期刊名称:International Journal of Innovative Research in Computer and Communication Engineering
印刷版ISSN:2320-9798
电子版ISSN:2320-9801
出版年度:2014
卷号:2
期号:12
出版社:S&S Publications
摘要:These days, most of the Internet Services use a single server model, where a single server is used tostore the encrypted password. But, in case this server gets compromised, whole of the user’s data is lost. So, to addressthis problem we may use multiple servers to store a single user password.In this paper we present the technique of using two servers for storing the encrypted password. Here, firstly we aredividing the user’s password into two parts, then encrypting it and storing it into two separate servers. Further, theoriginal password is retrieved by decrypting and combing the two parts of the password. Our system has a number ofother features. Like in our system, only a front-end service server interacts directly with the users while a controlserver which does not interact with the user remains behind the scene; therefore, it can be directly implemented tostrengthen the existing single-server password system that uses only a single server to store the password. In addition,the system is secure against various kinds of attack like the Brute Force Attack which may be either Dictionary attackor exhaustive search.
关键词:Password Authentication; Two Server Concept; AES; Brute Force Attack
