1. A novel secure and efficient hash function with extra padding against rainbow table attacks
- Author
-
Sunghyuck Hong, Jungpil Shin, and Hyung-Jin Mun
- Subjects
Zero-knowledge password proof ,Computer Networks and Communications ,Salt (cryptography) ,Computer science ,computer.internet_protocol ,Crypt ,Hash function ,02 engineering and technology ,Computer security ,computer.software_genre ,One-time password ,Padding ,Password strength ,S/KEY ,0202 electrical engineering, electronic engineering, information engineering ,Key stretching ,Syskey ,Key derivation function ,Password psychology ,Password ,Authentication ,Password policy ,Cognitive password ,Pass the hash ,Password cracking ,020206 networking & telecommunications ,Passphrase ,ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS ,Rainbow table ,Hash chain ,020201 artificial intelligence & image processing ,HMAC-based One-time Password Algorithm ,Challenge–response authentication ,computer ,Software - Abstract
User authentication is necessary to provide services on an application system and the Internet. Various authentication methods are used such as ID/PW, biometric, and OTP authentications. One of the popular authentications is ID/PW authentication. As an inputted password is transferred by one-way hash function and then stored in DB, it is difficult for the DB administrator to figure out the password inputted by the user. However, when DB is leaked, and there is the time to decode, the password can be hacked. The time and cost to decode the original message from the hash value corresponding a short password decrease. Therefore, if the password is short, then attacking cost is low, and password crack possibility is high. In the case where an attacker utilizes pre-computing rainbow tables, and the hash value of short passwords is leaked, the password that the user inputted can be cracked. In this research, to block rainbow table attacks, when the user generates a short password, by adding additional messages of identification information of a system or the user and extending the length of the password, we try to resolve the vulnerability of short passwords. By proposing a model to minimize the length of the password and the authority accordingly in mobile devices on which inputting passwords is not easy, we take security into consideration. Our proposal model is strong against rainbow table attack and provides efficient password system to users. It contributes to resolving password vulnerability and upgrades mobile users’ convenience in typing passwords.
- Published
- 2017