Search

Your search keyword '"Rainbow table"' showing total 263 results
Start Over Descriptor "Rainbow table"
263 results on '"Rainbow table"'

2. Contact Discovery in Mobile Messengers: Low-cost Attacks, Quantitative Analyses, and Efficient Mitigations.

Author

HAGEN, CHRISTOPH, WEINERT, CHRISTIAN, SENDNER, CHRISTOPH, DMITRIENKO, ALEXANDRA, and SCHNEIDER, THOMAS

Subjects
MESSENGERS, PRIVACY, CONSUMERS
Abstract

Contact discovery allows users of mobile messengers to conveniently connect with people in their address book. In this work, we demonstrate that severe privacy issues exist in currently deployed contact discovery methods and propose suitable mitigations. Our study of three popular messengers (WhatsApp, Signal, and Telegram) shows that large-scale crawling attacks are (still) possible. Using an accurate database of mobile phone number prefixes and very few resources, we queried 10 % of US mobile phone numbers for WhatsApp and 100 % for Signal. For Telegram, we find that its API exposes a wide range of sensitive information, even about numbers not registered with the service. We present interesting (cross-messenger) usage statistics, which also reveal that very few users change the default privacy settings. Furthermore, we demonstrate that currently deployed hashing-based contact discovery protocols are severely broken by comparing three methods for efficient hash reversal. Most notably, we show that with the password cracking tool "JTR," we can iterate through the entire worldwide mobile phone number space in <150 s on a consumer-grade GPU. We also propose a significantly improved rainbow table construction for non-uniformly distributed input domains that is of independent interest. Regarding mitigations, we most notably propose two novel rate-limiting schemes: our incremental contact discovery for services without server-side contact storage strictly improves over Signal's current approach while being compatible with private set intersection, whereas our differential scheme allows even stricter rate limits at the overhead for service providers to store a small constant-size state that does not reveal any contact information. [ABSTRACT FROM AUTHOR]

Published
2022
Full Text
View/download PDF

3. Precomputation for Rainbow Tables has Never Been so Fast

Author

Avoine, Gildas, Carpent, Xavier, Leblanc-Albarel, Diane, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Shulman, Haya, editor, and Waidner, Michael, editor

Published
2021
Full Text
View/download PDF

5. An Approach to Defense Dictionary Attack with Message Digest Using Image Salt

Author

Park, Sun-young, Kim, Keecheon, Kacprzyk, Janusz, Series Editor, Pal, Nikhil R., Advisory Editor, Bello Perez, Rafael, Advisory Editor, Corchado, Emilio S., Advisory Editor, Hagras, Hani, Advisory Editor, Kóczy, László T., Advisory Editor, Kreinovich, Vladik, Advisory Editor, Lin, Chin-Teng, Advisory Editor, Lu, Jie, Advisory Editor, Melin, Patricia, Advisory Editor, Nedjah, Nadia, Advisory Editor, Nguyen, Ngoc Thanh, Advisory Editor, Wang, Jun, Advisory Editor, Lee, Sukhan, editor, Ismail, Roslan, editor, and Choo, Hyunseung, editor

Published
2019
Full Text
View/download PDF

6. New Technologies in Password Cracking Techniques

Author

Aggarwal, Sudhir, Houshmand, Shiva, Weir, Matt, Tzafestas, S.G., Series Editor, Antsaklis, P., Advisory Editor, Borne, P., Advisory Editor, Carelli, R., Advisory Editor, Fukuda, T., Advisory Editor, Gans, N.R., Advisory Editor, Harashima, F., Advisory Editor, Martinet, P., Advisory Editor, Monaco, S., Advisory Editor, Negenborn, R.R., Advisory Editor, Pascoal, A.M., Advisory Editor, Schmidt, G., Advisory Editor, Sobh, T.M., Advisory Editor, Tzafestas, C., Advisory Editor, Valavanis, K., Advisory Editor, Lehto, Martti, editor, and Neittaanmäki, Pekka, editor

Published
2018
Full Text
View/download PDF

9. Optimization of Rainbow Tables for Practically Cracking GSM A5/1 Based on Validated Success Rate Modeling

Author

Li, Zhen, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, and Sako, Kazue, editor

Published
2016
Full Text
View/download PDF

12. Analysis of the Non-perfect Table Fuzzy Rainbow Tradeoff

Author

Kim, Byoung-Il, Hong, Jin, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Boyd, Colin, editor, and Simpson, Leonie, editor

Published
2013
Full Text
View/download PDF

14. How to Break EAP-MD5

Author

Liu, Fanbao, Xie, Tao, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Askoxylakis, Ioannis, editor, Pöhls, Henrich C., editor, and Posegga, Joachim, editor

Published
2012
Full Text
View/download PDF

15. Analysis of the Parallel Distinguished Point Tradeoff

Author

Hong, Jin, Lee, Ga Won, Ma, Daegun, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Bernstein, Daniel J., editor, and Chatterjee, Sanjit, editor

Published
2011
Full Text
View/download PDF

16. Security

Author

Nielsen, Anton, Scott, John Edward, Kennedy, Sharon, Aust, Dietmar, Kubicek, Denes, D’Souza, Martin Giffy, Mattamal, Raj, Gault, Doug, McGhan, Dan, Gielis, Dimitri, Mignault, Francis, Hartman, Roel, Nielsen, Anton, and Hichwa, Michael

Published
2011
Full Text
View/download PDF

18. Add "Salt" MD5 Algorithm’s FPGA Implementation.

Author

Tian, Ye, Zhang, Kun, Wang, Pu, Zhang, Yuming, and Yang, Jun

Subjects
FIELD programmable gate arrays, COMPUTER network security, DATA encryption, RANDOM numbers, GATE array circuits
Abstract

At present, the MD5 algorithm in network security of got to a wide range of applications in many respects, but in be used actually face being hit by a "rainbow table" library of security risks, this design adopts the method of "salt", based on the proposed encryption definitely added to the random Numbers to reduce the risk. This article first introduces the principle and the risk for the MD5 algorithm and puts forward the theoretical basis to solve the problem, and then describes the improvement to solve the problem of the MD5 algorithm in FPGA to realize the overall architecture, analyses the function of each module, finally gives the Altera corporation based on series of the Cyclone II device DE2 system board the implementation of the results. Through the experimental results can be seen that the MD5 algorithm based on FPGA implementation has high processing speed and less resource usage, and based on FPGA and "salt" of plaintext processing can effectively reduce the use of the risk of "rainbow table" bump library, has certain practical value 1 [ABSTRACT FROM AUTHOR]

Published
2018
Full Text
View/download PDF

20. Variants of the Distinguished Point Method for Cryptanalytic Time Memory Trade-Offs

Author

Hong, Jin, Jeong, Kyung Chul, Kwon, Eun Young, Lee, In-Sok, Ma, Daegun, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Chen, Liqun, editor, Mu, Yi, editor, and Susilo, Willy, editor

Published
2008
Full Text
View/download PDF

21. Time-Memory Trade-Off Attack on FPGA Platforms: UNIX Password Cracking

Author

Mentens, Nele, Batina, Lejla, Preneel, Bart, Verbauwhede, Ingrid, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Dough, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Bertels, Koen, editor, Cardoso, João M. P., editor, and Vassiliadis, Stamatis, editor

Published
2006
Full Text
View/download PDF

22. Application of LFSRs in Time/Memory Trade-Off Cryptanalysis

Author

Mukhopadhyay, Sourav, Sarkar, Palash, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Dough, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Song, Joo-Seok, editor, Kwon, Taekyoung, editor, and Yung, Moti, editor

Published
2006
Full Text
View/download PDF

23. A Novel Improvement With an Effective Expansion to Enhance the MD5 Hash Function for Verification of a Secure E-Document

Author

Ammar Mohammed Ali and Alaa Kadhim Farhan

Subjects
General Computer Science, Computer science, chaotic system, Hash function, Cryptography, 02 engineering and technology, Encryption, 01 natural sciences, Brute-force attack, Data integrity, LFSR, 0202 electrical engineering, electronic engineering, information engineering, General Materials Science, business.industry, 010401 analytical chemistry, General Engineering, data integrity, 0104 chemical sciences, MD5, Rainbow table, Computer engineering, IP, Key (cryptography), MD5 hash function, 020201 artificial intelligence & image processing, lcsh:Electrical engineering. Electronics. Nuclear engineering, business, Ribonucleic acid (RNA), lcsh:TK1-9971
Abstract

MD5 is a one-way cryptographic function used in various fields for maintaining data integrity. The application of a Hash function can provide much protection and privacy and subsequently reduce data usage. Most users are familiar with validating electronic documents based on a Hash function, such as the MD5 algorithm and other hash functions, to demonstrate the data integrity. There are many weaknesses of the current MD5 algorithm, mainly its failures and weaknesses against varying types of attacks, such as brute force attacks, rainbow table attacks, and Christmas attacks. Therefore, the method proposed in this paper enhances the MD5 algorithm by adding a dynamic variable length and a high efficiency that simulates the highest security available. Whereas the logistic system was used to encode ribonucleic acid (RNA) by generating a random matrix based on a new key that was created using the initial permutation (IP) tables used in the data encryption stander (DES) with the linear-feedback shift register (LFSR), this work proposes several structures to improve the MD5 hash function. The experimental results demonstrate its high resistance to hackers while maintaining a suitable duration. This paper discusses the design of a confident hash algorithm. This algorithm has characteristics that enable it to succeed in the field of digital authentication and data integrity.

Published
2020

24. Cryptography: A Quantitative Analysis of the Effectiveness of Various Password Storage Techniques

Author

Sandip Patra and Rohan Patra

Subjects
Password, Dictionary attack, Computer science, business.industry, Salt (cryptography), Hash function, Cryptography, General Medicine, General Chemistry, Computer security, computer.software_genre, Password strength, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Rainbow table, Storage security, business, computer
Abstract

Recently, there has been a rise in impactful data breaches releasing billions of people’s online accounts and financial data into the public domain. The result is an increased importance of effective cybersecurity measures, especially regarding the storage of user passwords. Strong password storage security means that an actor cannot use the passwords in vectors such as credential-stuffing attacks despite having access to breached data. It will also limit user exposure to threats such as unauthorized account charges or account takeovers. This research evaluates the effectiveness of different password storage techniques. The storage techniques to be tested are: BCRYPT Hashing, SHA-256 Hashing, SHA-256 with Salt, and SHA-256 with MD5 Chaining. Following the National Institute of Standards and Technology (NIST) guidelines on password strength, both a weak and robust password will be passed through the stated techniques. Reversal of each of the results will be attempted using Rainbow Tables and dictionary attacks. The study results show that pairing a strong password that has not been exposed in a data breach with the BCRYPT hashing algorithm results in the most robust password security. However, SHA-256 hashing with a salt results in a very similar level of security while maintaining better performance. While plain SHA-256 hashing or chaining multiple hashing algorithms together is theoretically as secure, in practice, they are easily susceptible to simple attacks and thus should not be used in a production environment. Requiring strong password which have not been exposed in previous data breaches was also found to greatly increase security.

Published
2021

25. Precomputation for Rainbow Tables has Never Been so Fast

Author

Diane Leblanc-Albarel, Xavier Carpent, Gildas Avoine, Security & PrIvaCY (SPICY), SYSTÈMES LARGE ÉCHELLE (IRISA-D1), Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), Université de Rennes (UR)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-IMT Atlantique (IMT Atlantique), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT)-Université de Rennes (UR)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT)-Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT), Department of Computer Science - K.U.Leuven, and Catholic University of Leuven - Katholieke Universiteit Leuven (KU Leuven)

Subjects
Password, Computer science, business.industry, Cryptography, Construct (python library), Upper and lower bounds, Bottleneck, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Rainbow table, Time-Memory Trade-Offs (TMTO), Precomputation, Distributed precomputation, Table (database), business, Algorithm
Abstract

International audience; Cryptanalytic time-memory trade-offs (TMTOs) are techniques commonly used in computer security e.g., to crack passwords. However, TMTOs usually encounter in practice a bottleneck that is the time needed to perform the precomputation phase (preceding to the attack). We introduce in this paper a technique, called distributed filtration-computation, that significantly reduces the precomputation time without any negative impact the online phase. Experiments performed on large problems with a 128-core computer perfectly match the theoretical expectations. We construct a rainbow table for a space N=242 in approximately 8 h instead of 50 h for the usual way to generate a table. We also show that the efficiency of our technique is very close from the theoretical time lower bound.

Published
2021

26. Comparison of perfect table cryptanalytic tradeoff algorithms.

Author

Lee, Ga and Hong, Jin

Subjects
CRYPTOGRAPHY, ALGORITHMS, TABLE manipulation (Computer science), PARAMETERS (Statistics), PAIRED comparisons (Mathematics), FUNCTION composition
Abstract

The performances of three major time memory tradeoff algorithms were compared in a recent paper. The algorithms considered there were the classical Hellman tradeoff and the non-perfect table versions of the distinguished point method and the rainbow table method. This paper adds the perfect table versions of the distinguished point method and the rainbow table method to the list, so that all the major tradeoff algorithms may now be compared against each other. Even though there are existing claims as to the superiority of one tradeoff algorithm over another algorithm, the algorithm performance comparisons provided by the current work and the recent paper mentioned above are of higher practical value. We provide comparisons of algorithms at parameters that achieve a common success rate of inversion and which take both the cost of pre-computation and the efficiency of the online phase into account. The comparisons are based on the average case execution behaviors rather than the worst case situations, and non-negligible details such as the effects of false alarms and various storage optimization techniques are no longer ignored. A large portion of this paper is allocated to analyzing the execution behavior of the perfect table distinguished point method. In particular, we obtain a closed-form formula for the average length of chains associated with a perfect distinguished point table. [ABSTRACT FROM AUTHOR]

Published
2016
Full Text
View/download PDF

27. Authentication by Encrypted Negative Password

Author

Junteng Wang, Yamin Hu, Hao Jiang, and Wenjian Luo

Subjects
Password, 021110 strategic, defence & security studies, Authentication, Dictionary attack, Computer Networks and Communications, business.industry, Computer science, computer.internet_protocol, Salt (cryptography), 0211 other engineering and technologies, Cryptography, 02 engineering and technology, Encryption, Computer security, computer.software_genre, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Symmetric-key algorithm, Rainbow table, Cryptographic hash function, Password authentication protocol, Safety, Risk, Reliability and Quality, business, computer
Abstract

Secure password storage is a vital aspect in systems based on password authentication, which is still the most widely used authentication technique, despite some security flaws. In this paper, we propose a password authentication framework that is designed for secure password storage and could be easily integrated into existing authentication systems. In our framework, first, the received plain password from a client is hashed through a cryptographic hash function (e.g., SHA-256). Then, the hashed password is converted into a negative password. Finally, the negative password is encrypted into an encrypted negative password (ENP) using a symmetric-key algorithm (e.g., AES), and multi-iteration encryption could be employed to further improve security. The cryptographic hash function and symmetric encryption make it difficult to crack passwords from ENPs. Moreover, there are lots of corresponding ENPs for a given plain password, which makes precomputation attacks (e.g., lookup table attack and rainbow table attack) infeasible. The algorithm complexity analyses and comparisons show that the ENP could resist lookup table attack and provide stronger password protection under dictionary attack. It is worth mentioning that the ENP does not introduce extra elements (e.g., salt); besides this, the ENP could still resist precomputation attacks. Most importantly, the ENP is the first password protection scheme that combines the cryptographic hash function, the negative password, and the symmetric-key algorithm, without the need for additional information except the plain password.

Published
2019

28. AirCollect - efficiently recovering hashed phone numbers leaked via Apple AirDrop

Author

Milan Stute, Christian Weinert, Alexander Heinrich, Matthias Hollick, and Thomas Schneider

Subjects
Authentication, Responsible disclosure, Handshake, Exploit, Computer science, 010401 analytical chemistry, Hash function, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, 01 natural sciences, 0104 chemical sciences, Identifier, Rainbow table, 0202 electrical engineering, electronic engineering, information engineering, computer, Personally identifiable information
Abstract

Apple's file-sharing service AirDrop leaks phone numbers and email addresses by exchanging vulnerable hash values of the user's own contact identifiers during the authentication handshake with nearby devices. In a paper presented at USENIX Security'21, we theoretically describe two attacks to exploit these vulnerabilities and propose "PrivateDrop" as a privacy-preserving drop-in replacement for Apple's AirDrop protocol based on private set intersection. In this demo, we show how these vulnerabilities are efficiently exploitable via Wi-Fi and physical proximity to a target. Privacy and security implications include the possibility of conducting advanced spear phishing attacks or deploying multiple "collector" devices in order to build databases that map contact identifiers to specific locations. For our proof-of-concept, we leverage a custom rainbow table construction to reverse SHA-256 hashes of phone numbers in a matter of milliseconds. We discuss the trade-off between success rate and storage requirements of the rainbow table and, after following responsible disclosure with Apple, we publish our proof-of-concept implementation as "AirCollect" on GitHub.

Published
2021
Full Text
View/download PDF

29. Fast Decryption of Excel Document Encrypted by RC4 Algorithm

Author

Fei Yu, Lijun Zhang, and Cheng Tan

Subjects
Password, Key generation, business.industry, Computer science, 020206 networking & telecommunications, 02 engineering and technology, RC4, Encryption, Rainbow table, Brute-force attack, Personal computer, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), 020201 artificial intelligence & image processing, business, Algorithm
Abstract

In this paper, we give a fast decryption method of Excel document encrypted by RC4 algorithm. Through a detailed analysis of document storage structure and encryption process, we illustrate the inner principle of key generation and data encryption in the block by block manner. We present an efficient way of recovering the intermediate key by using rainbow table attack, which can be directly applied to decrypt the Excel document. The advantage of our method is that the decryption time of one document is no longer affected by the password length and complexity. In our practical test, it has achieved the decryption of Excel encrypted documents in an average of 3 minutes on a common personal computer, which greatly improves decryption efficiency of encrypted documents compared with the current dictionary and brute force attack methods of recovering document password.

Published
2020

30. An Experimental Evaluation on the Dependency between One-Way Hash Functions and Salt

Author

Urvesh Rathod, B. R. Chandavarkar, and Meghna Sonkar

Subjects
Password, Authentication, Dictionary attack, Alphanumeric, Computer science, Salt (cryptography), Hash function, 02 engineering and technology, Computer security, computer.software_genre, 01 natural sciences, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Rainbow table, 020204 information systems, 0103 physical sciences, 0202 electrical engineering, electronic engineering, information engineering, Cryptographic hash function, 010301 acoustics, computer
Abstract

Passwords are barriers that protect unauthorized users from accessing personal information in any application. Protecting passwords is one of the challenging tasks in today's world. Currently, a combination of Username/Password used for authentication for a large number of applications. Malicious users might try to steal/misuse the user's data for unethical purposes. To prevent passwords from stealing, developers prefer to use one-way hash functions. One-way hash functions are theoretically irreversible functions that take as an input variable size text and output fixed-sized text. In reality, hash functions are not collision-resistant. Therefore it is recommended to use passwords and randomly generated text called salt to generate hash values and prevent rainbow tables and dictionary attacks. Passwords are hashed at the client-side and sent across the public channel/network. A salt is a randomly generated alphanumeric text used to concatenate with a password to generate a random hash value. This paper demonstrates how the random generation of salt is dependent on passwords and how hash values are dependent on salt. Further, analysis of the behaviour of passwords and hash values using various tools like Wireshark, Ettercap, and Hydra are presented in the paper.

Published
2020

31. New Approach in the Rainbow Tables Method for Human-Like Passwords

Author

Georgii I. Borzunov, Konstantin Kogos, Anna Epishkina, and Mark A. Alpatskiy

Subjects
Password, Character (mathematics), Dependency (UML), Rainbow table, Computer science, Hash function, 0202 electrical engineering, electronic engineering, information engineering, Byte, 020206 networking & telecommunications, 020201 artificial intelligence & image processing, Reduction function, 02 engineering and technology, Arithmetic
Abstract

This paper represents a new approach to rainbow tables, a method of password recovery that was originally developed by Martin E. Hellman and then improved by P. Oechslin, so most of its implementations use Oechslin’s modification. An improvement represented in this work mostly lies in the reduction function, which uses character statistics to generate more "human-like" passwords. Though it generates passwords 5 to 10 times slower than reduction function, which uses direct dependency between hash bytes and the inserted characters, it significantly increases common efficiency in memory (8 to 30 times less memory needed to store these tables) and successful "human-like" passwords recovery probability, while these tables are generated by the same time as tables with the use of "random" reduction function.

Published
2020

32. Implementation of high speed rainbow table generation using Keccak hashing algorithm on GPU

Author

Keisuke Iwai, Thuong Nguyen Dat, Takashi Matsubara, and Takakazu Kurokawa

Subjects
Password, Search engine, CUDA, Rainbow table, Xeon, Computer science, Hash function, Rainbow, Thread (computing), Parallel computing, Software_PROGRAMMINGTECHNIQUES, ComputingMethodologies_COMPUTERGRAPHICS
Abstract

This paper proposes the implementation of high speed rainbow table generation using Keccak hashing algorithm with the integrated development environment CUDA for GPU in the heterogeneous GPU+CPU system. Utilizing the GPU’s powerful capacity, the algorithm greatly improves the performance of rainbow chain generation by dispatching the pre-computation of rainbow chain to each GPU thread. The table generation speed on GPU+CPU system and CPU was compared by the configuration of chain length and number of chains in this paper. In addition, the password coverage rate of table generated by the proposed reduction function was evaluated.The speed-up of pre-computation on GPU GeForce GTX 1080 outperforms that on CPU Xeon E5-1620 v4 3.5GHz by 239 times when the chain length is 200.

Published
2019

33. Cryptanalysis on the Head and Tail Technique for Hashing Passwords

Author

Ruji P. Medina, Ariel M. Sison, and Michael Angelo D. Brogada

Subjects
Password, 021110 strategic, defence & security studies, Dictionary attack, Computer science, business.industry, Hash function, 0211 other engineering and technologies, Cryptography, 02 engineering and technology, law.invention, MD5, Rainbow table, law, Lookup table, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Cryptanalysis, business, Algorithm
Abstract

Researchers and experts had developed numerous hash-based password authentication schemes. Inappropriately, most of them are susceptible to different attacks. This study centers on the process of performing cryptanalysis on the developed Head and Tail (HT) technique for hashing passwords. The research tested the HT technique in terms of its capacity to resist a dictionary attack, rainbow tables attack, and brute-force attack. To test the strength of the HT technique, HashCat, John the Ripper, RainbowCrack, and online cracking systems from crackstation.net and hashkiller.co.uk were used as tools for cracking. After the experiment, the result shows that the cracking tools failed to crack the HT technique. Further tests showed that generating a password-hash value pair or lookup table for MD5-HT and SHA1-HT is 16 times slower than standard MD5 and SHA1. Thus, the Head and Tail (HT) technique is a secured method for hashing passwords.

Published
2019

34. Add 'Salt' MD5 Algorithm’s FPGA Implementation

Author

Kun Zhang, Yuming Zhang, Ye Tian, Jun Yang, and Pu Wang

Subjects
Computer science, Salt (cryptography), business.industry, Network security, 020206 networking & telecommunications, Plaintext, 02 engineering and technology, Function (mathematics), Encryption, MD5, Rainbow table, 0202 electrical engineering, electronic engineering, information engineering, General Earth and Planetary Sciences, 020201 artificial intelligence & image processing, business, Field-programmable gate array, Algorithm, General Environmental Science
Abstract

At present, the MD5 algorithm in network security of got to a wide range of applications in many respects, but in be used actually face being hit by a "rainbow table" library of security risks, this design adopts the method of "salt", based on the proposed encryption definitely added to the random Numbers to reduce the risk. This article first introduces the principle and the risk for the MD5 algorithm and puts forward the theoretical basis to solve the problem, and then describes the improvement to solve the problem of the MD5 algorithm in FPGA to realize the overall architecture, analyses the function of each module, finally gives the Altera corporation based on series of the Cyclone II device DE2 system board the implementation of the results. Through the experimental results can be seen that the MD5 algorithm based on FPGA implementation has high processing speed and less resource usage, and based on FPGA and "salt" of plaintext processing can effectively reduce the use of the risk of "rainbow table" bump library, has certain practical value 1

Published
2018

35. A Comparison of Cryptanalytic Tradeoff Algorithms.

Author

Hong, Jin and Moon, Sunghwan

Subjects
CRYPTOGRAPHY, ALGORITHMS, PARAMETER estimation, CRYPTOGRAPHERS, PERFORMANCE evaluation
Abstract

Three time-memory tradeoff algorithms are compared in this paper. Specifically, the classical tradeoff algorithm by Hellman, the distinguished point tradeoff method, and the rainbow table method, in their non-perfect table versions, are treated. We show that, under parameters and assumptions that are typically considered in theoretic discussions of the tradeoff algorithms, the Hellman and distinguished point tradeoffs perform very close to each other and the rainbow table method performs somewhat better than the other two algorithms. Our method of comparison can easily be applied to other situations, where the conclusions could be different. The analysis of tradeoff efficiency presented in this paper does not ignore the effects of false alarms and also covers techniques for reducing storage, such as ending point truncations and index tables. Our comparison of algorithms fully takes into account success probabilities and precomputation efforts. [ABSTRACT FROM AUTHOR]

Published
2013
Full Text
View/download PDF

36. Adivinando passwords. Una propuesta para su búsqueda eficiente

Author

López Rodríguez, Damián, Universitat Politècnica de València. Departamento de Sistemas Informáticos y Computación - Departament de Sistemes Informàtics i Computació, Universitat Politècnica de València. Escola Tècnica Superior d'Enginyeria Informàtica, Mor Michael, Alejandro, López Rodríguez, Damián, Universitat Politècnica de València. Departamento de Sistemas Informáticos y Computación - Departament de Sistemes Informàtics i Computació, Universitat Politècnica de València. Escola Tècnica Superior d'Enginyeria Informàtica, and Mor Michael, Alejandro

Abstract

[ES] El acceso a los sistemas informáticos está desde siempre ligado a la utilización de palabras de paso o passwords. Por motivos de seguridad, los passwords se han almacenado de forma oculta en los sistemas, siendo habitualmente el resultado de la aplicación de una función resumen -o hash- sobre el password. Dichas funciones resumen tienen una gran relevancia para el mantenimiento seguro de los passwords. También son invertibles, con una probabilidad de colisión inversamente proporcional de forma exponencial al número de bits del resumen. Una aproximación para encontrar dichas colisiones se basa en la construcción de las denominadas tablas del arco iris, que emplean una aproximación time-memory trade-off (TMTO), mostrándose eficientes a la hora de encontrar colisiones y posibilitando el acceso no autorizado a los sistemas., [CA] L’accés al sistemes informàtics ha estat des-de sempre lligat a l’ús de paraules de pas o passwords. Per motius de seguretat, els passwords son emmagatzemats de forma oculta als sistemes, seguint habitualment el resultat de l’aplicació d’una funció resum -o hash- sobre el password. Aquestes funcions resum tenen una gran rellevància a l’hora de mantindre els passwords segurament. També son invertibles, amb una probabilitat de col·lisió inversament proporcional exponencialment al nombre de bits del resum. Una aproximació per a encontrar dites col·lisions son les denominades taules rainbow, que fan ús d’una aproximació time-memory trade-off (TMTO), mostrant-se eficients a l’hora d’encontrar col·lisions i possibilitant l’accés no autoritzat als sistemes., [EN] Access to computer systems has always been tied to the use of passwords. For security reasons, passwords are stored in an occult manner, being usually the result of a hash function on the password. Said hash functions are highly relevant for safe-keeping passwords. They are also reversible, having a collision probability inversely proportional exponentially to the number of bits in the hash. An approximation for finding such collisions is based in the generation of the so called rainbow tables, which make use of a time-memory trade-off (TMTO), showing efficiency when looking for those collisions and allowing unauthorised access to the systems.

Published
2019

37. Tradeoff tables for compression functions: how to invert hash values.

Author

Kara, Orhum and Atalay, Adem

Subjects
*CONJOINT analysis, *CRYPTOGRAPHY, *DIGITAL signatures, *DATA integrity, *COMPUTER access control, *COMPUTER network protocols, *COMPUTER algorithms
Abstract

Hash functions are one of the ubiquitous cryptographic functions used widely for various applications such as digital signatures, data integrity, authentication protocols, MAC algorithms, RNGs, etc. Hash functions are supposed to be one-way, i.e., preimage resistant. One interesting property of hash functions is that they process arbitrary-length messages into fixed-length outputs. In general, this can be achieved mostly by applying compression functions onto the message blocks of fixed length, recursively. The length of the message is incorporated as padding in the last block prior to the hash, a procedure called the Merkle-Damgård strengthening. In this paper, we introduce a new way to find preimages on a hash function by using a rainbow table of its compression function even if the hash function utilizes the Merkle-Damgård (MD) strengthening as a padding procedure. To overcome the MD strengthening, we identify the column functions as representatives of certain set of preimages, unlike conventional usage of rainbow tables or Hellman tables to invert one-way functions. As a different approach, we use the position of the given value in the table to invert it. The workload of finding a preimage of a given arbitrary digest value is 22n/3 steps by using 22n/3 memory, where n is both the digest size and the length of the chaining value. We give some extensions of the preimage attack on certain improved variants of MD constructions such as using output functions, incorporating the length of message blocks or using random salt values. Moreover, we introduce the notion of "near-preimage" and mount an attack to find near-preimages. We generalize the attack when the digest size is not equal to the length of chaining value. We have verified the results experimentally, in which we could find a preimage in one minute for the 40-bit hash function, whereas the exhaustive search took roughly one week on a standard PC. [ABSTRACT FROM AUTHOR]

Published
2012
Full Text
View/download PDF

38. The cost of false alarms in Hellman and rainbow tradeoffs.

Author

Hong, Jin

Subjects
FALSE alarms, CRYPTOGRAPHY, ALGORITHMS, MATHEMATICAL functions, APPROXIMATION theory, MATHEMATICAL mappings, ITERATIVE methods (Mathematics), POLYNOMIALS
Abstract

Cryptanalytic time memory tradeoff algorithms are generic one-way function inversion techniques that utilize pre-computation. Even though the online time complexity is known up to a small multiplicative factor for any tradeoff algorithm, false alarms pose a major obstacle in its accurate assessment. In this work, we study the expected pre-image size for an iteration of functions and use the result to analyze the cost incurred by false alarms. We are able to present the expected online time complexities for the Hellman tradeoff and the rainbow table method in a manner that takes false alarms into account. We also analyze the effects of the checkpoint method in reducing false alarm costs. The ability to accurately compute the online time complexities will allow one to choose their tradeoff parameters more optimally, before starting the expensive pre-computation process. [ABSTRACT FROM AUTHOR]

Published
2010
Full Text
View/download PDF

41. A novel secure and efficient hash function with extra padding against rainbow table attacks

Author

Sunghyuck Hong, Jungpil Shin, and Hyung-Jin Mun

Subjects
Zero-knowledge password proof, Computer Networks and Communications, Salt (cryptography), Computer science, computer.internet_protocol, Crypt, Hash function, 02 engineering and technology, Computer security, computer.software_genre, One-time password, Padding, Password strength, S/KEY, 0202 electrical engineering, electronic engineering, information engineering, Key stretching, Syskey, Key derivation function, Password psychology, Password, Authentication, Password policy, Cognitive password, Pass the hash, Password cracking, 020206 networking & telecommunications, Passphrase, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Rainbow table, Hash chain, 020201 artificial intelligence & image processing, HMAC-based One-time Password Algorithm, Challenge–response authentication, computer, Software
Abstract

User authentication is necessary to provide services on an application system and the Internet. Various authentication methods are used such as ID/PW, biometric, and OTP authentications. One of the popular authentications is ID/PW authentication. As an inputted password is transferred by one-way hash function and then stored in DB, it is difficult for the DB administrator to figure out the password inputted by the user. However, when DB is leaked, and there is the time to decode, the password can be hacked. The time and cost to decode the original message from the hash value corresponding a short password decrease. Therefore, if the password is short, then attacking cost is low, and password crack possibility is high. In the case where an attacker utilizes pre-computing rainbow tables, and the hash value of short passwords is leaked, the password that the user inputted can be cracked. In this research, to block rainbow table attacks, when the user generates a short password, by adding additional messages of identification information of a system or the user and extending the length of the password, we try to resolve the vulnerability of short passwords. By proposing a model to minimize the length of the password and the authority accordingly in mobile devices on which inputting passwords is not easy, we take security into consideration. Our proposal model is strong against rainbow table attack and provides efficient password system to users. It contributes to resolving password vulnerability and upgrades mobile users’ convenience in typing passwords.

Published
2017

42. Analysis of the use of Rainbow Tables to break hash

Author

Filip Holik, Lukáš Petr, Oldřich Horák, Josef Horalek, and Vladimir Sobeslav

Subjects
Statistics and Probability, Discrete mathematics, 0209 industrial biotechnology, 020901 industrial engineering & automation, Theoretical computer science, Rainbow table, Artificial Intelligence, Computer science, Hash function, 0202 electrical engineering, electronic engineering, information engineering, General Engineering, 020201 artificial intelligence & image processing, 02 engineering and technology
Abstract

Tento dokument seznamuje s vytvořenou aplikaci pro generovani Rainbow tabulek a výsledky testů s využitim Rainbow tables podle delky zvoleneho řetězce. Přispěvek prezentuje specializovanou aplikaci obsahujici vlastni algoritmy pro funkce redukce, změnu delky řetězce, generovani Rainbow tables a detailni měřeni efektivity při vyhledavani hesla. V ramci testů je dale popsana zavislost velikosti rainbow tables na delce hesla, ovlivněni hash vyhledavani podle velikosti zvoleneho řetězce a propojeni s kolizemi, ktere vyvstavaji z principu využiti redukcni funkce. Výsledky objektivně popisuji výhody a nevýhody využiti Rainbow tables a ukazuji možnosti a omezeni pro jejich efektivni využiti.

Published
2017

43. An Improved Rainbow Table Attack for Long Passwords

Author

Fei Yu, Lijun Zhang, and Cheng Tan

Subjects
Password, Zero-knowledge password proof, Dictionary attack, Salt (cryptography), Computer science, business.industry, Password cracking, 020206 networking & telecommunications, 02 engineering and technology, Encryption, Computer security, computer.software_genre, One-time password, Password strength, S/KEY, Rainbow table, 0202 electrical engineering, electronic engineering, information engineering, General Earth and Planetary Sciences, 020201 artificial intelligence & image processing, business, computer, General Environmental Science
Abstract

The password recovery of popular encryption applications has great practical significance not only for the circumstance of retrieving forgotten password but also for assisting law enforcement officers to implement data forensics. In this paper, we propose an improved password recovery method based on rainbow table attack which enables the recovery feasibility of long human chosen passwords. We combine advantage of dictionary generator and rainbow table to produce an efficient and smart approach of cracking long and complicated passwords. We present the detailed attack process and algorithms of this novel cracking method including dictionary generator specification, transform rules configuration as well as the design of kernel functions in rainbow table attack. Finally, we also provide a practical test and relevant analysis of password recovery result.

Published
2017

44. New Encryption Method with Adaptable Computational and Memory Complexity Using Selected Hash Function

Author

Mateusz Wojsa and Grzegorz Górski

Subjects
021110 strategic, defence & security studies, Blowfish, Twofish, Computer science, business.industry, Hash function, 0211 other engineering and technologies, 020206 networking & telecommunications, 02 engineering and technology, Encryption, Cipher, Rainbow table, 0202 electrical engineering, electronic engineering, information engineering, business, Block size, Algorithm, Key size, Block cipher
Abstract

In this paper, we describe the new method of data encryption/decryption with selectable block and key length and hash function. The block size directly improves the efficiency but also impacts on memory complexity of the presented solution. The choice of hash function length results in computational complexity and complicates attacks using rainbow tables. The algorithm is a modification of SP (Substitution-Permutation) concept with the use of static S-blocks and dynamically indexed block permutation. In further step, usage of chosen operational modes of the method (ECB, CBC, CTR) is presented. In the article there is the example with all the algorithm parameters i.e. input and output data, key value, hash function type and set of all method internal states. The efficiency of the solution was experimentally examined and compared with the most popular bock cipher algorithms e.g. AES, Serpent, BlowFish, TwoFish. The obtained initial results indicate that the new method can be dedicated especially for systems with high security requirements. The paper conclusions contain propositions of algorithm implementation optimizations and further research.

Published
2019

45. An Approach to Defense Dictionary Attack with Message Digest Using Image Salt

Author

Keecheon Kim and Sun Young Park

Subjects
Theoretical computer science, Dictionary attack, business.industry, Computer science, Hash function, 020206 networking & telecommunications, Image processing, Cryptography, 02 engineering and technology, Encryption, Rainbow table, Ciphertext, 0202 electrical engineering, electronic engineering, information engineering, Cryptographic hash function, 020201 artificial intelligence & image processing, business
Abstract

Hash algorithms have been widely used for cryptography. It has been impossible to decrypt the ciphertexts generated through hash algorithms, as an operation that damages the original text is performed. However, various methods of attack occurred over time after the algorithm was developed. The vulnerability of SHA1 (an old hash algorithm) has been revealed, and there has been a great deal of data available for dictionary attacks. Although the industry has been gradually refraining from using SHA1, it remains in use in some existing systems for various reasons. For example, when problems resulting from service interruption or mass update are critical, updating the encryption algorithm can be a burden. In this study, we aim to increase the complexity of ciphertexts by postprocessing hash ciphertext. For that, image salting techniques are used using two-dimensional array masking. This will allow the use of hash ciphertexts with increased complexity in some devices that are forced to use old hash algorithms for various reasons.

Published
2019

46. The Function-Inversion Problem: Barriers and Opportunities

Author

Henry Corrigan-Gibbs and Dmitry Kogan

Subjects
Discrete mathematics, 0209 industrial biotechnology, Hash function, Random function, 0102 computer and information sciences, 02 engineering and technology, Function (mathematics), 01 natural sciences, Inversion (discrete mathematics), law.invention, 020901 industrial engineering & automation, Rainbow table, 010201 computation theory & mathematics, law, Cryptanalysis, Advice (complexity), Block cipher, Mathematics
Abstract

The task of function inversion is central to cryptanalysis: breaking block ciphers, forging signatures, and cracking password hashes are all special cases of the function-inversion problem. In 1980, Hellman showed that it is possible to invert a random function \(f{:}\,[N] \rightarrow [N]\) in time \(T = \widetilde{O}(N^{2/3})\) given only \(S = \widetilde{O}(N^{2/3})\) bits of precomputed advice about f. Hellman’s algorithm is the basis for the popular “Rainbow Tables” technique (Oechslin 2003), which achieves the same asymptotic cost and is widely used in practical cryptanalysis.

Published
2019

47. Adivinando passwords. Una propuesta para su búsqueda eficiente

Author

Mor Michael, Alejandro

Subjects
Función resumen, Password, Identification, Criptografía, Grado en Ingeniería Informática-Grau en Enginyeria Informàtica, Hash function, Tabla del arco iris, Identificación, Rainbow table, LENGUAJES Y SISTEMAS INFORMATICOS, Criptography
Abstract

[ES] El acceso a los sistemas informáticos está desde siempre ligado a la utilización de palabras de paso o passwords. Por motivos de seguridad, los passwords se han almacenado de forma oculta en los sistemas, siendo habitualmente el resultado de la aplicación de una función resumen -o hash- sobre el password. Dichas funciones resumen tienen una gran relevancia para el mantenimiento seguro de los passwords. También son invertibles, con una probabilidad de colisión inversamente proporcional de forma exponencial al número de bits del resumen. Una aproximación para encontrar dichas colisiones se basa en la construcción de las denominadas tablas del arco iris, que emplean una aproximación time-memory trade-off (TMTO), mostrándose eficientes a la hora de encontrar colisiones y posibilitando el acceso no autorizado a los sistemas., [CA] L’accés al sistemes informàtics ha estat des-de sempre lligat a l’ús de paraules de pas o passwords. Per motius de seguretat, els passwords son emmagatzemats de forma oculta als sistemes, seguint habitualment el resultat de l’aplicació d’una funció resum -o hash- sobre el password. Aquestes funcions resum tenen una gran rellevància a l’hora de mantindre els passwords segurament. També son invertibles, amb una probabilitat de col·lisió inversament proporcional exponencialment al nombre de bits del resum. Una aproximació per a encontrar dites col·lisions son les denominades taules rainbow, que fan ús d’una aproximació time-memory trade-off (TMTO), mostrant-se eficients a l’hora d’encontrar col·lisions i possibilitant l’accés no autoritzat als sistemes., [EN] Access to computer systems has always been tied to the use of passwords. For security reasons, passwords are stored in an occult manner, being usually the result of a hash function on the password. Said hash functions are highly relevant for safe-keeping passwords. They are also reversible, having a collision probability inversely proportional exponentially to the number of bits in the hash. An approximation for finding such collisions is based in the generation of the so called rainbow tables, which make use of a time-memory trade-off (TMTO), showing efficiency when looking for those collisions and allowing unauthorised access to the systems.

Published
2019

48. Grid Authentication: A Memorability and User Sentiment Study

Author

Mohd Anwar and Paul Biocco

Subjects
Password, Authentication, Dictionary attack, Computer science, 02 engineering and technology, 021001 nanoscience & nanotechnology, Login, Computer security, computer.software_genre, Grid, 01 natural sciences, Hash table, 010309 optics, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Rainbow table, 0103 physical sciences, 0210 nano-technology, computer
Abstract

Despite being one of the most crucial parts of online transactions, the most used authentication system, the username and password system, has shown to be weaker than ever. With the increase of processing power within computers, offline password attacks such as dictionary attacks, rainbow tables, and hash tables have become more effective against divulging account information from stolen databases. This has led to alternative solutions being proposed, such as logging in with a social media account or password managers, which do not replace the password entirely. Graphical alternatives have previously proposed, but none of them have become widely used. In a previous paper we proposed our own alternative called “Grid Authentication”, which would allow users to authenticate using a sequence of clicks on a colored Grid, shown to be resistant against offline password attacks. Now we have implemented and tested Grid Authentication’s memorability and recorded user sentiment data. Participants logged in using a newly created password, an 8-character password randomly generated for them, as well as used Grid Authentication scheme for three days each, once per day. We found that overall, Grid Authentication’s memorability was like a user chosen password, and far superior to the randomly generated 8-character password. We also observed that user’s overall sentiment towards Grid Authentication increased significantly after three days of regular use. Despite this, while sentiment over the system was overall positive, users perceived that they remembered the password more easily, perhaps given hints as to why alternative authentication types have not become widely used.

Published
2019

49. Cued-Click Point Graphical Password Using Circular Tolerance to Increase Password Space and Persuasive Features

Author

Debi Prasad Mishra, Karmajit Patra, Prajnya Priyadarsini Satapathy, and Bhushan Nemade

Subjects
0106 biological sciences, Zero-knowledge password proof, Software_OPERATINGSYSTEMS, Salt (cryptography), Computer science, 0211 other engineering and technologies, 02 engineering and technology, 01 natural sciences, One-time password, S/KEY, Password strength, World Wide Web, Human–computer interaction, Key stretching, Syskey, Key derivation function, Password psychology, General Environmental Science, Password, Authentication, 021110 strategic, defence & security studies, tolerance, Cognitive password, Passphrase, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Rainbow table, cued-click point (CCP), password space, General Earth and Planetary Sciences, 010606 plant biology & botany
Abstract

Graphical password can be used as an alternative to text based (alphanumeric) password in which users click on images to set their passwords. Text based password uses username and password. So recalling of password is necessary which may be a difficult one. Images are generally easier to be remembered than text and in Graphical password; user can set images as their password. Therefore graphical password has been proposed by many researchers as an alternative to text based password Graphical passwords can be applied to workstation, web log-in applications, ATM machines, mobile devices etc. This paper presents implementation of Cued click point (CCP) graphical password which uses circular tolerance. Then it is found that CCP with circular tolerance is better as compared to CCP with rectangular tolerance.

Published
2016

50. Towards Improving Storage Cost and Security Features of Honeyword Based Approaches

Author

Nilesh Chakraborty and Samrat Mondal

Subjects
Honeyword, Storage Cost, Zero-knowledge password proof, Computer science, 0211 other engineering and technologies, 02 engineering and technology, Computer security, computer.software_genre, One-time password, Password strength, S/KEY, Password, Attack model, Syskey, General Environmental Science, 021110 strategic, defence & security studies, Authentication, Plaintext, Adversary, Inversion Attack, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Rainbow table, Security, General Earth and Planetary Sciences, Challenge–response authentication, computer
Abstract

Password based authentication shows its vulnerability against inversion attack model in which adversary obtains plaintext password from its corresponding hashed value. To cope up with such attack, honeyword based authentication technique is introduced. In this technique, along with the original password of user, some dummy passwords or honeywords are also stored. Although this technique is good enough to address the aforementioned security breach, but use of additional storage to store the honeywords is still an overhead associated with such approach. In this paper, we have proposed few directions to minimize the storage cost of some of the existing honeyword generation approaches. We have even found that in some cases no additional storage overhead is required. A comparative analysis at the end also shows that the proposed techniques are able to raise some of the security features compared to existing honeyword generation approaches.

Published
2016

Catalog

Books, media, physical & digital resources
See catalog results