Secure password storing is essential in systems working based on password authentication. In this paper, SXR algorithm (Split, Exclusive OR, and Replace) was proposed to improve secure password storing and could also be applied to current authentication systems. SXR algorithm consisted of four steps. First, the received password from users was hashed through a general hash function. Second, the ratio and the number of iterations from the secret key (username and password) were calculated. Third, the hashed password and ratio were computed, and the hashed password was divided based on the ratio (Split) into two values. Both the values were applied to XOR equation according to the number of iterations, resulting in two new values. Last, the obtained values were concatenated and stored in the database (Replace). On evaluating, complexity analyses and comparisons has shown that SXR algorithm could provide attack resistance with a stronger hashed password against the aforementioned attacks. Consequently, even if the hackers hacked the hashed password, it would be challenging and would consume more time to decrypt the actual one, because the pattern of the stored password is the same as the one that has been hashed through the general hash function.

Hash Function; Password Security; Secure Password Storage; Dictionary Attacks