[show abstract] [hide abstract]
ABSTRACT: Password is a key to secret authentication data and is most widely used for security purposes therefore it is open to attacks such as phishing attack. Phishing is a form of Internet fraud, which phisher applies to steal online consumer's personal identity data and financial account credentials. In this paper, we analyze a technique of password hashing, to compute secure passwords. Using this mechanism, we can obtain hash value by applying a cryptographic hash function to a string consisting of the submitted password and, usually, another value known as a salt. The salt value consists of current parameters of the system and prevents attackers from building a list of hash values for common passwords. MD5 and SHA1 are frequently used cryptographic hash functions. We implemented these algorithms and found that SHA-1 is more secure but slow in execution as SHA-1 includes more rounds than MD5 in calculating hashes.
International Conference on Emerging Technologies 2009; 10/2009