Improved hashing and honey-based stronger password prevention against brute force attack

Moe, Khin Su Myat; Win, Thanda

doi:10.1109/isesd.2017.8253295

Cited by 17 publications

(6 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…User Login, When the user attempts login to his account, the login server checks the honeypot (Fake and legitimate accounts, the fake is set up by the administrator to detect the breaches) [33][34][35]. If his/her account is fakes then an alarm is sent to the administrative as a possible breach, else the account is legitimate then hashed the password of the user and compared to its database of sweetwords and sent (Check: i, j) to the honeychecker [36,37].…”

Section: Honeywordsmentioning

confidence: 99%

A Scrutiny of Honeyword Generation Methods: Remarks on Strengths and Weaknesses Points

Yasser

Sadiq

Al-Hamdani

2022

Cybernetics and Information Technologies

View full text Add to dashboard Cite

Honeyword system is a successful password cracking detection system. Simply the honeywords are (False passwords) that are accompanied to the sugarword (Real password). Honeyword system aims to improve the security of hashed passwords by facilitating the detection of password cracking. The password database will have many honeywords for every user in the system. If the adversary uses a honeyword for login, a silent alert will indicate that the password database might be compromised. All previous studies present a few remarks on honeyword generation methods for max two preceding methods only. So, the need for one that lists all preceding researches with their weaknesses is shown. This work presents all generation methods then lists the strengths and weaknesses of 26 ones. In addition, it puts 32 remarks that highlight their strengths and weaknesses points. This research has proved that every honeyword generation method has many weaknesses points.

show abstract

Section: Honeywordsmentioning

confidence: 99%

A Scrutiny of Honeyword Generation Methods: Remarks on Strengths and Weaknesses Points

Yasser

Sadiq

Al-Hamdani

2022

Cybernetics and Information Technologies

View full text Add to dashboard Cite

show abstract

“…e adversary has at least a (1-(1/k)) chance of picking a honeyword if the honeyword is as flat as possible (i.e., 1/k flat) [25,26]. For example, in the complete flat honeywords, if the sweetwrods k � 25, the adversary has a (1/25 � 4%) chance of selecting a sugarword and a (1-4% � 96%) for selecting a honeyword [27].…”

Section: Honeywordsmentioning

confidence: 99%

A Proposed Harmony Search Algorithm for Honeyword Generation

Yasser

Sadiq

Al-Hamdani

2022

Advances in Human-Computer Interaction

View full text Add to dashboard Cite

The honeyword system is a password cracking detection technique that aims to improve the security of hashed passwords by making password cracking simpler to detect. Many honeywords (false passwords) accompany the sugarword (true password) to form the sweetwords (false and true passwords) for every user. If the attacker signs in using a honeyword, a silent alarm trigger shows that the honeyword system might be compromised. Many honeyword generation techniques are presented; each one has a flaw in the generating process, a lack of support for all honeyword characteristics, and a slew of honeyword problems. The harmony search algorithm (HSA), a metaheuristic intelligence algorithm inspired by music, is used in this article to offer a novel method for generating honeyword. The suggested honeyword generation technique will enhance the generating process, enhance honeyword characteristics, and address prior approaches’ shortcomings. This paper will show several previous honeyword generation techniques, explain the suggested one, discuss the experimental findings, and compare the new honeyword generation method with the previous ones.

show abstract

“…String password lebih sering disimpan dalam bentuk hash, yakni metode enkripsi dengan skema satu arah. Artinya string password yang telah di-hash tidak dapat diketahui nilai aslinya [2].…”

Section: Pendahuluanunclassified

“…Brute force dilakukan dengan melakukan percobaan kombinasi username dan password yang sudah dimiliki dalam word-lists sampai mendapatkan response "true" dari sesi login. Brute force dilakukan secara otomatis oleh program, dengan membaca dan mengirim kombinasi username dan password setiap interval waktu tertentu [2], [3].…”

Section: Pendahuluanunclassified

Two Factor Authentication Berbasis SMS pada Layanan Single Sign-On Universitas Mataram

Mardiansyah¹,

Zubaidi

et al. 2021

J-Cosine

View full text Add to dashboard Cite

Keamanan merupakan bagian yang penting dalam hal transaksi elektronik. Sistem informasi di Universitas Mataram secara umum menggunakan metode username dan password untuk melakukan autentikasi (Single Factor Authentication - SFA). Metode SFA rentan dengan serangan brute force terhadap layanan Single Sign On (SSO). Untuk menangkal serangan brute force, penelitian ini mengusulkan implementasi Two Factor Authentication (TFA) berbasis SMS pada SSO. Penelitian ini menemukan pengujian yang dilakukan dengan melakukan analisa pada simulasi serangan brute force tidak dapat menembus akses dari akun pengguna. Pengujian lainnya dengan menggunakan metode User Experience Questionnaire (UEQ) menemukan skor pada aspek Pragmatis adalah 1,927 (Excellent), pada aspek Hedonis adalah 1,667 (Excellent), dan secara keseluruhan adalah 1,797 (Excellent).

show abstract

Improved hashing and honey-based stronger password prevention against brute force attack

Cited by 17 publications

References 1 publication

A Scrutiny of Honeyword Generation Methods: Remarks on Strengths and Weaknesses Points

A Scrutiny of Honeyword Generation Methods: Remarks on Strengths and Weaknesses Points

A Proposed Harmony Search Algorithm for Honeyword Generation

Two Factor Authentication Berbasis SMS pada Layanan Single Sign-On Universitas Mataram

Contact Info

Product

Resources

About