Thumbnail Image
Item

Secure Passwords Through Enhanced Hashing

Strahs, Benjamin
Abstract
Passwords play a critical role in online authentication. Unfortunately, passwords suffer from two seemingly intractable problems: password cracking and password theft. In this paper, we propose PasswordAgent, a new password hashing mechanism that utilizes both a salt repository and a browser plug-in to secure web logins with strong passwords. Password hashing is a technique that allows users to remember simple low-entropy passwords and have them hashed to create high-entropy secure passwords. PasswordAgent generates strong passwords by enhancing the hash function with a large random salt. With the support of a salt repository, it gains a much stronger security guarantee than existing mechanisms. PasswordAgent is not vulnerable to offline attacks, and it provides stronger protection against password theft. Moreover, PasswordAgent offers usability advantages over existing hash-based mechanisms, while maintaining users' familiar password entry paradigm. We build a prototype of PasswordAgent and conduct usability experiments.
Description
Thesis is part of Honors ETD pilot project, 2008-2013. Migrated from Dspace in 2016.
Date
2009-04-28
Journal Title
Journal ISSN
Volume Title
Publisher
Collections
Undergraduate Honors Theses
Show all metadata
Download Dataset
Files
StrahsBenjamin2009.pdf
Adobe PDF696.48 KB
Rights Holder
Usage License
Embargo
Research Projects
Organizational Units
Journal Issue
Keywords
Phishing password hashing
Citation
Advisor
Wang, Haining
Kearns, Phil
Davies, Paul
Department
Computer Science
DOI
URI
https://scholarworks.wm.edu/handle/internal/11929
Embedded videos