Integrating Hashing with Encoding to Eliminate Password Managers

Authors

  • Aditya Ray  Student of Divya Bhaskar Public School, India
  • Aman Roy  Department of Computer Engineering, GHRCEM, India

Keywords:

Password, Hashing, Encoding, SHA-256, Password managers

Abstract

The Internet has created a utopia which enables us to access any information. However, This boon comes with a curse. Everyone is prone to attack. Textual passwords remain one of the most common authentication methods [1]. For being safe online, using strong and different passwords for each website is the way to go. As easy as it looks, in the real world, it becomes very unmanageable. Most people do not follow this norm. Few people who do, end up using password managers who have their own issues. The solution which we came up with uses hashing and encoding to generate passwords. Hashing will be done using the Secure Hash Algorithm(SHA-256). As far as the encoding is concerned, we are going to design our own procedure for producing a pseudo-random combination of letters. There are three counterparts for generating the secret key. One is the website/app name, which is variable. Remaining two is constant, i.e. password and key length all the time. In this algorithm, the secrecy of password is only essential. This method will allow the user to eliminate the role of password managers and also need not to worry about the strength of the password. This should be used as an ideal way of keeping track of passwords.

References

  1. Bosnjak, Leon & Brumen, Bostjan. (2019). Rejecting the death of passwords: Advice for the future. Computer Science and Information Systems. 16. 313-332. 10.2298/CSIS180328016B.
  2. McMillan, R. (2017, June 03). The World's First Computer Password? It Was Useless Too. Retrieved October 21, 2020, from https://www.wired.com/2012/01/computer-password/
  3. Hunt, T. (2017, August 03). Passwords Evolved: Authentication Guidance for the Modern Era. Retrieved October 21, 2020, from https://www.troyhunt.com/passwords-evolved-authentication-guidance-for-the-modern-era/
  4. Bachmann, "Passwords are Dead: Alternative Authentication Methods," 2014 IEEE Joint Intelligence and Security Informatics Conference, The Hague, 2014, pp. 322-322, doi: 10.1109/JISIC.2014.67.
  5. Jose, J., Tomy, T. T., Karunakaran, V., Varkey, A., & Nisha, C. A. (2016, March). Securing passwords from dictionary attack with character-tree. In 2016 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET) (pp. 2301-2307). IEEE.
  6. Pieprzyk, J., & Sadeghiyan, B. (1993). Design of hashing algorithms. Springer-Verlag.
  7. Gilbert, H., & Handschuh, H. (2003, August). Security analysis of SHA-256 and sisters. In International workshop on selected areas in cryptography (pp. 175-193). Springer, Berlin, Heidelberg.
  8. Appel, A. W. (2015). Verification of a cryptographic primitive: SHA-256. ACM Transactions on Programming Languages and Systems (TOPLAS), 37(2), 1-31.
  9. Yoshida, H., & Biryukov, A. (2005, August). Analysis of a SHA-256 variant. In International Workshop on Selected Areas in Cryptography (pp. 245-260). Springer, Berlin, Heidelberg.

International Journal of Scientific Research in Science, Engineering and Technology

Downloads

Published

2020-10-30

Issue

Volume 7, Issue 5, September-October-2020

Section

Research Articles

License

Copyright (c) IJSRSET

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

[1]
Aditya Ray, Aman Roy "Integrating Hashing with Encoding to Eliminate Password Managers" International Journal of Scientific Research in Science, Engineering and Technology (IJSRSET), Print ISSN : 2395-1990, Online ISSN : 2394-4099, Volume 7, Issue 5, pp.361-367, September-October-2020.