nach oben

Erschienen in:

2015 | OriginalPaper | Buchkapitel

Cryptographic Module Based Approach for Password Hashing Schemes

verfasst von : Donghoon Chang, Arpan Jati, Sweta Mishra, Somitra Kumar Sanadhya

Erschienen in: Technology and Practice of Passwords

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Password Hashing is the technique of performing one-way transformation of the password. One of the requirements of password hashing algorithms is to be memory demanding to provide defense against hardware attacks. In practice, most Cryptographic designs are implemented inside a Cryptographic module, as suggested by NIST in a set of standards (FIPS 140). A cryptographic module has a limited memory and this makes it challenging to implement a password hashing scheme (PHS) inside it.

In this work, we propose a novel approach to allow a limited memory cryptographic module to be used in the implementation of a high memory password hashing algorithm. We also analyze all the first round entries of the Password Hashing Competition (PHC) to evaluate the suitability of the submitted algorithms to be implemented with a Cryptographic module. We graphically show that the submissions to the PHC can be securely implemented in a crypto-module following our suggestion. To the best of our knowledge, this is the first attempt in the direction of secure implementation of password hashing algorithms.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel On Password Guessing with GPUs and FPGAs

Nächstes Kapitel Password-Manager Friendly (PMF): Semantic Annotations to Improve the Effectiveness of Password Managers

The references added are with respect to the versions uploaded in the first round submissions to PHC. Updated analysis on revised versions will be made available in a forth coming version of this paper which will be uploaded on IACR Cryptology ePrint Archive.

FIPS PUB 140–2, Security Requirements for Cryptographic Modules. Federal Information Processing Standards Publication (Supercedes FIPS PUB 140–1, 11 January 1994) (2001). http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf

Password Hashing Competition (PHC) (2014). https://password-hashing.net/index.html

Alvarez, R.: CENTRIFUGE - A password hashing algorithm. Submission to Password Hashing Competition (PHC) (2014). https://password-hashing.net/submissions/specs/Centrifuge-v0.pdf

Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Duplexing the sponge: single-pass authenticated encryption and other applications. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 320–337. Springer, Heidelberg (2012) CrossRef

Biryukov, A., Khovratovich, D.: ARGON v1: Password Hashing Scheme. Submission to Password Hashing Competition (PHC) (2014). https://password-hashing.net/submissions/specs/Argon-v1.pdf

Cappos, J.: PolyPassHash: Protecting Passwords In The Event Of A Password File Disclosure. Submission to Password Hashing Competition (PHC) (2014). https://password-hashing.net/submissions/specs/PolyPassHash-v0.pdf

Chang, D., Jati, A., Mishra, S., Sanadhya, S.K.: Rig: a simple, secure and flexible design for password hashing. In: Lin, D., Yung, M., Zhou, J. (eds.) Inscrypt 2014. LNCS, vol. 8957, pp. 361–381. Springer, Heidelberg (2015)

Cox, B.: TwoCats (and SkinnyCat): A Compute Time and Sequential Memory Hard Password Hashing Scheme. Submission to Password Hashing Competition (PHC) (2014). https://password-hashing.net/submissions/specs/TwoCats-v0.pdf

Dürmuth, M., Zimmermann, R.: AntCrypt. Submission to Password Hashing Competition (PHC) (2014). https://password-hashing.net/submissions/specs/AntCrypt-v0.pdf

10.

Enright, B.: Omega Crypt (ocrypt). Submission to Password Hashing Competition (PHC) (2014). https://password-hashing.net/submissions/specs/OmegaCrypt-v0.pdf

11.

Forler, C., Lucks, S., Wenzel, J.: The Catena Password-Scrambling Framework. Submission to Password Hashing Competition (PHC) (2014). https://password-hashing.net/submissions/specs/Catena-v2.pdf

12.

Franke, D.: The EARWORM Password Hashing Algorithm. Submission to Password Hashing Competition (PHC) (2014). https://password-hashing.net/submissions/specs/EARWORM-v0.pdf

13.

Gosney, J.M.: The Pufferfish Password Hashing Scheme. Submission to Password Hashing Competition (PHC) (2014). https://password-hashing.net/submissions/specs/Pufferfish-v0.pdf

14.

Simplicio Jr., M.A., Almeida, L.C., Andrade, E.R., dos Santos, P.C.F., Barreto, P.S.L.M.: The Lyra2 reference guide. Submission to Password Hashing Competition (PHC) (2014). https://password-hashing.net/submissions/specs/Lyra2-v1.pdf

15.

Kapun, E.: Yarn password hashing function. Submission to Password Hashing Competition (PHC) (2014). https://password-hashing.net/submissions/specs/Yarn-v2.pdf

16.

Maslennikov, M.: Password Hashing Scheme MCS PHS. Submission to Password Hashing Competition (PHC) (2014). https://password-hashing.net/submissions/specs/MCS_PHS-v2.pdf

17.

Mubarak, H.: Lanarea DF. Submission to Password Hashing Competition (PHC) (2014). https://password-hashing.net/submissions/specs/Lanarea-v0.pdf

18.

Percival, C.: Stronger key derivation via sequential memory-hard functions. In: BSDCon (2009). http://www.bsdcan.org/2009/schedule/attachments/87_scrypt.pdf

19.

Peslyak, A.: yescrypt - a Password Hashing Competition submission. Submission to Password Hashing Competition (PHC) (2014). https://password-hashing.net/submissions/specs/yescrypt-v0.pdf

20.

Pintér, K.: Gambit - A sponge based, memory hard key derivation function. Submission to Password Hashing Competition (PHC) (2014). https://password-hashing.net/submissions/specs/Gambit-v1.pdf

21.

Pornin, T.: The MAKWA Password Hashing Function. Submission to Password Hashing Competition (PHC) (2014). https://password-hashing.net/submissions/specs/Makwa-v0.pdf

22.

Sch, T.: Tortuga - Password hashing based on the Turtle algorithm. Submission to Password Hashing Competition (PHC) (2014). https://password-hashing.net/submissions/specs/Tortuga-v0.pdf

23.

Schaller, R.R.: Moore’s law: past, present, and future. IEEE Spectr. 34, 52–59 (1997)CrossRef

24.

Thomas, S.: battcrypt (Blowfish All The Things). Submission to Password Hashing Competition (PHC) (2014). https://password-hashing.net/submissions/specs/battcrypt-v0.pdf

25.

Thomas, S.: Parallel. Submission to Password Hashing Competition (PHC) (2014). https://password-hashing.net/submissions/specs/Parallel-v0.pdf

26.

Vuckovac, R.: schvrch. Submission to Password Hashing Competition (PHC) (2014). https://password-hashing.net/submissions/specs/Schvrch-v0.pdf

27.

Wu, H.: POMELO: A Password Hashing Algorithm. Submission to Password Hashing Competition (PHC) (2014). https://password-hashing.net/submissions/specs/POMELO-v1.pdf

Titel: Cryptographic Module Based Approach for Password Hashing Schemes
verfasst von: Donghoon Chang
Arpan Jati
Sweta Mishra
Somitra Kumar Sanadhya
Verlag: Springer International Publishing
Buch: Technology and Practice of Passwords
Print ISBN: 978-3-319-24191-3

Electronic ISBN: 978-3-319-24192-0

Copyright-Jahr: 2015
DOI: https://doi.org/10.1007/978-3-319-24192-0_3

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"