Authentication and password storing improvement using SXR algorithm with a hash function

Jakkapong Polpong, Pongpisit Wuttidittachotti

Abstract


Secure password storing is essential in systems working based on password authentication. In this paper, SXR algorithm (Split, Exclusive OR, and Replace) was proposed to improve secure password storing and could also be applied to current authentication systems. SXR algorithm consisted of four steps. First, the received password from users was hashed through a general hash function. Second, the ratio and the number of iterations from the secret key (username and password) were calculated. Third, the hashed password and ratio were computed, and the hashed password was divided based on the ratio (Split) into two values. Both the values were applied to XOR equation according to the number of iterations, resulting in two new values. Last, the obtained values were concatenated and stored in the database (Replace). On evaluating, complexity analyses and comparisons has shown that SXR algorithm could provide attack resistance with a stronger hashed password against the aforementioned attacks. Consequently, even if the hackers hacked the hashed password, it would be challenging and would consume more time to decrypt the actual one, because the pattern of the stored password is the same as the one that has been hashed through the general hash function.

Keywords


Hash Function; Password Security; Secure Password Storage; Dictionary Attacks

Full Text:

PDF


DOI: http://doi.org/10.11591/ijece.v10i6.pp6582-6591

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

International Journal of Electrical and Computer Engineering (IJECE)
p-ISSN 2088-8708, e-ISSN 2722-2578

This journal is published by the Institute of Advanced Engineering and Science (IAES) in collaboration with Intelektual Pustaka Media Utama (IPMU).