An Improved Password Security Based on Salted Password and Hash Emotion using Bcrypt Algorithm
Main Article Content
Abstract
Cryptographic hash functions are ones of many methods used for password storing.
However, cryptographic hash functions were designed to be very fast, which means there
is a clack for Rainbow Table attack therefore, using hash functions alone is, therefore,
not enough for storing passwords security. This paper proposed a method which uses a salt
value with Bcrypt before storing the password in the database. The security was proved
by using Hashcat. The results showed that Bcrypt on its own and Bcrypt with a salt value
could withstand the attack.
Article Details
How to Cite
[1]
นาโท ป. and บุญครอง ศ., “An Improved Password Security Based on Salted Password and Hash Emotion using Bcrypt Algorithm”, RMUTI Journal, vol. 11, no. 1, pp. 136–145, Apr. 2018.
Section
Research article
References
[1] Stallings, W. (2005). Cryptography and Network Security. Prentice Hall
[2] Kumari, C. S. and Rani, M. D. (2013). Hacking Resistance Protocol for Securing Passwords using
Personal Device. In 7th International Conference on Intelligent Systems and Control (ISCO).
pp. 458-463
[3] Kumar, H. (2013). Rainbow Table to Crack Password using MD5 Hashing Algorithm. In IEEE
Conference on Information and Communication Technologies.
[4] Li, P., Sui, Y., and Yang, H. (2010). The Parallel Computation in One-Way Hash Function
Designing. In International Conference on Computer, Mecharronics, Control and
eLectornic Enginering (CMCE). pp. 189-192
[5] Provos, N. and Mazeries, D. (1999). A Future Adaptable Password Scheme. In Proceedings of
the FREENIX Track: 1999 USENIX Annual Technical Conference, June 6-11, 1999.
Monterey, California, USA 1999.
[6] Cindy, M., Kioon, A., Wang Z., and Deb, S. (2013). Security Analysis of MD5 algorithm in
Password Storage. In Proceeding of the 2nd International Symposium on Computer,
Communication, Control and Automation, (ISCCCA-13). DOI: 10.2991/isccca.2013.177.
[7] Boonkrong, S. (2012). Security of Passwords. Journal of Information Technology. Vol. 8,
No. 2, pp. 112-117
[8] Sood, S. K. Sarje, A. K., and Singh, K. (2009). Cryptanalysis of Password Authentication
Schemes: Current Status and Key Issues. In Methods and Models in Computer Science, 2009.
ICM2CS 2009. Proceeding of International Conference on, Dec 2009. pp. 1-7
[9] Ma, W., Campbell, J., Tran, D., and Kleeman, D. (2010). Password Entropy and Password
Quality. In 4th International Conference on Network and System Security (NSS). pp. 583-587
[10] Zheng, X. and Jin, J. (2012). Research for the Application and Safety of MD5 Algorithm in
Password Authentication. In Proceedings of the 9th International Conference on Fuzzy
Systems and Knowledge Discovery (FSKD). pp. 2216-2219
[11] Gauravaram, P. (2012). Security Analysis of salt||password Hashes. In Advanced Computer
Science Applications and Technologies (ACSAT), 2012 International Conference on. pp. 25-30
[12] Kumar, H., Kumar, S., Joseph, R., Kumar, D., Shrinarayan Singh, S. K., Kumar, P., and Kumar, H.
(2013). Rainbow Table to Crack Password using MD5 Hashing Algorithm. In IEEE Conference
on Information Communication Technologies (ICT). pp. 433-439
[13] Boonkrong, S. and Somboonpattanakit, C. (2016). Dynamic Salt Generation and Placement for
Secure Password Storing. International Journal of Computer Science. Vol. 43, No. 1, pp. 27-36
[14] Whitney, L. (2017). Millions of LinkedIn passwords reportedly leaked online. Access
(4 July 2017). Available (https://www.cnet.com/news/millions-of-linkedin-passwords-reportedlyleaked-
online/)
[15] Slain, M. (2016). Worst Passwords of 2016. Access (14 March 2017). Available (https://www.
teamsid.com/worst-passwords-2016)
[16] University of South Wales: Information Security & Privacy. (2013). Kali How to crack
passwords using Hashcat - The Visual Guide. Access (14 March 2017). Available (https://
uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack-passwords-using-hashcat/)
[17] Sriramya, P. and Karthika, R. A. (2015). Providing Password Security By Salted Password
Hashing Using Bcrypt Algorithm. ARPN Journal of Engineering and Applied Sciences.
Vol. 10, Issue 13, pp. 5551-5556
[2] Kumari, C. S. and Rani, M. D. (2013). Hacking Resistance Protocol for Securing Passwords using
Personal Device. In 7th International Conference on Intelligent Systems and Control (ISCO).
pp. 458-463
[3] Kumar, H. (2013). Rainbow Table to Crack Password using MD5 Hashing Algorithm. In IEEE
Conference on Information and Communication Technologies.
[4] Li, P., Sui, Y., and Yang, H. (2010). The Parallel Computation in One-Way Hash Function
Designing. In International Conference on Computer, Mecharronics, Control and
eLectornic Enginering (CMCE). pp. 189-192
[5] Provos, N. and Mazeries, D. (1999). A Future Adaptable Password Scheme. In Proceedings of
the FREENIX Track: 1999 USENIX Annual Technical Conference, June 6-11, 1999.
Monterey, California, USA 1999.
[6] Cindy, M., Kioon, A., Wang Z., and Deb, S. (2013). Security Analysis of MD5 algorithm in
Password Storage. In Proceeding of the 2nd International Symposium on Computer,
Communication, Control and Automation, (ISCCCA-13). DOI: 10.2991/isccca.2013.177.
[7] Boonkrong, S. (2012). Security of Passwords. Journal of Information Technology. Vol. 8,
No. 2, pp. 112-117
[8] Sood, S. K. Sarje, A. K., and Singh, K. (2009). Cryptanalysis of Password Authentication
Schemes: Current Status and Key Issues. In Methods and Models in Computer Science, 2009.
ICM2CS 2009. Proceeding of International Conference on, Dec 2009. pp. 1-7
[9] Ma, W., Campbell, J., Tran, D., and Kleeman, D. (2010). Password Entropy and Password
Quality. In 4th International Conference on Network and System Security (NSS). pp. 583-587
[10] Zheng, X. and Jin, J. (2012). Research for the Application and Safety of MD5 Algorithm in
Password Authentication. In Proceedings of the 9th International Conference on Fuzzy
Systems and Knowledge Discovery (FSKD). pp. 2216-2219
[11] Gauravaram, P. (2012). Security Analysis of salt||password Hashes. In Advanced Computer
Science Applications and Technologies (ACSAT), 2012 International Conference on. pp. 25-30
[12] Kumar, H., Kumar, S., Joseph, R., Kumar, D., Shrinarayan Singh, S. K., Kumar, P., and Kumar, H.
(2013). Rainbow Table to Crack Password using MD5 Hashing Algorithm. In IEEE Conference
on Information Communication Technologies (ICT). pp. 433-439
[13] Boonkrong, S. and Somboonpattanakit, C. (2016). Dynamic Salt Generation and Placement for
Secure Password Storing. International Journal of Computer Science. Vol. 43, No. 1, pp. 27-36
[14] Whitney, L. (2017). Millions of LinkedIn passwords reportedly leaked online. Access
(4 July 2017). Available (https://www.cnet.com/news/millions-of-linkedin-passwords-reportedlyleaked-
online/)
[15] Slain, M. (2016). Worst Passwords of 2016. Access (14 March 2017). Available (https://www.
teamsid.com/worst-passwords-2016)
[16] University of South Wales: Information Security & Privacy. (2013). Kali How to crack
passwords using Hashcat - The Visual Guide. Access (14 March 2017). Available (https://
uwnthesis.wordpress.com/2013/08/07/kali-how-to-crack-passwords-using-hashcat/)
[17] Sriramya, P. and Karthika, R. A. (2015). Providing Password Security By Salted Password
Hashing Using Bcrypt Algorithm. ARPN Journal of Engineering and Applied Sciences.
Vol. 10, Issue 13, pp. 5551-5556