H-Rotation: Secure Storage and Retrieval of Passphrases on the Authentication Process

Passwords/passphrases can be either system generated or user-selected. A combination of both approaches is also possible—encryption created by the system and assigned to the user by the information system meeting the policy requirements. Policy rules can be designed to increase security and usability factors, such as information storage and retrieval. This paper proposes an algorithm dedicated to the security of passphrases in an online authentication, so the passphrase entered will be stored in a remote database. Through an SHA-3 hash function, the system must hash the pass phase. Before storage, the system must apply random rotations on the already generated HASH while eliminating any traceability performed on the different transactions performed. To prevent the hacker from using them recurrently if he wants to attack our database. Then the system must recover the real HASH and then the passphrase based on the data provided by the user in the form of codes.