The Security of Key Derivation Functions in WINRAR

Chen, Jie; Zhou, Jun; Pan, Kun; Lin, Shuqiang; Zhao, Cuicui; Li, Xiaochao

doi:10.4304/jcp.8.9.2262-2268

Cited by 3 publications

(2 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It was also used in Blackberry and IOS systems [46]. It is also used in TrueCrypt, WPA2, WinRAR [47] and many more.…”

Section: Pbkdf2: Password Based Key Derivation Functionmentioning

confidence: 99%

Evolution and State of the Art in Password Storage

KOCATEKİN

2023

Eskişehir Türk Dünyası Uygulama Ve Araştırma Merkezi Bilişim Dergisi

View full text Add to dashboard Cite

Passwords have historically been pivotal for access control and authentication, yet their security remains a recurring concern in today’s digital world. As evidenced by high-profile data breaches, secure password storage has always been paramount, but often not achieved. While users grapple with the creation of strong, memorable passwords, the burden also falls on service providers to store these passwords securely. Even though alternative authentication mechanisms have emerged, password-based authentication remains pervasive. Surprisingly, studies highlight that developers frequently exhibit misconceptions or negligence towards password storage security. This paper traces the progression of password storage methods by explaining four password hashing methods. By informing of four modern password storage systems, this work seeks to bridge the knowledge gap, advocating for better practices and illuminating the significance of prioritizing security alongside functionality.

show abstract

“…It was also used in Blackberry and IOS systems [46]. It is also used in TrueCrypt, WPA2, WinRAR [47] and many more.…”

Section: Pbkdf2: Password Based Key Derivation Functionmentioning

confidence: 99%

Evolution and State of the Art in Password Storage

KOCATEKİN

2023

Eskişehir Türk Dünyası Uygulama Ve Araştırma Merkezi Bilişim Dergisi

View full text Add to dashboard Cite

show abstract

“…Compared with other physical and biological characteristics of the authentication schemes, password-based message authentication scheme is widely employed [3]. Generally speaking, passwords chosen from a relatively small space (or have a low entropy) is vulnerable to exhaustive password-search attacks and dictionary attacks.…”

Section: Introductionmentioning

confidence: 99%

On the Security Analysis of PBKDF2 in OpenOffice

Zhao¹,

Pan²,

Lin³

et al. 2015

JSW

Self Cite

View full text Add to dashboard Cite

Password-based KDF2 (PBKDF2) is widely used in file authentication mechanism and file encryption which could produce a derived key more than 160 bits long. In this paper, the security of PBKDF2 algorithm and its implementation in OpenOffice are analyzed in two modes: CSP-secure mode (Chosen Single Parameter) and CMP-secure mode (Chosen Multiple Parameters). The theoretical security of PBKDF2 is proved in CSP-secure mode by using Game-Playing technology to quantify the upper bound of adversary's advantage. However, a security flaw is explored in CMP-secure mode. This paper presents three proposals to address the security flaw. With the theoretical derivation, the actual safety of the OpenOffice encrypted file has been discussed under the latest developments for GPU-accelerated key recovery attack capability.

show abstract