A Study on the Security of Password Hashing Based on GPU Based, Password Cracking using High-Performance Cloud Computing

In This paper the current security of various password hashing schemes that are in use today will be investigated through practical proof of concept – GPU based, password hash dump cracking using the power of cloud computing. The focus of this paper is to show the possible use of cloud computing in cracking hash dumps and the way to countermeasures them by using secure hashing algorithm and using complex passwords

Authentication Methods and Password Cracking

Na začátku této práce porovnáváme dnes běžně používané metody autentizace a také mluvíme o historii, současnosti a budoucnosti zabezpečení hesel. Později využíváme nástroj Hashcat k experimentům s útoky hrubou silou a slovníkovými útoky, které zrychlujeme s pomocí Markovových modelů a pravidel pro manipulaci se slovy. Porovnáváme také dva hardwarové přístupy --- běžný počítač a cloud computing. Nakonec na základě našich poznatků práci uzavíráme souborem doporučení na prolamování hesel s důrazem na hardware, velikost datové sady a použitou hašovací funkci.In the beginning of this thesis, we compare authentication methods commonly used today and dive into the history, state of the art as well as the future of password security. Later on, we use the tool Hashcat to experiment with brute-force and dictionary attacks accelerated with Markov models and word mangling rules. We also compare two hardware approaches --- regular computer and cloud computing. Based on our findings, we finally conclude with a set of password-cracking recommendations with focus on hardware, dataset size and used hash function

A New Approach in Expanding the Hash Size of MD5

The enhanced MD5 algorithm has been developed by expanding its hash value up to 1280 bits from the original size of 128 bit using XOR and AND operators. Findings revealed that the hash value of the modified algorithm was not cracked or hacked during the experiment and testing using powerful bruteforce, dictionary, cracking tools and rainbow table such as CrackingStation, Hash Cracker, Cain and Abel and Rainbow Crack which are available online thus improved its security level compared to the original MD5. Furthermore, the proposed method could output a hash value with 1280 bits with only 10.9 ms additional execution time from MD5. Keywords: MD5 algorithm, hashing, client-server communication, modified MD5, hacking, bruteforce, rainbow table

Modified SHA1: A Hashing Solution to Secure Web Applications through Login Authentication

The modified SHA1 algorithm has been developed by expanding its hash value up to 1280 bits from the original size of 160 bit. This was done by allocating 32 buffer registers for variables A, B, C and D at 5 bytes each. The expansion was done by generating 4 buffer registers in every round inside the compression function for 8 times. Findings revealed that the hash value of the modified algorithm was not cracked or hacked during the experiment and testing using powerful online cracking tool, bruteforce and rainbow table such as CrackingStation and Rainbow Crack and bruteforcer which are available online thus improved its security level compared to the original SHA1

A State-of-the-Art Survey for IoT Security and Energy Management based on Hashing Algorithms

The Internet of Things (IoT) has developed as a disruptive technology with wide-ranging applications across several sectors, enabling the connecting of devices and the acquisition of substantial volumes of data. Nevertheless, the rapid expansion of networked gadgets has generated substantial apprehensions pertaining to security and energy administration. This survey paper offers a detailed examination of the present state of research and advancements in the field of Internet of Things (IoT) security and energy management. The work places special emphasis on the use of hashing algorithms in this context. The security of the Internet of Things (IoT) is a crucial element in safeguarding the confidentiality, integrity, and availability of data inside IoT environments. Hashing algorithms have gained prominence as a fundamental tool for enhancing IoT security. This survey reviews the state of the art in cryptographic hashing techniques and their application in securing IoT devices, data, and communication. Furthermore, the efficient management of energy resources is essential to prolong the operational lifespan of IoT devices and reduce their environmental impact. Hashing algorithms are also instrumental in optimizing energy consumption through data compression, encryption, and authentication. This survey explores the latest advancements in energy-efficient IoT systems and how hashing algorithms contribute to energy management strategies. Through a comprehensive analysis of recent research findings and technological advancements, this survey identifies key challenges and open research questions in the fields of IoT security and energy management based on hashing algorithms. It provides valuable insights for researchers, practitioners, and policymakers to further advance the state of the art in these critical IoT domains

Design and Implementation of Multilevel Secure Database in Website

Multi-tier web server systems are used in many importantcontexts and their security is a major cause of concern.Such systems can exploit strategies. In this paper, a model was present based onthree-tier architecture (Client tier, Server tier and Database tier) and applying multilevel security on it. The database server tier consists of the DBMS or the database management system and the database and we built it off-line to reduce unauthorized access to sensitive data. The Client tier, which is usually a web browser, processes and displays HTML resources, issues HTML requests and processes the responses. These web browsers are HTTP clients that interact with the Web servers using standard protocols. The Middle or application server tier consists most of the application logic. Inputs receives from the clients and interacts with the database but only the results sent to application server then to client. This achieved by using multilevel of security to protect database, using Authorization, Password Encryption. The process of authorization done by allowing the access to proposed system pages depending on authorized level; Password encrypted using bcrypt with fallbacks on sha-256/512 with key stretching to protect it from cracking by any types of attack. Client-to-Application Server Protocol (CAP) uses the RC4A algorithm to provide data confidentiality to secure transmitted information from application server to client. Keywords: Authentication, Multi-tier model, Multi-Tier Security, Security, Data protection, Internet security

Wi-Fi tracking : what about privacy

National audienceTracking individuals is a major issue today. Several methods exist, but they are limited you to user interaction. A new way of tracking is based on Wi-Fi which does not need any user cooperation. However this method involves new privacy threats. This paper verify if the existing solutions to protect the privacy are secure enough. The tracking system is based on Wi-Fi sensors installed in different locations to monitor and record packets sent by Wi-Fi-enabled devices. The identification process is possible thanks to the MAC address contained in each packet. However this unique identifier is bound to the user and has to be securely stored. Tracking individuals has plenty of applications. Studying the habit of customers in shop center is a service offered by several new specialized companies. We analyze which kind of protection are used, where and how data are stored. One commonly used protection is the one-way hash function. Studying the MAC1 addresses' distribution leads us to develop an attack. Finally, a test platform is built to validate or not the solutions or think to new ones