Abstract

Passwords still remain the most popular method of user authentication. Passwords appear to be the easiest way of registration and logging into remote services such as websites. However, passwords also appear to be the most insecure authentication method. One of the most popular attack techniques aimed at compromising passwords is to leak their hashes directly from their storage location to be cracked offline. The paper presents an authentication method with passwords, which complicates carrying out the attacks that succeed in extracting information sufficient for password cracking. The authentication method is called dynamic key password authentication (DKAuth). The method is based on a password 'blurring' using a number of network hosts. The 'blurring' is performed by encryption of password hash with a key that is not stored anywhere. The key is divided into parts and distributed among a number of different hosts. The key is modified for every password and changes due to change of the number of hosts in the system. Storage and authentication of a dynamic key is arranged so that it can never be recovered completely, that is even assuming cracking or rearrangement of each and every host where DKAuth key data is stored, an adversary will not be able to recover hashes and will have to crack them by brute-force attack. Practical implementation of DKAuth as an authentication service for external websites demonstrated low time and computational requirements for user registration and authentication.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.