salt and Pepper: Before hashing a password, a unique value, known as salt, is appended (depending on the algorithm) to the password. Salt is used to prevent attack using rainbow tables. Information provided by the user should not be used in the generation of salt asthis will result in the generation of same hash value from different databases given the same user information and password. Pepper is a secret value or key that is used to turn the hash into a HMAC. HMAC is a hash function. However, it cannot be reproduced without knowing the key. Thus, this increases the security if the attacker has access to database but doesn’t have the access to the place where the key is stored. If the key can be obtained by the attacker, then, the pepper will not add any security to the hash function. b) Executing the function once must be faster i.e. the algorithm should be fast on software. c) In order to prevent brute force attack on distributed systems, execution of the function concurrently should be slow i.e. the function should be slow on hardware.
  • 3. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 04 Issue: 12 | Dec-2017 www.irjet.net p-ISSN: 2395-0072 © 2017, IRJET | Impact Factor value: 6.171 | ISO 9001:2008 Certified Journal | Page 1556 Thus, from the above properties, it is clear that a password hashing algorithm should be slow in order to prevent brute force attack. This eliminates the use of MD5, SHA-1, SHA-2 and SHA-3 hash algorithms. Below algorithms can be used for password hashing. 2.3 Safe Password Hashing Algorithms Following are the three algorithms that are safe to use for password hashing: a) PBKDF2: This algorithm is used to derivekeys.Duetothe property of being slow, the PBKDF2 algorithm is used for hashing passwords even though it was not intended for password hashing. The resulting derived key can be used to securely store password. The following is done by PBKDF2 in order to derive a key: K = PBKDF2 (PRF, Password, Salt, c, dkLen) where, DK: Derived key. PRF: Preferred HMAC function. c: amount of iterations. dkLen: length of delivered key. A salt should be at least 64-bits in length and the minimum amount of iterations should be 1024. The algorithm applies HMAC function and repeats the calculations 1024 times of the result. This means that hashing the password is 1024 times slower. However, when brute forcing on distributed systems, this algorithm does not offer a lot of protection. b) bcrypt: Currently the default secure standard for password hashing is bcrypt. It is derived from the Blowfish block cipher. Blowfish block cipher uses loop up tables, which are initially in memory, to generate the hash. Bcrypt has been around for 14 years, based on a cypher that is that has been around for over 20 years. This algorithm has been well tested and hence is considered as the standard of password hashing. c) scrypt: scrypt is a hashing algorithm which has same properties as bcrypt, except for that when the number rounds increase, the computation time and memory space required to produce hash increments exponentially. Scrypt concentrates on operations that are hard for anything else than a computer, for example, random memory access. Scrypt was created in response to the increasing attack on bcrypt. Scrypt uses snapshots that are storage of series of intermediate state data. These snapshots areusedinfurther derivation operations. These snapshots, that are stored in memory, grow exponentially when a round is increased. So, when a round is added, it makes the brute force attack on the password exponentially harder. Scrypt hasbeenaround for only couple of years and thus is still relatively new compared to bcrypt. 3. CONCLUSIONS This survey paper compares different hashing algorithms and their drawbacks. The user must know the types of attacks and must apply appropriate hashing algorithm to avoid attacks. REFERENCES 1. Review Paper on Secure Hashing Algorithm and Its Variants – By Priyanka Vadhera, Bhumika Lall ( http://www.ijsr.net/archive/v3i6/MDIwMTQxOA==.pdf) 2. Cryptographic Hash Functions: A Review – by Rajeev Sobti,G.Geetha( http://citeseerx.ist.psu.edu/viewdoc/download?doi=1 0.1.1.402.7241&rep=rep1&type=pdf) 3. https://en.wikipedia.org/wiki/Cryptographic_hash_functi on 4. SHA-1 hash function under pressure – heise Security 5. Henri Gilbert, Helena Handschuh: Security Analysis of SHA-256 and Sisters. Selected Areas in cryptography2003 6. http://www.unixwiz.net/techtips/iguide- cryptohashes.html 7. https://media.blackhat.com/us-13/US-13-Aumasson- Password-Hashing-the-Future-is-Now-WP.pdf 8. http://stackoverflow.com/questions/326699/differenc e-between-hashing-a-password-and-encrypting-it