Abstract
Password storage is one of the most important cryptographic topics through the time. Different systems use distinct ways of password storage. In this paper, we developed a new algorithm of password storage using dynamic Key-Hashed Message Authentication Code function (d-HMAC). The developed improved algorithm is resistant to the dictionary attack and brute-force attack, as well as to the rainbow table attack. This objective is achieved by using dynamic values of dynamic inner padding d-ipad, dynamic outer padding d-opad and user’s public key as a seed.
Highlights
Information systems in all kinds of organizations have to be aligned with the information security policy of these organizations
According to tests done for improved dynamic Key-Hashed Message Authentication Code function (d-HMAC) (Najjar, 2015), we proved in three different tests the strong cryptographic characteristics for d-HMAC, which make it a better tool used for password storage than HMAC
In d-HMAC, we can use any kind of known cryptographic hash functions
Summary
Information systems in all kinds of organizations have to be aligned with the information security policy of these organizations. The most important components of such policy in security management is access control and password management. We will focus on the password management component and mostly on the way of such passwords are stored in these information systems. Password is the oldest and still the primary access control technique used in information systems. We are proposing a new technique, which is superior to the existing known algorithms in the since that it yields good security for password storage and it is simple to use. In this algorithm, we are utilizing improved d-HMAC function, which is more resistance to RAINBOW attack than traditional HMAC. We will give a simple good introduction for the history of evolving the techniques used for password storage, which could be a good material and reference for the researchers and students interested in this subject
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have