Journal: Volume 22, No. 4, 2017
Pages: 111 – 117
552 Views

Provision of user passwords protection in authentication procedures

Оlena Panasko, Maryna Khrolenko

Abstract

The article is devoted to the study of the approach to ensuring the user passwords protection, which play a decisive role in the implementation of authentication, authorization and audit security systems of using password-based hashing with the addition of so-called "salt" – a string of random data that is submitted to the input of hash functions simultaneously with source data. The analysis of known methods of attack on the authentication system, which is associated with the receipt of passwords for their hash values, which include, in particular, the bruteforce method, dictionary search, the use of special data structures - search tables, various modifications, in particular, "rainbow" tables is shown in this article. Given the current information and technical capabilities, it is not possible to completely prevent these attacks, but it is advisable to reduce their effectiveness. On the basis of the analysis, a direction is considered that can provide protection of user passwords due to the difficulty of restoring output passwords on their hash values for pre-formed "rainbow" tables, which is based on the use of hashing with the additional value which is known as "salt"

Keywords

authentication; authorization; protection systems; user password; hashing; "rainbow" tables; Salt Hash Technique

References

  1. Shnayer, B. (2002) Applied Cryptography: Protocols, Algorithms, and Source Code in C. Moscow: Triumf, 2002, 610 p.
  2. Gorbenko, I.D. (1998) Hashing functions. Concepts, requirements, classification, properties and applications. Radyoelektronyka y ynformatyka, No. 1, pp. 64-69.
  3. "Salty" hashing of passwords: we do it right. URL: http://www.internet-technologies.ru/ articles/article_1807.html.
  4. Chunarova, A.V. (2012) Analysis of existing patterns of authentication systems in information and communication systems and networks. Bezpeka informatsii, No. 2, pp. 65-70.
  5. Yesina, M.V., Horbenko, I.D. (2014) Multifactor Authentication: Using two-factor authentication mechanisms to protect against unauthorized access. Kompyuternoe modelirovanie v naukoemkih tehnologiyah (KMNT2014): Trudyi nauchno- tehnicheskoy konferentsii s mezhdunarodnyim uchastiem, 28-31 maya 2014 g. Harkov: Harkovskiy natsio nalnyiy universitet im. V. N. Karazina, pp. 159-162.
  6. Password    hashing. URL: http://phpfaq.ru/tech/hashing.
  7. Dictionary attacks on hash functions. URL:  http://www.panasenko.ru/articles/168/168.html.
  8. Pritesh, N.A, Jigisha, K., Paresh, V. (2013) Cryptography Application using Salt Hash Technique. International Journal of Application or Innovation in Engineering & Management, No. 6, pp. 236-239.

Suggested citation

Panasko, O., & Khrolenko, M. (2017). Provision of user passwords protection in authentication procedures. Bulletin of Cherkasy State Technological University, 22(4), 111-117.