Honey2Fish - A Hybrid Encryption Approach for Improved Password and Message Security

Abstract

Nowadays, there is an upsurge in reliance on web usage. Many of these web applications make use of password-based authentication. Ensuring a secure password protection mechanism is crucial for maintaining the overall confidentiality of computer systems. Despite extensive research on creating strong, reliable, confidential passwords, several challenges still exist. One such issue is weaker password-based encryption (PBE). This paper proposes Honey2Fish, a hybrid encryption approach that uses Honey encryption (HE) and Twofish for enhanced password and message security. A two-layer protection mechanism protects both the privacy of credentials and the messages. This approach provides improved performance and enhanced security while keeping the system’s overall complexity low for securing passwords and messages. The proposed solution uses honeywords to give bogus but justified data while encrypting with an incorrect password to safeguard against brute force attacks. This paper further examines contemporary honeyword creation algorithms and proposes a user-centric approach to avoid human error while entering passwords. The validation of the research suggests that Honey2Fish is useful and secure in real-life password-based authentications. The result shows Honey2Fish has an average of 50% avalanche property with good throughput.