Filters








32,624 Hits in 4.4 sec

Design and Analysis of Password-Based Key Derivation Functions [chapter]

Frances F. Yao, Yiqun Lisa Yin
2005 Lecture Notes in Computer Science  
A password-based key derivation function (KDF) -a function that derives cryptographic keys from a password -is necessary in many security applications.  ...  Like any password-based schemes, such KDFs are subject to key search attacks (often called dictionary attacks).  ...  One basic approach for designing a password-based key derivation function is to derive the key from the password p and a random known value s (called salt), by applying a function H (such as hash, keyed  ... 
doi:10.1007/978-3-540-30574-3_17 fatcat:oel3mi24xbavhkwjrtbtxiihxu

Design and Analysis of Password-Based Key Derivation Functions

F.F. Yao, Y.L. Yin
2005 IEEE Transactions on Information Theory  
A password-based key derivation function (KDF) -a function that derives cryptographic keys from a password -is necessary in many security applications.  ...  Like any password-based schemes, such KDFs are subject to key search attacks (often called dictionary attacks).  ...  One basic approach for designing a password-based key derivation function is to derive the key from the password p and a random known value s (called salt), by applying a function H (such as hash, keyed  ... 
doi:10.1109/tit.2005.853307 fatcat:qs6yz2guerhqlfeovwgmzhj4ci

A Security Analysis of Two Commercial Browser and Cloud Based Password Managers

Rui Zhao, Chuan Yue, Kun Sun
2013 2013 International Conference on Social Computing  
Both of them are Browser and Cloud based Password Managers (BCPMs), and both of them have millions of active users worldwide.  ...  We hope our analysis and suggestions could also be valuable to other cloud-based data security products and research.  ...  To perform both derivations, LastPass uses a variation of the deterministic password-based key derivation function PBKDF2 specified in RFC 2898 [39] .  ... 
doi:10.1109/socialcom.2013.70 dblp:conf/socialcom/ZhaoYS13 fatcat:7mp7xbx4gzdxxarl2vngu3xw74

Password-Hashing Status

George Hatzivasilis
2017 Cryptography  
Another utilization of passwords is the generation of cryptographic keys. The Key-Derivation Functions (KDF) [34] derive one or more cryptographic keys that are based on an input password.  ...  PHC advanced our knowledge of password-hashing. Further analysis efforts revealed security weaknesses and novel schemes were designed afterwards.  ...  Blowfish key schedule H/s Hashes per second HMAC Keyed-Hash Message Authentication Code KDF Key Derivation Function PBKDF2 Password-Based Key Derivation Function 2 PPBKDF Parallel password based  ... 
doi:10.3390/cryptography1020010 fatcat:klnw5tucinfwfoxwe5zlpsepwi

SAFEPASS - Presenting a Convenient, Portable and Secure Password Manager

Onur Hakbilen, Piraveen Perinparajan, Michael Eikeland, Nils Ulltveit-Moe
2018 Proceedings of the 4th International Conference on Information Systems Security and Privacy  
SAFEPASS is a password manager implemented as a self-contained application, developed with principles and ideas based on industry best practices and analysis of existing popular password managers.  ...  All password managers try to solve the same problem of avoiding bad passwords and poor user habits when managing passwords.  ...  ACKNOWLEDGEMENTS This research has been supported by the Centre for Integrated Emergency Management at University of Agder, Norway.  ... 
doi:10.5220/0006603102920303 dblp:conf/icissp/HakbilenPEU18 fatcat:col6l3i4wvgedgzbarkw3ea6cy

Secure Login Mechanism for Online Banking

Ahmad Syahir, Chuah Chai Wen
2018 JOIV: International Journal on Informatics Visualization  
This research investigates the mechanism for an existing online banking in Malaysia including the design of the login mechanism, the encryption algorithm used for the password and the security level of  ...  Output from the mathematical analysis is the probability that the adversary may break the security of login application.  ...  ACKNOWLEDGMENT This research was supported by RMC UTHM and Gates IT Solution Sdn. Bhd.  ... 
doi:10.30630/joiv.2.3-2.136 fatcat:rx3gcsotbjglzajvqlqplwm5jq

On the Security Analysis of PBKDF2 in OpenOffice

Xiaochao Li, Cuicui Zhao, Kun Pan, Shuqiang Lin, Xiurong Chen, Benbin Chen, Deguang Le, Donghui Guo, Xiaochao Li
2015 Journal of Software  
Password-based KDF2 (PBKDF2) is widely used in file authentication mechanism and file encryption which could produce a derived key more than 160 bits long.  ...  With the theoretical derivation, the actual safety of the OpenOffice encrypted file has been discussed under the latest developments for GPU-accelerated key recovery attack capability.  ...  Hence, password-based key derivation functions are used to resist these attacks which transform a non-uniformly distribution source of raw keying material to cryptographically strong secret keys.  ... 
doi:10.17706/jsw.10.2.116-126 fatcat:digdkqmpz5dtpc7ytbaxc346se

Lightweight Password Hashing Scheme for Embedded Systems [chapter]

George Hatzivasilis, Ioannis Papaefstathiou, Charalampos Manifavas, Ioannis Askoxylakis
2015 Lecture Notes in Computer Science  
Lightweight cryptography focuses in designing schemes for such devices and targets moderate levels of security.  ...  At first, we design two lightweight versions of the PHC schemes Catena and PolyPassHash. Then, we integrate them and implement the proposed scheme -called LightPolyPHS.  ...  The Password-Based Key Derivation Function 2 (PBKDF2) [1] is the only standardized scheme (RSA Laboratories' Public-Key Cryptography Standards (PKCS) series (PKCS #5 v2.0) and the RFC 2898).  ... 
doi:10.1007/978-3-319-24018-3_17 fatcat:njwna6vt4vdrxi4z633tahrjlq

Using FPGAs to Parallelize Dictionary Attacks for Password Cracking

Yoginder S. Dandass
2008 Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008)  
The initial FPGA implementation incorporates four password-derived encryption key generation units operating at a frequency of 150MHz and is capable of processing over 510 passwords per second.  ...  This paper describes an FPGA-based hardware implementation of the standard PKCS#5 technique published by RSA Laboratories for generating password-derived encryption keys.  ...  of Windows and Linux. password derived encryption key (PDEK) from a user password, a salt value, and a specified number of iterations [5] .  ... 
doi:10.1109/hicss.2008.484 dblp:conf/hicss/Dandass08 fatcat:b52cvkerobfudmyq4ewvelbec4

All your browser-saved passwords could belong to us

Rui Zhao, Chuan Yue
2013 Proceedings of the third ACM conference on Data and application security and privacy - CODASPY '13  
Unfortunately, the designs of all those Browser-based Password Managers (BPMs) have severe security vulnerabilities.  ...  Password manager is one of the most popular approaches designed to address these challenges by saving users' passwords and later automatically filling the login forms on behalf of users.  ...  Using PBKDF2 [20] , our SSMP-based key derivation and password encryption process consists of five steps illustrated in Formulas 1, 2, 3, 4, and 5.  ... 
doi:10.1145/2435349.2435397 dblp:conf/codaspy/ZhaoY13 fatcat:wrnn3bluona75fstkiggauedgu

Securing Password Authentication for Web-based Applications [article]

Teik Guan Tan and Pawel Szalachowski and Jianying Zhou
2020 arXiv   pre-print
In this paper, we apply a threat analysis on the web password login process, and uncover a design vulnerability in the HTML field.  ...  The use of passwords and the need to protect passwords are not going away. The majority of websites that require authentication continue to support password authentication.  ...  , we propose the use of Password-Based Key Derivation Function 2 (PBKDF2) [30] as the strong one-way function to transform the password.  ... 
arXiv:2011.06257v1 fatcat:l4xha34lunahrkuouigp4tbq34

Toward a secure and usable cloud-based password manager for web browsers

Rui Zhao, Chuan Yue
2014 Computers & security  
Password manager, particularly Browser-based Password Manager (BPM), is one of the most popular approaches designed to address these challenges by saving users' passwords and later automatically filling  ...  Moreover, we propose a novel Cloud-based Storage-Free BPM (CSF-BPM) design to achieve a high level of security with the desired confidentiality, integrity, and availability properties.  ...  Acknowledgement The authors sincerely thank anonymous reviewers for their valuable suggestions and comments. This research was supported in part by the U.S.  ... 
doi:10.1016/j.cose.2014.07.003 fatcat:quzgsw6orbagppaldpahal3a6a

The Security of Key Derivation Functions in WINRAR

Jie Chen, Jun Zhou, Kun Pan, Shuqiang Lin, Cuicui Zhao, Xiaochao Li
2013 Journal of Computers  
Password based key derivation function (PBKDF) is the core of the WINRAR security mechanism.  ...  According to the latest developments for GPU-based exhaustive password search attacks, we do some experiments and draw a conclusion that if the length of password is longer than 6, the WINRAR and later  ...  Therefore, we add iteration count and a specific string called salt in password-based key derivation functions (KDFs) to increase the workload of exhaustive password search attacks and dictionary attacks  ... 
doi:10.4304/jcp.8.9.2262-2268 fatcat:n5pyok6ppze5xdv62umbwn3kay

AuthStore: Password-based Authentication and Encrypted Data Storage in Untrusted Environments [article]

Clemens Zeidler, Muhammad Rizwan Asghar
2018 arXiv   pre-print
We present a compact password-authenticated key exchange protocol (CompactPAKE) that integrates the retrieval of password stretching parameters.  ...  A parameter attack is described and we show how existing solutions suffer from this attack. Furthermore, we introduce a password manager that supports CompactPAKE.  ...  In order to strengthen the user password, we use a Key Derivation Function (KDF) to derive a strong base key.  ... 
arXiv:1805.05033v1 fatcat:bapnnudadjfyxmcg2raznm5toa

Self-Encrypting Deception: Weaknesses in the Encryption of Solid State Drives

Carlo Meijer, Bernard van Gastel
2019 2019 IEEE Symposium on Security and Privacy (SP)  
For many models, these security weaknesses allow for complete recovery of the data without knowledge of any secret (such as the password).  ...  In reality, we found that many models using hardware encryption have critical security weaknesses due to specification, design, and implementation issues.  ...  This functionality greatly benefits our analysis, as it allows the device's memory to be inspected and manipulated at runtime. We found that the X600 derives the DEK from the user password.  ... 
doi:10.1109/sp.2019.00088 dblp:conf/sp/MeijerG19 fatcat:3cf5pg72kfecbmseais4hwif3y
« Previous Showing results 1 — 15 out of 32,624 results