skip to main content

Hash Value Security Improvement of PCS Password using Signed Binary Operation

Kecilin.id, Indonesia

Received: 8 Mar 2024; Revised: 8 May 2024; Accepted: 14 May 2024; Available online: 31 May 2024; Published: 31 May 2024.
Editor(s): Prajanto Adi
Open Access Copyright (c) 2024 The authors. Published by Department of Informatics, Universitas Diponegoro
Creative Commons License This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Citation Format:
Abstract

Convenience and security have always been inversely related requirements in data protection systems. Users want a short and simple password that is easy to remember. On the other hand, the system that is widely used in securing user data, especially passwords, is using a one-way message digest. In addition, users are also required to use complex passwords through a combination of letters, numbers, and symbols. It aims to increase security but a complex password will make it difficult for users to remember their passwords. Even though a complex password does not necessarily make it secure because it's still on a PCS which is vulnerable to hacking. Moreover, in the current development of cybersecurity science where password hacking systems are very easy to obtain and can be used by anyone to find hash value of password on PCS quickly. A preliminary test that has been carried out proves that even complex passwords can be hacked easily. This study proposes the use of a code extension system for passwords before the hashing process is carried out through two simple schemes C1 and C2 through bitwise xor and addition operators respectively. The code from the password data is mapped out of PCS by using a unique value of data. Experimental results show that the C1 scheme is able to thwart hacking attempts by 80%, while C2 is able to increase the security of alphanumeric passwords by up to 90%. The proposed method is able to make a simple but strong password system.

Fulltext View|Download
Keywords: data security, password, code extension, message digest, hash value

Article Metrics:

  1. Q. Guo et al., “PUFPass: A password management mechanism based on software/hardware codesign,” Integration, vol. 64, no. July 2018, pp. 173–183, 2019, doi: 10.1016/j.vlsi.2018.10.003
  2. Y. Guo, Z. Zhang, and Y. Guo, “Optiwords: A new password policy for creating memorable and strong passwords,” Comput. Secur., vol. 85, pp. 423–435, 2019, doi: 10.1016/j.cose.2019.05.015
  3. R. R. Asaad, “Penetration Testing: Wireless Network Attacks Method on Kali Linux OS,” Acad. J. Nawroz Univ., vol. 10, no. 1, p. 7, 2021, doi: 10.25007/ajnu.v10n1a998
  4. B. Hitaj, P. Gasti, G. Ateniese, and F. Perez-Cruz, PassGAN: A deep learning approach for password guessing, vol. 11464 LNCS. Springer International Publishing, 2019
  5. C. Ntantogian, S. Malliaros, and C. Xenakis, “Evaluation of password hashing schemes in open source web platforms,” Comput. Secur., vol. 84, pp. 206–224, 2019, doi: 10.1016/j.cose.2019.03.011
  6. G. Kim, S. Kim, M. Park, Y. Park, I. Lee, and J. Kim, “Forensic analysis of instant messaging apps: Decrypting Wickr and private text messaging data,” Forensic Sci. Int. Digit. Investig., vol. 37, p. 301138, 2021, doi: 10.1016/j.fsidi.2021.301138
  7. M. Park, G. Kim, Y. Park, I. Lee, and J. Kim, “Decrypting password-based encrypted backup data for Huawei smartphones,” Digit. Investig., vol. 28, pp. 119–125, 2019, doi: 10.1016/j.diin.2019.01.008
  8. S. F. Dyson, W. J. Buchanan, and L. Bell, “Scenario-based creation and digital investigation of ethereum ERC20 tokens,” Forensic Sci. Int. Digit. Investig., vol. 32, p. 200894, 2020, doi: 10.1016/j.fsidi.2019.200894
  9. R. Hranický, L. Zobal, O. Ryšavý, and D. Kolář, “Distributed password cracking with BOINC and hashcat,” Digit. Investig., vol. 30, pp. 161–172, 2019, doi: 10.1016/j.diin.2019.08.001
  10. A. Kanta, I. Coisel, and M. Scanlon, “A survey exploring open source Intelligence for smarter password cracking,” Forensic Sci. Int. Digit. Investig., vol. 35, p. 301075, 2020, doi: 10.1016/j.fsidi.2020.301075
  11. S. Mamonov and R. Benbunan-fich, “Computers in Human Behavior The impact of information security threat awareness on privacy-protective behaviors,” Comput. Human Behav., vol. 83, pp. 32–44, 2018, doi: 10.1016/j.chb.2018.01.028
  12. A. Kanta, S. Coray, I. Coisel, and M. Scanlon, “Forensic Science International : Digital Investigation How viable is password cracking in digital forensic investigation ? Analyzing the guessability of over 3 . 9 billion real-world accounts,” Forensic Sci. Int. Digit. Investig., vol. 37, p. 301186, 2021, doi: 10.1016/j.fsidi.2021.301186

Last update:

No citation recorded.

Last update: 2024-12-26 17:33:54

No citation recorded.