Browse > Article
http://dx.doi.org/10.9717/kmms.2020.24.1.058

A Study on the Variable and Dynamic Salt According to Access Log and Password  

Jeong, Jinho (DJ FAMILY)
Cha, Youngwook (Dept. of Computer Engineering, Andong National University)
Kim, Choonhee (Dept. of Electronic&Information Communication Engineering, Daegu Cyber University)
Publication Information
Journal of Korea Multimedia Society / v.24, no.1, 2021 , pp. 58-66 More about this Journal
Abstract
The user's password must be encrypted one-way through the hash function and stored in the database. Widely used hash functions such as MD5 and SHA-1 have also been found to have vulnerabilities, and hash functions that are considered safe can also have vulnerabilities over time. Salt enhances password security by adding it before or after the password before putting it to the hash function. In the case of the existing Salt, even if it is randomly assigned to each user, once it is assigned, it is a fixed value in a specific column of the database. If the database is exposed to an attacker, it poses a great threat to password cracking. In this paper, we suggest variable-dynamic Salt that dynamically changes according to the user's password during the login process. The variable-dynamic Salt can further enhance password security during login process by making it difficult to know what the Salt is, even if the database or source code is exposed.
Keywords
Password Security; Hashing; Access Log; Salt;
Citations & Related Records
연도 인용수 순위
  • Reference
1 The Ministry of Public Administration and Security (Personal Information Protection Policy), "Basic Measures for Securing Safety of Personal Information," 2019.
2 Korea Internet & Security Agency (KISA), "Personal Data Encryption Action Guide," 2019.
3 X. Wang, D. Feng, X. Lai, and H. Yu, "Collisions for Hash Functions MD4, MD5, HAVAL128 and RIPEMD," Cryptology ePrint Archive, Report 2004/199, pp. 1-4, 2004.
4 M. Stevens, E. Bursztein, P. Karpman, A. Albertini, and Y. Markov, "The First Collision for Full SHA-1," CRYPTO 2017, pp. 1-23, 2017.
5 P.N. Patel, J.K. Patel and P.V. Virparia, "A Cryptography Application using Salt Hash Technique," International Journal of Application or Innovation in Engineering & Management (IJAIEM), Vol. 2, Issue 6, 2013.
6 PHP.net. https://www.php.net/manual/en/function.md5.php (accessed August 17, 2020).
7 LAUGHFOOL's LAB. https://laughfool.tistory.com/16 (accessed August 17, 2020).
8 The security ledger. https://securityledger.com/2012/12/new-25-gpu-monster-devours-passwords-in-seconds/ (accessed August 17, 2020).
9 Samsung Electronics Co. Ltd., User Device Performing Password Based Authentication and Password Registration and Authentication Method Thereof, 10-2014-0024427, Korea, 2007.
10 Safe Saving Password. https://d2.naver.com/helloworld/318732 (accessed August 17, 2020).
11 S. Boonkrong and C. Somboonpattanakit, "Dynamic Salt Generation and Placement for Secure Password Storing," IAENG International Journal of Computer Science, Vol. 43, pp. 27-36, 2016.
12 A. Karrar, T. Almutiri, S. Algrafi, N. Alalwi, and A. Alharbi, "Enhancing Salted Password Hashing Technique Using Swapping Elements in an Array Algorithm," International Journal of Computer Science and Technology, Vol. 9, Issue. 1, pp. 21-25, 2018.
13 Privacy Statement/Security Notice/Accessibility Statement. https://www.nist.gov/privacypolicy (accessed August 17, 2020).
14 N. Nagaraj, V. Vaidya, and P.G. Vaidya, "Revisiting the One-Time Pad," International Journal of Network Security, Vol. 6, No. 1, pp. 94-102, 2008.
15 How Secure Is My Password?. https://howsecureismypassword.net (accessed August 17, 2020).
16 Statista. https://www.statista.com/statistics/744216/worldwide-distribution-of-password-length/ (accessed August 17, 2020).