期刊名称:International Journal of Computer Science & Technology
印刷版ISSN:2229-4333
电子版ISSN:0976-8491
出版年度:2018
卷号:9
期号:1
页码:21-25
语种:English
出版社:Ayushmaan Technologies
摘要:The importance of internet has become highly valid environment for organizations and governments due to providing services and easily dealing with e-commerce and government services. All of these services are provided to registered users which an organization store their profiles in its databases. User’s profile may contain sensitive information such as passwords, credit card numbers, and personal data. One of most concerned issues is how to protect this sensitive information. However, a dictionary attack, brute force attack and rainbow table are the most common ways of guessing passwords in cryptanalysis. As a result, salted password hashing technique one of most efficient ways to protect user’s passwords. In cryptography, a salt is random string appending or prepending to original user’s password before enter it hash function. This is paper will provide guidelines to use this technique to increase efficiency for preventing dictionary attack, brute force attacks and rainbow table from guessing users’ passwords. Also, this paper will provide an algorithm to improve salted password hashing technique by swapping elements in array which work to rearrange the user’s password and salt before send it to hash function. For example, suppose the user’ password is “123” and the salt is “abc”. The common way is use hash(user’ password, salt) – hash(123abc). This algorithm is to reorder user’s password and salt to become like “a1bc23” and then send it to hash function. Also in common using of salted password hashing technique the salt is storing in database without any changes, therefore this algorithm we will rearrange the salt before storing it in database. This algorithm will make guessing the password more difficultbecause isolating the password and the salt from each other through the final hashes will become very difficult.
