264 results on '"Rainbow table"'
Search Results
2. Precomputation for Rainbow Tables has Never Been so Fast
- Author
-
Avoine, Gildas, Carpent, Xavier, Leblanc-Albarel, Diane, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Shulman, Haya, editor, and Waidner, Michael, editor
- Published
- 2021
- Full Text
- View/download PDF
3. Rainbow Tables for Cryptanalysis of A5/1 Stream Cipher
- Author
-
Gundaram, Praveen Kumar, Allu, Swamy Naidu, Yerukala, Nagendar, Tentu, Appala Naidu, Arabnia, Hamid, Series Editor, Palesi, Maurizio, editor, Trajkovic, Ljiljana, editor, Jayakumari, J., editor, and Jose, John, editor
- Published
- 2021
- Full Text
- View/download PDF
4. Contact Discovery in Mobile Messengers: Low-cost Attacks, Quantitative Analyses, and Efficient Mitigations.
- Author
-
HAGEN, CHRISTOPH, WEINERT, CHRISTIAN, SENDNER, CHRISTOPH, DMITRIENKO, ALEXANDRA, and SCHNEIDER, THOMAS
- Subjects
MESSENGERS ,PRIVACY ,CONSUMERS - Abstract
Contact discovery allows users of mobile messengers to conveniently connect with people in their address book. In this work, we demonstrate that severe privacy issues exist in currently deployed contact discovery methods and propose suitable mitigations. Our study of three popular messengers (WhatsApp, Signal, and Telegram) shows that large-scale crawling attacks are (still) possible. Using an accurate database of mobile phone number prefixes and very few resources, we queried 10 % of US mobile phone numbers for WhatsApp and 100 % for Signal. For Telegram, we find that its API exposes a wide range of sensitive information, even about numbers not registered with the service. We present interesting (cross-messenger) usage statistics, which also reveal that very few users change the default privacy settings. Furthermore, we demonstrate that currently deployed hashing-based contact discovery protocols are severely broken by comparing three methods for efficient hash reversal. Most notably, we show that with the password cracking tool "JTR," we can iterate through the entire worldwide mobile phone number space in <150 s on a consumer-grade GPU. We also propose a significantly improved rainbow table construction for non-uniformly distributed input domains that is of independent interest. Regarding mitigations, we most notably propose two novel rate-limiting schemes: our incremental contact discovery for services without server-side contact storage strictly improves over Signal's current approach while being compatible with private set intersection, whereas our differential scheme allows even stricter rate limits at the overhead for service providers to store a small constant-size state that does not reveal any contact information. [ABSTRACT FROM AUTHOR]
- Published
- 2022
- Full Text
- View/download PDF
5. An Approach to Defense Dictionary Attack with Message Digest Using Image Salt
- Author
-
Park, Sun-young, Kim, Keecheon, Kacprzyk, Janusz, Series Editor, Pal, Nikhil R., Advisory Editor, Bello Perez, Rafael, Advisory Editor, Corchado, Emilio S., Advisory Editor, Hagras, Hani, Advisory Editor, Kóczy, László T., Advisory Editor, Kreinovich, Vladik, Advisory Editor, Lin, Chin-Teng, Advisory Editor, Lu, Jie, Advisory Editor, Melin, Patricia, Advisory Editor, Nedjah, Nadia, Advisory Editor, Nguyen, Ngoc Thanh, Advisory Editor, Wang, Jun, Advisory Editor, Lee, Sukhan, editor, Ismail, Roslan, editor, and Choo, Hyunseung, editor
- Published
- 2019
- Full Text
- View/download PDF
6. New Technologies in Password Cracking Techniques
- Author
-
Aggarwal, Sudhir, Houshmand, Shiva, Weir, Matt, Tzafestas, S.G., Series Editor, Antsaklis, P., Advisory Editor, Borne, P., Advisory Editor, Carelli, R., Advisory Editor, Fukuda, T., Advisory Editor, Gans, N.R., Advisory Editor, Harashima, F., Advisory Editor, Martinet, P., Advisory Editor, Monaco, S., Advisory Editor, Negenborn, R.R., Advisory Editor, Pascoal, A.M., Advisory Editor, Schmidt, G., Advisory Editor, Sobh, T.M., Advisory Editor, Tzafestas, C., Advisory Editor, Valavanis, K., Advisory Editor, Lehto, Martti, editor, and Neittaanmäki, Pekka, editor
- Published
- 2018
- Full Text
- View/download PDF
7. Hashes and Passwords
- Author
-
Sinha, Sanjib and Sinha, Sanjib
- Published
- 2018
- Full Text
- View/download PDF
8. Secure Passwords
- Author
-
Müller, Michael and Müller, Michael
- Published
- 2018
- Full Text
- View/download PDF
9. Optimization of Rainbow Tables for Practically Cracking GSM A5/1 Based on Validated Success Rate Modeling
- Author
-
Li, Zhen, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, and Sako, Kazue, editor
- Published
- 2016
- Full Text
- View/download PDF
10. Hacking Basics
- Author
-
Rahalkar, Sagar Ajay and Rahalkar, Sagar Ajay
- Published
- 2016
- Full Text
- View/download PDF
11. Exploiting Vulnerabilities
- Author
-
Svensson, Robert and Svensson, Robert
- Published
- 2016
- Full Text
- View/download PDF
12. Analysis of the Non-perfect Table Fuzzy Rainbow Tradeoff
- Author
-
Kim, Byoung-Il, Hong, Jin, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Boyd, Colin, editor, and Simpson, Leonie, editor
- Published
- 2013
- Full Text
- View/download PDF
13. Enhanced Dictionary Based Rainbow Table
- Author
-
Thing, Vrizlynn L. L., Ying, Hwei-Ming, Gritzalis, Dimitris, editor, Furnell, Steven, editor, and Theoharidou, Marianthi, editor
- Published
- 2012
- Full Text
- View/download PDF
14. How to Break EAP-MD5
- Author
-
Liu, Fanbao, Xie, Tao, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Askoxylakis, Ioannis, editor, Pöhls, Henrich C., editor, and Posegga, Joachim, editor
- Published
- 2012
- Full Text
- View/download PDF
15. Analysis of the Parallel Distinguished Point Tradeoff
- Author
-
Hong, Jin, Lee, Ga Won, Ma, Daegun, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Bernstein, Daniel J., editor, and Chatterjee, Sanjit, editor
- Published
- 2011
- Full Text
- View/download PDF
16. Security
- Author
-
Nielsen, Anton, Scott, John Edward, Kennedy, Sharon, Aust, Dietmar, Kubicek, Denes, D’Souza, Martin Giffy, Mattamal, Raj, Gault, Doug, McGhan, Dan, Gielis, Dimitri, Mignault, Francis, Hartman, Roel, Nielsen, Anton, and Hichwa, Michael
- Published
- 2011
- Full Text
- View/download PDF
17. Virtual Expansion of Rainbow Tables
- Author
-
Thing, Vrizlynn, Chow, Kam-Pui, editor, and Shenoi, Sujeet, editor
- Published
- 2010
- Full Text
- View/download PDF
18. Add "Salt" MD5 Algorithm’s FPGA Implementation.
- Author
-
Tian, Ye, Zhang, Kun, Wang, Pu, Zhang, Yuming, and Yang, Jun
- Subjects
FIELD programmable gate arrays ,COMPUTER network security ,DATA encryption ,RANDOM numbers ,GATE array circuits - Abstract
At present, the MD5 algorithm in network security of got to a wide range of applications in many respects, but in be used actually face being hit by a "rainbow table" library of security risks, this design adopts the method of "salt", based on the proposed encryption definitely added to the random Numbers to reduce the risk. This article first introduces the principle and the risk for the MD5 algorithm and puts forward the theoretical basis to solve the problem, and then describes the improvement to solve the problem of the MD5 algorithm in FPGA to realize the overall architecture, analyses the function of each module, finally gives the Altera corporation based on series of the Cyclone II device DE2 system board the implementation of the results. Through the experimental results can be seen that the MD5 algorithm based on FPGA implementation has high processing speed and less resource usage, and based on FPGA and "salt" of plaintext processing can effectively reduce the use of the risk of "rainbow table" bump library, has certain practical value 1 [ABSTRACT FROM AUTHOR]
- Published
- 2018
- Full Text
- View/download PDF
19. Sessions, Users, and Registration
- Author
-
Holovaty, Adrian and Kaplan-Moss, Jacob
- Published
- 2009
- Full Text
- View/download PDF
20. Variants of the Distinguished Point Method for Cryptanalytic Time Memory Trade-Offs
- Author
-
Hong, Jin, Jeong, Kyung Chul, Kwon, Eun Young, Lee, In-Sok, Ma, Daegun, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Chen, Liqun, editor, Mu, Yi, editor, and Susilo, Willy, editor
- Published
- 2008
- Full Text
- View/download PDF
21. Time-Memory Trade-Off Attack on FPGA Platforms: UNIX Password Cracking
- Author
-
Mentens, Nele, Batina, Lejla, Preneel, Bart, Verbauwhede, Ingrid, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Sudan, Madhu, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Dough, Series editor, Vardi, Moshe Y., Series editor, Weikum, Gerhard, Series editor, Bertels, Koen, editor, Cardoso, João M. P., editor, and Vassiliadis, Stamatis, editor
- Published
- 2006
- Full Text
- View/download PDF
22. Application of LFSRs in Time/Memory Trade-Off Cryptanalysis
- Author
-
Mukhopadhyay, Sourav, Sarkar, Palash, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Dough, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Song, Joo-Seok, editor, Kwon, Taekyoung, editor, and Yung, Moti, editor
- Published
- 2006
- Full Text
- View/download PDF
23. A Novel Improvement With an Effective Expansion to Enhance the MD5 Hash Function for Verification of a Secure E-Document
- Author
-
Ammar Mohammed Ali and Alaa Kadhim Farhan
- Subjects
General Computer Science ,Computer science ,chaotic system ,Hash function ,Cryptography ,02 engineering and technology ,Encryption ,01 natural sciences ,Brute-force attack ,Data integrity ,LFSR ,0202 electrical engineering, electronic engineering, information engineering ,General Materials Science ,business.industry ,010401 analytical chemistry ,General Engineering ,data integrity ,0104 chemical sciences ,MD5 ,Rainbow table ,Computer engineering ,IP ,Key (cryptography) ,MD5 hash function ,020201 artificial intelligence & image processing ,lcsh:Electrical engineering. Electronics. Nuclear engineering ,business ,Ribonucleic acid (RNA) ,lcsh:TK1-9971 - Abstract
MD5 is a one-way cryptographic function used in various fields for maintaining data integrity. The application of a Hash function can provide much protection and privacy and subsequently reduce data usage. Most users are familiar with validating electronic documents based on a Hash function, such as the MD5 algorithm and other hash functions, to demonstrate the data integrity. There are many weaknesses of the current MD5 algorithm, mainly its failures and weaknesses against varying types of attacks, such as brute force attacks, rainbow table attacks, and Christmas attacks. Therefore, the method proposed in this paper enhances the MD5 algorithm by adding a dynamic variable length and a high efficiency that simulates the highest security available. Whereas the logistic system was used to encode ribonucleic acid (RNA) by generating a random matrix based on a new key that was created using the initial permutation (IP) tables used in the data encryption stander (DES) with the linear-feedback shift register (LFSR), this work proposes several structures to improve the MD5 hash function. The experimental results demonstrate its high resistance to hackers while maintaining a suitable duration. This paper discusses the design of a confident hash algorithm. This algorithm has characteristics that enable it to succeed in the field of digital authentication and data integrity.
- Published
- 2020
- Full Text
- View/download PDF
24. Cryptography: A Quantitative Analysis of the Effectiveness of Various Password Storage Techniques
- Author
-
Sandip Patra and Rohan Patra
- Subjects
Password ,Dictionary attack ,Computer science ,business.industry ,Salt (cryptography) ,Hash function ,Cryptography ,General Medicine ,General Chemistry ,Computer security ,computer.software_genre ,Password strength ,ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS ,Rainbow table ,Storage security ,business ,computer - Abstract
Recently, there has been a rise in impactful data breaches releasing billions of people’s online accounts and financial data into the public domain. The result is an increased importance of effective cybersecurity measures, especially regarding the storage of user passwords. Strong password storage security means that an actor cannot use the passwords in vectors such as credential-stuffing attacks despite having access to breached data. It will also limit user exposure to threats such as unauthorized account charges or account takeovers. This research evaluates the effectiveness of different password storage techniques. The storage techniques to be tested are: BCRYPT Hashing, SHA-256 Hashing, SHA-256 with Salt, and SHA-256 with MD5 Chaining. Following the National Institute of Standards and Technology (NIST) guidelines on password strength, both a weak and robust password will be passed through the stated techniques. Reversal of each of the results will be attempted using Rainbow Tables and dictionary attacks. The study results show that pairing a strong password that has not been exposed in a data breach with the BCRYPT hashing algorithm results in the most robust password security. However, SHA-256 hashing with a salt results in a very similar level of security while maintaining better performance. While plain SHA-256 hashing or chaining multiple hashing algorithms together is theoretically as secure, in practice, they are easily susceptible to simple attacks and thus should not be used in a production environment. Requiring strong password which have not been exposed in previous data breaches was also found to greatly increase security.
- Published
- 2021
- Full Text
- View/download PDF
25. Precomputation for Rainbow Tables has Never Been so Fast
- Author
-
Diane Leblanc-Albarel, Xavier Carpent, Gildas Avoine, Security & PrIvaCY (SPICY), SYSTÈMES LARGE ÉCHELLE (IRISA-D1), Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), Université de Rennes (UR)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Université de Bretagne Sud (UBS)-École normale supérieure - Rennes (ENS Rennes)-Institut National de Recherche en Informatique et en Automatique (Inria)-CentraleSupélec-Centre National de la Recherche Scientifique (CNRS)-IMT Atlantique (IMT Atlantique), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT)-Université de Rennes (UR)-Institut National des Sciences Appliquées - Rennes (INSA Rennes), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT)-Institut de Recherche en Informatique et Systèmes Aléatoires (IRISA), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT), Department of Computer Science - K.U.Leuven, and Catholic University of Leuven - Katholieke Universiteit Leuven (KU Leuven)
- Subjects
Password ,Computer science ,business.industry ,Cryptography ,Construct (python library) ,Upper and lower bounds ,Bottleneck ,[INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR] ,Rainbow table ,Time-Memory Trade-Offs (TMTO) ,Precomputation ,Distributed precomputation ,Table (database) ,business ,Algorithm - Abstract
International audience; Cryptanalytic time-memory trade-offs (TMTOs) are techniques commonly used in computer security e.g., to crack passwords. However, TMTOs usually encounter in practice a bottleneck that is the time needed to perform the precomputation phase (preceding to the attack). We introduce in this paper a technique, called distributed filtration-computation, that significantly reduces the precomputation time without any negative impact the online phase. Experiments performed on large problems with a 128-core computer perfectly match the theoretical expectations. We construct a rainbow table for a space N=242 in approximately 8 h instead of 50 h for the usual way to generate a table. We also show that the efficiency of our technique is very close from the theoretical time lower bound.
- Published
- 2021
- Full Text
- View/download PDF
26. Comparison of perfect table cryptanalytic tradeoff algorithms.
- Author
-
Lee, Ga and Hong, Jin
- Subjects
CRYPTOGRAPHY ,ALGORITHMS ,TABLE manipulation (Computer science) ,PARAMETERS (Statistics) ,PAIRED comparisons (Mathematics) ,FUNCTION composition - Abstract
The performances of three major time memory tradeoff algorithms were compared in a recent paper. The algorithms considered there were the classical Hellman tradeoff and the non-perfect table versions of the distinguished point method and the rainbow table method. This paper adds the perfect table versions of the distinguished point method and the rainbow table method to the list, so that all the major tradeoff algorithms may now be compared against each other. Even though there are existing claims as to the superiority of one tradeoff algorithm over another algorithm, the algorithm performance comparisons provided by the current work and the recent paper mentioned above are of higher practical value. We provide comparisons of algorithms at parameters that achieve a common success rate of inversion and which take both the cost of pre-computation and the efficiency of the online phase into account. The comparisons are based on the average case execution behaviors rather than the worst case situations, and non-negligible details such as the effects of false alarms and various storage optimization techniques are no longer ignored. A large portion of this paper is allocated to analyzing the execution behavior of the perfect table distinguished point method. In particular, we obtain a closed-form formula for the average length of chains associated with a perfect distinguished point table. [ABSTRACT FROM AUTHOR]
- Published
- 2016
- Full Text
- View/download PDF
27. Authentication by Encrypted Negative Password
- Author
-
Junteng Wang, Yamin Hu, Hao Jiang, and Wenjian Luo
- Subjects
Password ,021110 strategic, defence & security studies ,Authentication ,Dictionary attack ,Computer Networks and Communications ,business.industry ,Computer science ,computer.internet_protocol ,Salt (cryptography) ,0211 other engineering and technologies ,Cryptography ,02 engineering and technology ,Encryption ,Computer security ,computer.software_genre ,ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS ,Symmetric-key algorithm ,Rainbow table ,Cryptographic hash function ,Password authentication protocol ,Safety, Risk, Reliability and Quality ,business ,computer - Abstract
Secure password storage is a vital aspect in systems based on password authentication, which is still the most widely used authentication technique, despite some security flaws. In this paper, we propose a password authentication framework that is designed for secure password storage and could be easily integrated into existing authentication systems. In our framework, first, the received plain password from a client is hashed through a cryptographic hash function (e.g., SHA-256). Then, the hashed password is converted into a negative password. Finally, the negative password is encrypted into an encrypted negative password (ENP) using a symmetric-key algorithm (e.g., AES), and multi-iteration encryption could be employed to further improve security. The cryptographic hash function and symmetric encryption make it difficult to crack passwords from ENPs. Moreover, there are lots of corresponding ENPs for a given plain password, which makes precomputation attacks (e.g., lookup table attack and rainbow table attack) infeasible. The algorithm complexity analyses and comparisons show that the ENP could resist lookup table attack and provide stronger password protection under dictionary attack. It is worth mentioning that the ENP does not introduce extra elements (e.g., salt); besides this, the ENP could still resist precomputation attacks. Most importantly, the ENP is the first password protection scheme that combines the cryptographic hash function, the negative password, and the symmetric-key algorithm, without the need for additional information except the plain password.
- Published
- 2019
- Full Text
- View/download PDF
28. AirCollect - efficiently recovering hashed phone numbers leaked via Apple AirDrop
- Author
-
Milan Stute, Christian Weinert, Alexander Heinrich, Matthias Hollick, and Thomas Schneider
- Subjects
Authentication ,Responsible disclosure ,Handshake ,Exploit ,Computer science ,010401 analytical chemistry ,Hash function ,020206 networking & telecommunications ,02 engineering and technology ,Computer security ,computer.software_genre ,01 natural sciences ,0104 chemical sciences ,Identifier ,Rainbow table ,0202 electrical engineering, electronic engineering, information engineering ,computer ,Personally identifiable information - Abstract
Apple's file-sharing service AirDrop leaks phone numbers and email addresses by exchanging vulnerable hash values of the user's own contact identifiers during the authentication handshake with nearby devices. In a paper presented at USENIX Security'21, we theoretically describe two attacks to exploit these vulnerabilities and propose "PrivateDrop" as a privacy-preserving drop-in replacement for Apple's AirDrop protocol based on private set intersection. In this demo, we show how these vulnerabilities are efficiently exploitable via Wi-Fi and physical proximity to a target. Privacy and security implications include the possibility of conducting advanced spear phishing attacks or deploying multiple "collector" devices in order to build databases that map contact identifiers to specific locations. For our proof-of-concept, we leverage a custom rainbow table construction to reverse SHA-256 hashes of phone numbers in a matter of milliseconds. We discuss the trade-off between success rate and storage requirements of the rainbow table and, after following responsible disclosure with Apple, we publish our proof-of-concept implementation as "AirCollect" on GitHub.
- Published
- 2021
- Full Text
- View/download PDF
29. Fast Decryption of Excel Document Encrypted by RC4 Algorithm
- Author
-
Fei Yu, Lijun Zhang, and Cheng Tan
- Subjects
Password ,Key generation ,business.industry ,Computer science ,020206 networking & telecommunications ,02 engineering and technology ,RC4 ,Encryption ,Rainbow table ,Brute-force attack ,Personal computer ,0202 electrical engineering, electronic engineering, information engineering ,Key (cryptography) ,020201 artificial intelligence & image processing ,business ,Algorithm - Abstract
In this paper, we give a fast decryption method of Excel document encrypted by RC4 algorithm. Through a detailed analysis of document storage structure and encryption process, we illustrate the inner principle of key generation and data encryption in the block by block manner. We present an efficient way of recovering the intermediate key by using rainbow table attack, which can be directly applied to decrypt the Excel document. The advantage of our method is that the decryption time of one document is no longer affected by the password length and complexity. In our practical test, it has achieved the decryption of Excel encrypted documents in an average of 3 minutes on a common personal computer, which greatly improves decryption efficiency of encrypted documents compared with the current dictionary and brute force attack methods of recovering document password.
- Published
- 2020
- Full Text
- View/download PDF
30. An Experimental Evaluation on the Dependency between One-Way Hash Functions and Salt
- Author
-
Urvesh Rathod, B. R. Chandavarkar, and Meghna Sonkar
- Subjects
Password ,Authentication ,Dictionary attack ,Alphanumeric ,Computer science ,Salt (cryptography) ,Hash function ,02 engineering and technology ,Computer security ,computer.software_genre ,01 natural sciences ,ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS ,Rainbow table ,020204 information systems ,0103 physical sciences ,0202 electrical engineering, electronic engineering, information engineering ,Cryptographic hash function ,010301 acoustics ,computer - Abstract
Passwords are barriers that protect unauthorized users from accessing personal information in any application. Protecting passwords is one of the challenging tasks in today's world. Currently, a combination of Username/Password used for authentication for a large number of applications. Malicious users might try to steal/misuse the user's data for unethical purposes. To prevent passwords from stealing, developers prefer to use one-way hash functions. One-way hash functions are theoretically irreversible functions that take as an input variable size text and output fixed-sized text. In reality, hash functions are not collision-resistant. Therefore it is recommended to use passwords and randomly generated text called salt to generate hash values and prevent rainbow tables and dictionary attacks. Passwords are hashed at the client-side and sent across the public channel/network. A salt is a randomly generated alphanumeric text used to concatenate with a password to generate a random hash value. This paper demonstrates how the random generation of salt is dependent on passwords and how hash values are dependent on salt. Further, analysis of the behaviour of passwords and hash values using various tools like Wireshark, Ettercap, and Hydra are presented in the paper.
- Published
- 2020
- Full Text
- View/download PDF
31. New Approach in the Rainbow Tables Method for Human-Like Passwords
- Author
-
Georgii I. Borzunov, Konstantin Kogos, Anna Epishkina, and Mark A. Alpatskiy
- Subjects
Password ,Character (mathematics) ,Dependency (UML) ,Rainbow table ,Computer science ,Hash function ,0202 electrical engineering, electronic engineering, information engineering ,Byte ,020206 networking & telecommunications ,020201 artificial intelligence & image processing ,Reduction function ,02 engineering and technology ,Arithmetic - Abstract
This paper represents a new approach to rainbow tables, a method of password recovery that was originally developed by Martin E. Hellman and then improved by P. Oechslin, so most of its implementations use Oechslin’s modification. An improvement represented in this work mostly lies in the reduction function, which uses character statistics to generate more "human-like" passwords. Though it generates passwords 5 to 10 times slower than reduction function, which uses direct dependency between hash bytes and the inserted characters, it significantly increases common efficiency in memory (8 to 30 times less memory needed to store these tables) and successful "human-like" passwords recovery probability, while these tables are generated by the same time as tables with the use of "random" reduction function.
- Published
- 2020
- Full Text
- View/download PDF
32. Add 'Salt' MD5 Algorithm’s FPGA Implementation
- Author
-
Kun Zhang, Yuming Zhang, Ye Tian, Jun Yang, and Pu Wang
- Subjects
Computer science ,Salt (cryptography) ,business.industry ,Network security ,020206 networking & telecommunications ,Plaintext ,02 engineering and technology ,Function (mathematics) ,Encryption ,MD5 ,Rainbow table ,0202 electrical engineering, electronic engineering, information engineering ,General Earth and Planetary Sciences ,020201 artificial intelligence & image processing ,business ,Field-programmable gate array ,Algorithm ,General Environmental Science - Abstract
At present, the MD5 algorithm in network security of got to a wide range of applications in many respects, but in be used actually face being hit by a "rainbow table" library of security risks, this design adopts the method of "salt", based on the proposed encryption definitely added to the random Numbers to reduce the risk. This article first introduces the principle and the risk for the MD5 algorithm and puts forward the theoretical basis to solve the problem, and then describes the improvement to solve the problem of the MD5 algorithm in FPGA to realize the overall architecture, analyses the function of each module, finally gives the Altera corporation based on series of the Cyclone II device DE2 system board the implementation of the results. Through the experimental results can be seen that the MD5 algorithm based on FPGA implementation has high processing speed and less resource usage, and based on FPGA and "salt" of plaintext processing can effectively reduce the use of the risk of "rainbow table" bump library, has certain practical value 1
- Published
- 2018
- Full Text
- View/download PDF
33. A Comparison of Cryptanalytic Tradeoff Algorithms.
- Author
-
Hong, Jin and Moon, Sunghwan
- Subjects
CRYPTOGRAPHY ,ALGORITHMS ,PARAMETER estimation ,CRYPTOGRAPHERS ,PERFORMANCE evaluation - Abstract
Three time-memory tradeoff algorithms are compared in this paper. Specifically, the classical tradeoff algorithm by Hellman, the distinguished point tradeoff method, and the rainbow table method, in their non-perfect table versions, are treated. We show that, under parameters and assumptions that are typically considered in theoretic discussions of the tradeoff algorithms, the Hellman and distinguished point tradeoffs perform very close to each other and the rainbow table method performs somewhat better than the other two algorithms. Our method of comparison can easily be applied to other situations, where the conclusions could be different. The analysis of tradeoff efficiency presented in this paper does not ignore the effects of false alarms and also covers techniques for reducing storage, such as ending point truncations and index tables. Our comparison of algorithms fully takes into account success probabilities and precomputation efforts. [ABSTRACT FROM AUTHOR]
- Published
- 2013
- Full Text
- View/download PDF
34. Adivinando passwords. Una propuesta para su búsqueda eficiente
- Author
-
López Rodríguez, Damián, Universitat Politècnica de València. Departamento de Sistemas Informáticos y Computación - Departament de Sistemes Informàtics i Computació, Universitat Politècnica de València. Escola Tècnica Superior d'Enginyeria Informàtica, Mor Michael, Alejandro, López Rodríguez, Damián, Universitat Politècnica de València. Departamento de Sistemas Informáticos y Computación - Departament de Sistemes Informàtics i Computació, Universitat Politècnica de València. Escola Tècnica Superior d'Enginyeria Informàtica, and Mor Michael, Alejandro
- Abstract
[ES] El acceso a los sistemas informáticos está desde siempre ligado a la utilización de palabras de paso o passwords. Por motivos de seguridad, los passwords se han almacenado de forma oculta en los sistemas, siendo habitualmente el resultado de la aplicación de una función resumen -o hash- sobre el password. Dichas funciones resumen tienen una gran relevancia para el mantenimiento seguro de los passwords. También son invertibles, con una probabilidad de colisión inversamente proporcional de forma exponencial al número de bits del resumen. Una aproximación para encontrar dichas colisiones se basa en la construcción de las denominadas tablas del arco iris, que emplean una aproximación time-memory trade-off (TMTO), mostrándose eficientes a la hora de encontrar colisiones y posibilitando el acceso no autorizado a los sistemas., [CA] L’accés al sistemes informàtics ha estat des-de sempre lligat a l’ús de paraules de pas o passwords. Per motius de seguretat, els passwords son emmagatzemats de forma oculta als sistemes, seguint habitualment el resultat de l’aplicació d’una funció resum -o hash- sobre el password. Aquestes funcions resum tenen una gran rellevància a l’hora de mantindre els passwords segurament. També son invertibles, amb una probabilitat de col·lisió inversament proporcional exponencialment al nombre de bits del resum. Una aproximació per a encontrar dites col·lisions son les denominades taules rainbow, que fan ús d’una aproximació time-memory trade-off (TMTO), mostrant-se eficients a l’hora d’encontrar col·lisions i possibilitant l’accés no autoritzat als sistemes., [EN] Access to computer systems has always been tied to the use of passwords. For security reasons, passwords are stored in an occult manner, being usually the result of a hash function on the password. Said hash functions are highly relevant for safe-keeping passwords. They are also reversible, having a collision probability inversely proportional exponentially to the number of bits in the hash. An approximation for finding such collisions is based in the generation of the so called rainbow tables, which make use of a time-memory trade-off (TMTO), showing efficiency when looking for those collisions and allowing unauthorised access to the systems.
- Published
- 2019
35. Tradeoff tables for compression functions: how to invert hash values.
- Author
-
Kara, Orhum and Atalay, Adem
- Subjects
- *
CONJOINT analysis , *CRYPTOGRAPHY , *DIGITAL signatures , *DATA integrity , *COMPUTER access control , *COMPUTER network protocols , *ALGORITHMS - Abstract
Hash functions are one of the ubiquitous cryptographic functions used widely for various applications such as digital signatures, data integrity, authentication protocols, MAC algorithms, RNGs, etc. Hash functions are supposed to be one-way, i.e., preimage resistant. One interesting property of hash functions is that they process arbitrary-length messages into fixed-length outputs. In general, this can be achieved mostly by applying compression functions onto the message blocks of fixed length, recursively. The length of the message is incorporated as padding in the last block prior to the hash, a procedure called the Merkle-Damgård strengthening. In this paper, we introduce a new way to find preimages on a hash function by using a rainbow table of its compression function even if the hash function utilizes the Merkle-Damgård (MD) strengthening as a padding procedure. To overcome the MD strengthening, we identify the column functions as representatives of certain set of preimages, unlike conventional usage of rainbow tables or Hellman tables to invert one-way functions. As a different approach, we use the position of the given value in the table to invert it. The workload of finding a preimage of a given arbitrary digest value is 22n/3 steps by using 22n/3 memory, where n is both the digest size and the length of the chaining value. We give some extensions of the preimage attack on certain improved variants of MD constructions such as using output functions, incorporating the length of message blocks or using random salt values. Moreover, we introduce the notion of "near-preimage" and mount an attack to find near-preimages. We generalize the attack when the digest size is not equal to the length of chaining value. We have verified the results experimentally, in which we could find a preimage in one minute for the 40-bit hash function, whereas the exhaustive search took roughly one week on a standard PC. [ABSTRACT FROM AUTHOR]
- Published
- 2012
- Full Text
- View/download PDF
36. The cost of false alarms in Hellman and rainbow tradeoffs.
- Author
-
Hong, Jin
- Subjects
FALSE alarms ,CRYPTOGRAPHY ,ALGORITHMS ,MATHEMATICAL functions ,APPROXIMATION theory ,MATHEMATICAL mappings ,ITERATIVE methods (Mathematics) ,POLYNOMIALS - Abstract
Cryptanalytic time memory tradeoff algorithms are generic one-way function inversion techniques that utilize pre-computation. Even though the online time complexity is known up to a small multiplicative factor for any tradeoff algorithm, false alarms pose a major obstacle in its accurate assessment. In this work, we study the expected pre-image size for an iteration of functions and use the result to analyze the cost incurred by false alarms. We are able to present the expected online time complexities for the Hellman tradeoff and the rainbow table method in a manner that takes false alarms into account. We also analyze the effects of the checkpoint method in reducing false alarm costs. The ability to accurately compute the online time complexities will allow one to choose their tradeoff parameters more optimally, before starting the expensive pre-computation process. [ABSTRACT FROM AUTHOR]
- Published
- 2010
- Full Text
- View/download PDF
37. A novel secure and efficient hash function with extra padding against rainbow table attacks
- Author
-
Mun, Hyung-Jin, Hong, Sunghyuck, and Shin, Jungpil
- Published
- 2017
- Full Text
- View/download PDF
38. An Effective Login Authentication using Two Password Field and Multiple Hash Algorithm
- Author
-
Sumit Gautam
- Subjects
Password ,Computer science ,business.industry ,Hash function ,Computer security ,computer.software_genre ,One-time password ,S/KEY ,Password strength ,Rainbow table ,Hash chain ,Challenge–response authentication ,business ,computer ,Computer network - Published
- 2017
- Full Text
- View/download PDF
39. A novel secure and efficient hash function with extra padding against rainbow table attacks
- Author
-
Sunghyuck Hong, Jungpil Shin, and Hyung-Jin Mun
- Subjects
Zero-knowledge password proof ,Computer Networks and Communications ,Salt (cryptography) ,Computer science ,computer.internet_protocol ,Crypt ,Hash function ,02 engineering and technology ,Computer security ,computer.software_genre ,One-time password ,Padding ,Password strength ,S/KEY ,0202 electrical engineering, electronic engineering, information engineering ,Key stretching ,Syskey ,Key derivation function ,Password psychology ,Password ,Authentication ,Password policy ,Cognitive password ,Pass the hash ,Password cracking ,020206 networking & telecommunications ,Passphrase ,ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS ,Rainbow table ,Hash chain ,020201 artificial intelligence & image processing ,HMAC-based One-time Password Algorithm ,Challenge–response authentication ,computer ,Software - Abstract
User authentication is necessary to provide services on an application system and the Internet. Various authentication methods are used such as ID/PW, biometric, and OTP authentications. One of the popular authentications is ID/PW authentication. As an inputted password is transferred by one-way hash function and then stored in DB, it is difficult for the DB administrator to figure out the password inputted by the user. However, when DB is leaked, and there is the time to decode, the password can be hacked. The time and cost to decode the original message from the hash value corresponding a short password decrease. Therefore, if the password is short, then attacking cost is low, and password crack possibility is high. In the case where an attacker utilizes pre-computing rainbow tables, and the hash value of short passwords is leaked, the password that the user inputted can be cracked. In this research, to block rainbow table attacks, when the user generates a short password, by adding additional messages of identification information of a system or the user and extending the length of the password, we try to resolve the vulnerability of short passwords. By proposing a model to minimize the length of the password and the authority accordingly in mobile devices on which inputting passwords is not easy, we take security into consideration. Our proposal model is strong against rainbow table attack and provides efficient password system to users. It contributes to resolving password vulnerability and upgrades mobile users’ convenience in typing passwords.
- Published
- 2017
- Full Text
- View/download PDF
40. Analysis of the use of Rainbow Tables to break hash
- Author
-
Filip Holik, Lukáš Petr, Oldřich Horák, Josef Horalek, and Vladimir Sobeslav
- Subjects
Statistics and Probability ,Discrete mathematics ,0209 industrial biotechnology ,020901 industrial engineering & automation ,Theoretical computer science ,Rainbow table ,Artificial Intelligence ,Computer science ,Hash function ,0202 electrical engineering, electronic engineering, information engineering ,General Engineering ,020201 artificial intelligence & image processing ,02 engineering and technology - Abstract
Tento dokument seznamuje s vytvořenou aplikaci pro generovani Rainbow tabulek a výsledky testů s využitim Rainbow tables podle delky zvoleneho řetězce. Přispěvek prezentuje specializovanou aplikaci obsahujici vlastni algoritmy pro funkce redukce, změnu delky řetězce, generovani Rainbow tables a detailni měřeni efektivity při vyhledavani hesla. V ramci testů je dale popsana zavislost velikosti rainbow tables na delce hesla, ovlivněni hash vyhledavani podle velikosti zvoleneho řetězce a propojeni s kolizemi, ktere vyvstavaji z principu využiti redukcni funkce. Výsledky objektivně popisuji výhody a nevýhody využiti Rainbow tables a ukazuji možnosti a omezeni pro jejich efektivni využiti.
- Published
- 2017
- Full Text
- View/download PDF
41. An Improved Rainbow Table Attack for Long Passwords
- Author
-
Fei Yu, Lijun Zhang, and Cheng Tan
- Subjects
Password ,Zero-knowledge password proof ,Dictionary attack ,Salt (cryptography) ,Computer science ,business.industry ,Password cracking ,020206 networking & telecommunications ,02 engineering and technology ,Encryption ,Computer security ,computer.software_genre ,One-time password ,Password strength ,S/KEY ,Rainbow table ,0202 electrical engineering, electronic engineering, information engineering ,General Earth and Planetary Sciences ,020201 artificial intelligence & image processing ,business ,computer ,General Environmental Science - Abstract
The password recovery of popular encryption applications has great practical significance not only for the circumstance of retrieving forgotten password but also for assisting law enforcement officers to implement data forensics. In this paper, we propose an improved password recovery method based on rainbow table attack which enables the recovery feasibility of long human chosen passwords. We combine advantage of dictionary generator and rainbow table to produce an efficient and smart approach of cracking long and complicated passwords. We present the detailed attack process and algorithms of this novel cracking method including dictionary generator specification, transform rules configuration as well as the design of kernel functions in rainbow table attack. Finally, we also provide a practical test and relevant analysis of password recovery result.
- Published
- 2017
- Full Text
- View/download PDF
42. Implementation of high speed rainbow table generation using Keccak hashing algorithm on GPU
- Author
-
Keisuke Iwai, Thuong Nguyen Dat, Takashi Matsubara, and Takakazu Kurokawa
- Subjects
Password ,Search engine ,CUDA ,Rainbow table ,Xeon ,Computer science ,Hash function ,Rainbow ,Thread (computing) ,Parallel computing ,Software_PROGRAMMINGTECHNIQUES ,ComputingMethodologies_COMPUTERGRAPHICS - Abstract
This paper proposes the implementation of high speed rainbow table generation using Keccak hashing algorithm with the integrated development environment CUDA for GPU in the heterogeneous GPU+CPU system. Utilizing the GPU’s powerful capacity, the algorithm greatly improves the performance of rainbow chain generation by dispatching the pre-computation of rainbow chain to each GPU thread. The table generation speed on GPU+CPU system and CPU was compared by the configuration of chain length and number of chains in this paper. In addition, the password coverage rate of table generated by the proposed reduction function was evaluated.The speed-up of pre-computation on GPU GeForce GTX 1080 outperforms that on CPU Xeon E5-1620 v4 3.5GHz by 239 times when the chain length is 200.
- Published
- 2019
- Full Text
- View/download PDF
43. Cryptanalysis on the Head and Tail Technique for Hashing Passwords
- Author
-
Ruji P. Medina, Ariel M. Sison, and Michael Angelo D. Brogada
- Subjects
Password ,021110 strategic, defence & security studies ,Dictionary attack ,Computer science ,business.industry ,Hash function ,0211 other engineering and technologies ,Cryptography ,02 engineering and technology ,law.invention ,MD5 ,Rainbow table ,law ,Lookup table ,0202 electrical engineering, electronic engineering, information engineering ,020201 artificial intelligence & image processing ,Cryptanalysis ,business ,Algorithm - Abstract
Researchers and experts had developed numerous hash-based password authentication schemes. Inappropriately, most of them are susceptible to different attacks. This study centers on the process of performing cryptanalysis on the developed Head and Tail (HT) technique for hashing passwords. The research tested the HT technique in terms of its capacity to resist a dictionary attack, rainbow tables attack, and brute-force attack. To test the strength of the HT technique, HashCat, John the Ripper, RainbowCrack, and online cracking systems from crackstation.net and hashkiller.co.uk were used as tools for cracking. After the experiment, the result shows that the cracking tools failed to crack the HT technique. Further tests showed that generating a password-hash value pair or lookup table for MD5-HT and SHA1-HT is 16 times slower than standard MD5 and SHA1. Thus, the Head and Tail (HT) technique is a secured method for hashing passwords.
- Published
- 2019
- Full Text
- View/download PDF
44. New Encryption Method with Adaptable Computational and Memory Complexity Using Selected Hash Function
- Author
-
Mateusz Wojsa and Grzegorz Górski
- Subjects
021110 strategic, defence & security studies ,Blowfish ,Twofish ,Computer science ,business.industry ,Hash function ,0211 other engineering and technologies ,020206 networking & telecommunications ,02 engineering and technology ,Encryption ,Cipher ,Rainbow table ,0202 electrical engineering, electronic engineering, information engineering ,business ,Block size ,Algorithm ,Key size ,Block cipher - Abstract
In this paper, we describe the new method of data encryption/decryption with selectable block and key length and hash function. The block size directly improves the efficiency but also impacts on memory complexity of the presented solution. The choice of hash function length results in computational complexity and complicates attacks using rainbow tables. The algorithm is a modification of SP (Substitution-Permutation) concept with the use of static S-blocks and dynamically indexed block permutation. In further step, usage of chosen operational modes of the method (ECB, CBC, CTR) is presented. In the article there is the example with all the algorithm parameters i.e. input and output data, key value, hash function type and set of all method internal states. The efficiency of the solution was experimentally examined and compared with the most popular bock cipher algorithms e.g. AES, Serpent, BlowFish, TwoFish. The obtained initial results indicate that the new method can be dedicated especially for systems with high security requirements. The paper conclusions contain propositions of algorithm implementation optimizations and further research.
- Published
- 2019
- Full Text
- View/download PDF
45. An Approach to Defense Dictionary Attack with Message Digest Using Image Salt
- Author
-
Keecheon Kim and Sun Young Park
- Subjects
Theoretical computer science ,Dictionary attack ,business.industry ,Computer science ,Hash function ,020206 networking & telecommunications ,Image processing ,Cryptography ,02 engineering and technology ,Encryption ,Rainbow table ,Ciphertext ,0202 electrical engineering, electronic engineering, information engineering ,Cryptographic hash function ,020201 artificial intelligence & image processing ,business - Abstract
Hash algorithms have been widely used for cryptography. It has been impossible to decrypt the ciphertexts generated through hash algorithms, as an operation that damages the original text is performed. However, various methods of attack occurred over time after the algorithm was developed. The vulnerability of SHA1 (an old hash algorithm) has been revealed, and there has been a great deal of data available for dictionary attacks. Although the industry has been gradually refraining from using SHA1, it remains in use in some existing systems for various reasons. For example, when problems resulting from service interruption or mass update are critical, updating the encryption algorithm can be a burden. In this study, we aim to increase the complexity of ciphertexts by postprocessing hash ciphertext. For that, image salting techniques are used using two-dimensional array masking. This will allow the use of hash ciphertexts with increased complexity in some devices that are forced to use old hash algorithms for various reasons.
- Published
- 2019
- Full Text
- View/download PDF
46. The Function-Inversion Problem: Barriers and Opportunities
- Author
-
Henry Corrigan-Gibbs and Dmitry Kogan
- Subjects
Discrete mathematics ,0209 industrial biotechnology ,Hash function ,Random function ,0102 computer and information sciences ,02 engineering and technology ,Function (mathematics) ,01 natural sciences ,Inversion (discrete mathematics) ,law.invention ,020901 industrial engineering & automation ,Rainbow table ,010201 computation theory & mathematics ,law ,Cryptanalysis ,Advice (complexity) ,Block cipher ,Mathematics - Abstract
The task of function inversion is central to cryptanalysis: breaking block ciphers, forging signatures, and cracking password hashes are all special cases of the function-inversion problem. In 1980, Hellman showed that it is possible to invert a random function \(f{:}\,[N] \rightarrow [N]\) in time \(T = \widetilde{O}(N^{2/3})\) given only \(S = \widetilde{O}(N^{2/3})\) bits of precomputed advice about f. Hellman’s algorithm is the basis for the popular “Rainbow Tables” technique (Oechslin 2003), which achieves the same asymptotic cost and is widely used in practical cryptanalysis.
- Published
- 2019
- Full Text
- View/download PDF
47. Adivinando passwords. Una propuesta para su búsqueda eficiente
- Author
-
Mor Michael, Alejandro
- Subjects
Función resumen ,Password ,Identification ,Criptografía ,Grado en Ingeniería Informática-Grau en Enginyeria Informàtica ,Hash function ,Tabla del arco iris ,Identificación ,Rainbow table ,LENGUAJES Y SISTEMAS INFORMATICOS ,Criptography - Abstract
[ES] El acceso a los sistemas informáticos está desde siempre ligado a la utilización de palabras de paso o passwords. Por motivos de seguridad, los passwords se han almacenado de forma oculta en los sistemas, siendo habitualmente el resultado de la aplicación de una función resumen -o hash- sobre el password. Dichas funciones resumen tienen una gran relevancia para el mantenimiento seguro de los passwords. También son invertibles, con una probabilidad de colisión inversamente proporcional de forma exponencial al número de bits del resumen. Una aproximación para encontrar dichas colisiones se basa en la construcción de las denominadas tablas del arco iris, que emplean una aproximación time-memory trade-off (TMTO), mostrándose eficientes a la hora de encontrar colisiones y posibilitando el acceso no autorizado a los sistemas., [CA] L’accés al sistemes informàtics ha estat des-de sempre lligat a l’ús de paraules de pas o passwords. Per motius de seguretat, els passwords son emmagatzemats de forma oculta als sistemes, seguint habitualment el resultat de l’aplicació d’una funció resum -o hash- sobre el password. Aquestes funcions resum tenen una gran rellevància a l’hora de mantindre els passwords segurament. També son invertibles, amb una probabilitat de col·lisió inversament proporcional exponencialment al nombre de bits del resum. Una aproximació per a encontrar dites col·lisions son les denominades taules rainbow, que fan ús d’una aproximació time-memory trade-off (TMTO), mostrant-se eficients a l’hora d’encontrar col·lisions i possibilitant l’accés no autoritzat als sistemes., [EN] Access to computer systems has always been tied to the use of passwords. For security reasons, passwords are stored in an occult manner, being usually the result of a hash function on the password. Said hash functions are highly relevant for safe-keeping passwords. They are also reversible, having a collision probability inversely proportional exponentially to the number of bits in the hash. An approximation for finding such collisions is based in the generation of the so called rainbow tables, which make use of a time-memory trade-off (TMTO), showing efficiency when looking for those collisions and allowing unauthorised access to the systems.
- Published
- 2019
48. Grid Authentication: A Memorability and User Sentiment Study
- Author
-
Mohd Anwar and Paul Biocco
- Subjects
Password ,Authentication ,Dictionary attack ,Computer science ,02 engineering and technology ,021001 nanoscience & nanotechnology ,Login ,Computer security ,computer.software_genre ,Grid ,01 natural sciences ,Hash table ,010309 optics ,ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS ,Rainbow table ,0103 physical sciences ,0210 nano-technology ,computer - Abstract
Despite being one of the most crucial parts of online transactions, the most used authentication system, the username and password system, has shown to be weaker than ever. With the increase of processing power within computers, offline password attacks such as dictionary attacks, rainbow tables, and hash tables have become more effective against divulging account information from stolen databases. This has led to alternative solutions being proposed, such as logging in with a social media account or password managers, which do not replace the password entirely. Graphical alternatives have previously proposed, but none of them have become widely used. In a previous paper we proposed our own alternative called “Grid Authentication”, which would allow users to authenticate using a sequence of clicks on a colored Grid, shown to be resistant against offline password attacks. Now we have implemented and tested Grid Authentication’s memorability and recorded user sentiment data. Participants logged in using a newly created password, an 8-character password randomly generated for them, as well as used Grid Authentication scheme for three days each, once per day. We found that overall, Grid Authentication’s memorability was like a user chosen password, and far superior to the randomly generated 8-character password. We also observed that user’s overall sentiment towards Grid Authentication increased significantly after three days of regular use. Despite this, while sentiment over the system was overall positive, users perceived that they remembered the password more easily, perhaps given hints as to why alternative authentication types have not become widely used.
- Published
- 2019
- Full Text
- View/download PDF
49. Cued-Click Point Graphical Password Using Circular Tolerance to Increase Password Space and Persuasive Features
- Author
-
Debi Prasad Mishra, Karmajit Patra, Prajnya Priyadarsini Satapathy, and Bhushan Nemade
- Subjects
0106 biological sciences ,Zero-knowledge password proof ,Software_OPERATINGSYSTEMS ,Salt (cryptography) ,Computer science ,0211 other engineering and technologies ,02 engineering and technology ,01 natural sciences ,One-time password ,S/KEY ,Password strength ,World Wide Web ,Human–computer interaction ,Key stretching ,Syskey ,Key derivation function ,Password psychology ,General Environmental Science ,Password ,Authentication ,021110 strategic, defence & security studies ,tolerance ,Cognitive password ,Passphrase ,ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS ,Rainbow table ,cued-click point (CCP) ,password space ,General Earth and Planetary Sciences ,010606 plant biology & botany - Abstract
Graphical password can be used as an alternative to text based (alphanumeric) password in which users click on images to set their passwords. Text based password uses username and password. So recalling of password is necessary which may be a difficult one. Images are generally easier to be remembered than text and in Graphical password; user can set images as their password. Therefore graphical password has been proposed by many researchers as an alternative to text based password Graphical passwords can be applied to workstation, web log-in applications, ATM machines, mobile devices etc. This paper presents implementation of Cued click point (CCP) graphical password which uses circular tolerance. Then it is found that CCP with circular tolerance is better as compared to CCP with rectangular tolerance.
- Published
- 2016
- Full Text
- View/download PDF
50. Towards Improving Storage Cost and Security Features of Honeyword Based Approaches
- Author
-
Nilesh Chakraborty and Samrat Mondal
- Subjects
Honeyword ,Storage Cost ,Zero-knowledge password proof ,Computer science ,0211 other engineering and technologies ,02 engineering and technology ,Computer security ,computer.software_genre ,One-time password ,Password strength ,S/KEY ,Password ,Attack model ,Syskey ,General Environmental Science ,021110 strategic, defence & security studies ,Authentication ,Plaintext ,Adversary ,Inversion Attack ,ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS ,Rainbow table ,Security ,General Earth and Planetary Sciences ,Challenge–response authentication ,computer - Abstract
Password based authentication shows its vulnerability against inversion attack model in which adversary obtains plaintext password from its corresponding hashed value. To cope up with such attack, honeyword based authentication technique is introduced. In this technique, along with the original password of user, some dummy passwords or honeywords are also stored. Although this technique is good enough to address the aforementioned security breach, but use of additional storage to store the honeywords is still an overhead associated with such approach. In this paper, we have proposed few directions to minimize the storage cost of some of the existing honeyword generation approaches. We have even found that in some cases no additional storage overhead is required. A comparative analysis at the end also shows that the proposed techniques are able to raise some of the security features compared to existing honeyword generation approaches.
- Published
- 2016
- Full Text
- View/download PDF
Catalog
Discovery Service for Jio Institute Digital Library
For full access to our library's resources, please sign in.