Secure Passwords Through Enhanced Hashing

Author

Benjamin Strahs, College of William and Mary

Date Thesis Awarded

4-2009

Access Type

Honors Thesis -- Access Restricted On-Campus Only

Degree Name

Bachelors of Science (BS)

Department

Computer Science

Advisor

Haining Wang

Committee Members

Phil Kearns

Paul Davies

Abstract

Passwords play a critical role in online authentication. Unfortunately, passwords suffer from two seemingly intractable problems: password cracking and password theft. In this paper, we propose PasswordAgent, a new password hashing mechanism that utilizes both a salt repository and a browser plug-in to secure web logins with strong passwords. Password hashing is a technique that allows users to remember simple low-entropy passwords and have them hashed to create high-entropy secure passwords. PasswordAgent generates strong passwords by enhancing the hash function with a large random salt. With the support of a salt repository, it gains a much stronger security guarantee than existing mechanisms. PasswordAgent is not vulnerable to offline attacks, and it provides stronger protection against password theft. Moreover, PasswordAgent offers usability advantages over existing hash-based mechanisms, while maintaining users' familiar password entry paradigm. We build a prototype of PasswordAgent and conduct usability experiments.

Recommended Citation

Strahs, Benjamin, "Secure Passwords Through Enhanced Hashing" (2009). Undergraduate Honors Theses. William & Mary. Paper 242.
https://scholarworks.wm.edu/honorstheses/242

Creative Commons License

This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License.

Comments

Thesis is part of Honors ETD pilot project, 2008-2013. Migrated from Dspace in 2016.