Evaluation of password hashing schemes in open source web platforms

Ntantogian, Christoforos; Malliaros, Stefanos; Xenakis, Christos

doi:10.1016/j.cose.2019.03.011

Cited by 22 publications

(17 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…It can be seen from the data that there were attempts to block or to takeover the control of the websites. Further analysis of the attack report clearly shows a large number generic attacks, exactly as we expected, aimed at the well-known address of the WCMS administrative panel, which is generally open, and which often has no available option to change [22]. This was the case with the Elxis WCMS observed, in which the security system collected this information because the attacker requested to log into a non-existent URL, and eventually the system detected it as a "Directory traversal attack".…”

Section: Analysis Of the Resultsmentioning

confidence: 61%

Security Challenges Behind the Development and Increased Use of Open Source Web Content Management Systems

Viduka

Kraguljac

Lavrnić

2020

JIOS

View full text Add to dashboard Cite

Nowadays the IT market is enriched with free Open Source Web Content Systems offers that are available to all users. No system is perfect, and some of them have better solutions in one segment but are more vulnerable in others and vice versa, all in order to be more user-friendly. The most common form of Content Management System (CMS) implemented on the Internet today is the Web Content Management System(WCMS). This solution includes numerous advantages for site administrators as well as communication with the site designer for all users in order to improve the content, through written remarks, opinions and evaluations of the site content, resulting in a more dynamic and interactive site. This modern approach offers users with a poor IT background the opportunity to be independent and creative in creating their own website. In this paper we present data collected from several websites monitored for various cyber-attacks. Moreover, we will describe and analyze security challenges that follow cyber-attacks. During the monitoring process we followed 15 web addresses over a period of nine months and collected 520 reports of various cyber-attacks. The following analysis presents the different kinds of attacks, their frequency and some of the ways to reduce cyber-attacks to the lowest possible level.

show abstract

Section: Analysis Of the Resultsmentioning

confidence: 61%

Security Challenges Behind the Development and Increased Use of Open Source Web Content Management Systems

Viduka

Kraguljac

Lavrnić

2020

JIOS

View full text Add to dashboard Cite

show abstract

“…As today's technology evolves, it has been found that many CMS frameworks and web applications use outdated hash functions, an arbitrary number of hash iterations. Notably, popular WordPress still uses MD5 with low hash iterations [18]. So in verifying the data security integrity of this certificate, SHA-256 hashing is applied which is more qualified.…”

Section: Literature Reviewmentioning

confidence: 99%

Hash Algorithm In Verification Of Certificate Data Integrity And Security

Anwar

Apriani²,

Adianita³

2021

att

View full text Add to dashboard Cite

The hash function is the most important cryptographic primitive function and is an integral part of the blockchain data structure. Hashes are often used in cryptographic protocols, information security applications such as Digital Signatures and message authentication codes (MACs). In the current development of certificate data security, there are 2 (two) types of hashes that are widely applied, namely, MD and SHA. However, when it comes to efficiency, in this study the hash type SHA-256 is used because it can be calculated faster with a better level of security. In the hypothesis, the Merkle-Damgård construction method is also proposed to support data integrity verification. Moreover, a cryptographic hash function is a one-way function that converts input data of arbitrary length and produces output of a fixed length so that it can be used to securely authenticate users without storing passwords locally. Since basically, cryptographic hash functions have many different uses in various situations, this research resulted in the use of hash algorithms in verifying the integrity and authenticity of certificate information.

show abstract

“…The research has examined some types of attacks that are effective against the current algorithm, such as dictionary attacks, the rainbow table attacks, and brute force attacks. Researchers have discussed the weakness in the solutions that are currently used to solve the weakness of the MD5 algorithm in Web applications [12].…”

Section: Introductionmentioning

confidence: 99%

A Novel Improvement With an Effective Expansion to Enhance the MD5 Hash Function for Verification of a Secure E-Document

Ali

Farhan

2020

IEEE Access

View full text Add to dashboard Cite

MD5 is a one-way cryptographic function used in various fields for maintaining data integrity. The application of a Hash function can provide much protection and privacy and subsequently reduce data usage. Most users are familiar with validating electronic documents based on a Hash function, such as the MD5 algorithm and other hash functions, to demonstrate the data integrity. There are many weaknesses of the current MD5 algorithm, mainly its failures and weaknesses against varying types of attacks, such as brute force attacks, rainbow table attacks, and Christmas attacks. Therefore, the method proposed in this paper enhances the MD5 algorithm by adding a dynamic variable length and a high efficiency that simulates the highest security available. Whereas the logistic system was used to encode ribonucleic acid (RNA) by generating a random matrix based on a new key that was created using the initial permutation (IP) tables used in the data encryption stander (DES) with the linear-feedback shift register (LFSR), this work proposes several structures to improve the MD5 hash function. The experimental results demonstrate its high resistance to hackers while maintaining a suitable duration. This paper discusses the design of a confident hash algorithm. This algorithm has characteristics that enable it to succeed in the field of digital authentication and data integrity.

show abstract

Evaluation of password hashing schemes in open source web platforms

Cited by 22 publications

References 16 publications

Security Challenges Behind the Development and Increased Use of Open Source Web Content Management Systems

Security Challenges Behind the Development and Increased Use of Open Source Web Content Management Systems

Hash Algorithm In Verification Of Certificate Data Integrity And Security

A Novel Improvement With an Effective Expansion to Enhance the MD5 Hash Function for Verification of a Secure E-Document

Contact Info

Product

Resources

About