An algorithm for securing user credentials by combining Encryption and Hashing method
Keywords:Encryption, Hashing, Security SHA 256, User credential.
AbstractInternet browsers, run on electronic devices usually preserve sensitive information, for example, client identifications. With present day innovation, most of the internet browsers uses password logins as an initial validation to demonstrate a client's individuality. Passwords perform as the primary safeguard against provoker manipulation. But, some internet browsers usually preserve client passwords in the records as plaintext. This saved client’s password help the attackers to promptly get client accreditations and break it. This paper proposes a new algorithm for the security of user credentials using the encryption and the hashing method. Specifically, the motivation behind this technique is to make sure about client identifications against data fraud. This approach ensures client accreditations utilizing a new algorithm that at the first stage keeps a password and then encrypt the password. After that, the respected encrypted data is hashed and sent to the internet browser server to store. This devised method is easy to develop and execution in the internet browser.
Chi-Kwong Chan and L.M. Cheng, “Cryptanalysis of a Timestamp-Based Password Authentication Scheme”, Computers & Security, Volume 21, Issue 1, pp. 74-76, 1st Quarter 2001.
W.C. Ku, HC Tsai and MJ Tsaur, “Stolen Verifier attack on an efficient smartcard-base one-time-password authentication scheme”, IEICE TRANSACTIONS on Communications, Vol.E87-B No.8 pp. 2374-237, 2004.
C.K. Koc, M. K. “A simple attack on recently introduced hash based strong password authentication scheme”, International Journal of Network Security, Vol.1, No.2, pp.77–80, 2005.
Katti, and K. M. “A hash based strong password authentication protocol with user anonymity”, International journal of Network Security, Vol.2, No.3, pp. 205–209, 2005.
W.C.Ku, H. C., “Two simple attacks on LSH's strong password authentication protocol”, ACM SIGPOS Operating Systems Review, Volume 37, Issue 4, pp. 26-31, October 2003.
IE Liao, CC Lee and MS Hwang, “A password authentication scheme over insecure networks”, Journal of computer and system science, pp. 727-740, 2006.
S. K. Sood, A. K. Sarje and K. Singh, "Cryptanalysis of password authentication schemes: Current status and key issues”, Proceeding of International Conference on Methods and Models in Computer Science (ICM2CS), Delhi, pp. 1-7, 2009.
X Zhuang, C. C., “A simple password authentication scheme based on geometric hashing function”, International Journal of Network Security, pp. 237-243, May, 2014.
M. H. Ali, E. S. Ismail and F. M. Hamzah, “A Practical and Secure Hash Function-Based Password Authentication Scheme”, Journal of Computer Science, pp. 954-960, July, 2019.
How to Cite
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).