Securing passwords from dictionary attack with character-tree

Abstract

Most websites use passwords for authenticating user identity and for allowing access to website resources that may contain sensitive information. A large number of people use dictionary words for creating passwords. These user passwords are subjected to one-way hash functions and are stored inside the database as corresponding hash values instead of plaintext. A potential hacker can use brute-force, rainbow table or dictionary attacks to get the input password from the hash values and the most reported real life hacks were done by cracking password hashes using dictionary attack. Currently, users are allowed to register in websites only with passwords that obey the security policies. It is noted that, even though passwords with certain patterns are accepted as strong by the existing policies, they are vulnerable for a dictionary attack based on those patterns. This paper proposes a novel method for ensuring security for passwords against such dictionary attacks. This method, checks strength of the user passwords using a dictionary which is stored as a character tree. This system helps to create strong password hashes that are resistant to dictionary attacks. This approach thus offers advanced and superior protection for passwords from cracking attempts.