The Efficiency of using Salt Against Password Attacking

Main Article Content

Wachana Khowfa
Onsiri Silasai

Abstract

            Password is used in the process of authentication and gaining the access right to get into the system, therefore, password must be stored in secured place and away from any type of password attack. Hash function is used to protect plain text password whenever the password is attacked. However, hashed value of password generated from the faster hashing formulation can still be easy to break. Another technique to provide strength to password is adding a set of string called salt into password before performing hash function. The objectives of this study included 1) to enhance the security of weak password and 2) to evaluate if the position of placing salted value has significant to the strength of the password. This research stared from selecting 10 weak passwords. The position of placing salted value consists of 1) prefix 2) suffix and 3) inserted salt which considered by the frequency alphabet used. When high rate of letter using is found, salt value will be placed after that particular letter. After the process of placing salt, all passwords are performed the password attacking via Dictionary Attack and Brute Force Attack. The result stated that the use of salt can significantly enhance the level of difficulty and complexity to crack password and can improve the attack resistance level of weak password to meet the same security level as strong password. Moreover, the position of salt insertion has notable significance to the security level of password which consists of frequency letter.

Article Details

How to Cite
Khowfa, W., & Silasai, O. (2019). The Efficiency of using Salt Against Password Attacking. JOURNAL OF SOUTHERN TECHNOLOGY, 12(1), 217–227. Retrieved from https://so04.tci-thaijo.org/index.php/journal_sct/article/view/103246
Section
Research Manuscript

References

Aggarwal, S., Goyal, N., & Aggarwal, K. (2014). A review of comparative study of MD5 and SHA security algorithm.
International Journal of Computer Applications, 104(14), 1-4.
Boonkrong, S. (2012). Security of Password. Information Technology Journal, 8(2),
112 - 117
Boonkrong, S., & Somboonpattanakit, C. (2016). Dynamic Salt generation and placement for secure password storing.
International Journal of Computer Science, 43(1), 1 - 10.
Chester, J. A. (2015). Analysis of Password Cracking Methods & Applications. University of Akron: Ohio’s Polytechnic
University.
Grauer, Y. (2017). 2016's Worst Passwords Are Just As Bad As 2015's (So Please Tell Me Yours Is Not On The List).
Retrieved from https://www.forbes.com.
Grimes, R. A. (2015). All you need to know about the move to SHA-2 encryption. Retrieved from
https://www.infoworld.com.
Hern, A. (2017). As easy as 123456: the 25 worst passwords revealed. Retrieved from https://www.theguardian.com.
Jense, B. (2013). 5 Myths of Password Security. Retrieved from https://stormpath.com /blog/5-myths-password-
security.
Kioon, M. C. A., Wand, Z., & Das, S. D. (2013). Security Analysis of MD5 Algorithm in Password Storage. The 2nd
International Symposium on Computer, Communication, Control and Automation.
Letter Frequencies.org. (2016, November). Retrieved from https://letterfrequency.org/
Majumder, J. (2012). Dictionary Attack on MD5 hash. International Journal of Engineering Research and Applications,
2(3), 721 - 724.
Ogini, N. O., & Ogwara, N. O. (2014). Securing Database passwords using a combination of hashing and salting
techniques. International Journal of Computer Science, 2(8), 52 - 58.
Patel, P. N., Patel, J. K., & Virparia, P. V. (2013). A Cryptography application using salt hash technique. International
Journal of Application or Innovation in Engineering & Management, 2(6), 236 - 239.
Provos, N., & Mazières, D. (1999). A Future-Adaptable Password Scheme. The FREENIX Track: 1999 USENIX Annual
Technical Conference.
Raheja, S., Verma, S., & Raheja, S. (2014). Review and Analysis of hashing techniques. International Journal of
Advanced Research in Computer Science and Software Engineering, 4(5), 292 - 295
Raza, M., Iqbal, M., Sharif, M., & Haider, W. (n.d.). A Survey of password attacks and comparative analysis on methods
for secure authentication. World Applied Sciences Journal, 9(4), 439 - 444.
SHA. (2016, September). Retrieved from https://www.w3.org
SHA256. (2016, November). Retrieved from https://www.quadibloc.com.
Somboonpattanakit, C., & Boonkrong, S. (2014). Secure Password Storing using Dynamic Salt Selection with Hash
Function. The Tenth National Conference on Computing and Information Technology, (pp. 240 – 245).
Sriramya, P., & Karthika, R. A. (2015). Providing Password security by salted password hashing using bcrypt algorithm.
ARPN Journal of Engineering and Applied Science, 10(13), 5551 - 5556.
Stallings, W. (2014). Cryptography and Network Security Principles and Practices. (6. Edition, Ed.) Pearson.
Sulleyman, A. (2017). Most popular passwords of 2016 are desperately weak yet again, study finds. Retrieved from
https://www.independent.co.uk/news
Tasevski, P. (n.d.). Password Attacks and Generation Strategies.