Abstract

Computers are used in our everyday activities, with high volumes of users accessing provided services. One-factor authentication consisting of a username and a password is the common choice to authenticate users in the web. However, the poor password management practices are exploited by attackers that disclose the users’ credentials, harming both users and vendors. In most of these occasions the user data were stored in clear or were just processed by a cryptographic hash function. Password-hashing techniques are applied to fortify this user-related information. The standardized primitive is currently the PBKDF2 while other widely-used schemes include Bcrypt and Scrypt. The evolution of parallel computing enables several attacks in password-hash cracking. The international cryptographic community conducted the Password Hashing Competition (PHC) to identify new efficient and more secure password-hashing schemes, suitable for widespread adoption. PHC advanced our knowledge of password-hashing. Further analysis efforts revealed security weaknesses and novel schemes were designed afterwards. This paper provides a review of password-hashing schemes until the first quarter of 2017 and a relevant performance evaluation analysis on a common setting in terms of code size, memory consumption, and execution time.

Highlights

  • Attackers exploit the poor password management practises [1,2], exposing high volumes of user-related data [3,4]

  • This paper provides a review of password-hashing schemes until the first quarter of 2017 and a relevant performance evaluation analysis on a common setting in terms of code size, memory consumption, and execution time

  • Password-Based Key Derivation Function 2 (PBKDF2), Bcrypt, Scrypt, the nine Password Hashing Competition (PHC) finalists, and Balloon are executed on cygwin

Read more

Summary

Introduction

Attackers exploit the poor password management practises [1,2], exposing high volumes of user-related data [3,4]. Such attack announcements [5] cause considerable economic losses to the software vendor [6]. The user logins this data to authenticate himself and access the service [31,32,33]. Another utilization of passwords is the generation of cryptographic keys.

Methods
Results
Discussion
Conclusion
Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Cryptographic Extraction and Key Derivation: The HKDF Scheme
Hugo Krawczyk
-
Hugo KrawczykHugo Krawczyk
01 Jan 2009
Cryptanalytic time–memory trade-off for password hashing schemes
Donghoon Chang ... Sweta Mishra
International journal of information security | VOL. 18
Donghoon Chang, et. al.Donghoon Chang ... Sweta Mishra
17 Apr 2018
Cryptographic Module Based Approach for Password Hashing Schemes
Donghoon Chang ... Arpan Jati
-
Donghoon Chang, et. al.Donghoon Chang ... Arpan Jati
01 Jan 2015
Design and Analysis of Cryptographic Algorithms for Authentication
-
01 Jan 2017
View more papers

More From: Cryptography

Paper Title
Journal
Date
Author
A Novel Two-Level Protection Scheme against Hardware Trojans on a Reconfigurable CNN Accelerator
Zichu Liu ... Chen Yang
Cryptography | VOL. 8
Zichu Liu, et. al.Zichu Liu ... Chen Yang
04 Aug 2024
Evaluating the Security of Merkle Trees: An Analysis of Data Falsification Probabilities
Oleksandr Kuznetsov ... Oleksandr Domin
Cryptography | VOL. -
Oleksandr Kuznetsov, et. al.Oleksandr Kuznetsov ... Oleksandr Domin
01 Aug 2024
Entropy Analysis of FPGA Interconnect and Switch Matrices for Physical Unclonable Functions
Jenilee Jao ... Pavel Bochev
Cryptography | VOL. 8
Jenilee Jao, et. al.Jenilee Jao ... Pavel Bochev
15 Jul 2024
Improve Parallel Resistance of Hashcash Tree
Mario Alviano ... Giada Gabriele
Cryptography | VOL. 8
Mario Alviano, et. al.Mario Alviano ... Giada Gabriele
08 Jul 2024
View more papers