Title :
Analysis of password login phishing based protocols for security improvements
Author :
Khayal, S.H. ; Khan, A. ; Bibi, N. ; Ashraf, T.
Author_Institution :
Dept. of Comput. Sci. & Software Eng., Fatima Jinnah Women Univ., Rawalpindi, Pakistan
Abstract :
Password is a key to secret authentication data and is most widely used for security purposes therefore it is open to attacks such as phishing attack. Phishing is a form of Internet fraud, which phisher applies to steal online consumer´s personal identity data and financial account credentials. In this paper, we analyze a technique of password hashing, to compute secure passwords. Using this mechanism, we can obtain hash value by applying a cryptographic hash function to a string consisting of the submitted password and, usually, another value known as a salt. The salt value consists of current parameters of the system and prevents attackers from building a list of hash values for common passwords. MD5 and SHA1 are frequently used cryptographic hash functions. We implemented these algorithms and found that SHA-1 is more secure but slow in execution as SHA-1 includes more rounds than MD5 in calculating hashes.
Keywords :
Internet; cryptography; invasive software; Internet; MD5 hash function; SHA1 hash function; cryptographic hash function; password hashing; phishing attack; salt value; secret authentication data; security improvements; Authentication; Computer hacking; Computer security; Cryptography; Data security; Dictionaries; Internet; Protection; Protocols; Uniform resource locators; Cryptographic Hash Function; Encryption; Password; Phishing attack; Salt value;
Conference_Titel :
Emerging Technologies, 2009. ICET 2009. International Conference on
Conference_Location :
Islamabad
Print_ISBN :
978-1-4244-5630-7
Electronic_ISBN :
978-1-4244-5631-4
DOI :
10.1109/ICET.2009.5353144
