loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Authors: Francesco Buccafurri ; Vincenzo De Angelis and Sara Lazzaro

Affiliation: Department of Information Engineering, Infrastructure and Sustainable Energy (DIIES), Università Mediterranea di Reggio Calabria, Via dell’Università 25, 89122 Reggio Calabria, Italy

Keyword(s): Passwords, Authentication, Salt, Dictionary Attacks.

Abstract: One of the threats to password-based authentication is that the attacker is able to steal the password file from the server. Despite the fact that, thanks to the currently adopted security mechanisms such as salt, pepper, and key derivation functions, it is very hard for the attacker to reverse the password file, dedicated hardware is available that can make this attack feasible. Therefore, there is still a need to better counter password-file reversing. In this paper, we propose a new mechanism, called ginger, which can be combined with the above mechanisms, to increase the robustness of password-based authentication against password-file reversing. Unlike pepper and salt, ginger is stored client-side, and enables a stateful authentication process. A careful security analysis shows the benefits of the proposed innovation.

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.21.247.221

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Buccafurri, F. ; De Angelis, V. and Lazzaro, S. (2022). The Ginger: Another Spice to Hinder Attacks on Password Files. In Proceedings of the 18th International Conference on Web Information Systems and Technologies - WEBIST; ISBN 978-989-758-613-2; ISSN 2184-3252, SciTePress, pages 166-173. DOI: 10.5220/0011576200003318

@conference{webist22,
author={Francesco Buccafurri and Vincenzo {De Angelis} and Sara Lazzaro},
title={The Ginger: Another Spice to Hinder Attacks on Password Files},
booktitle={Proceedings of the 18th International Conference on Web Information Systems and Technologies - WEBIST},
year={2022},
pages={166-173},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011576200003318},
isbn={978-989-758-613-2},
issn={2184-3252},
}

TY - CONF

JO - Proceedings of the 18th International Conference on Web Information Systems and Technologies - WEBIST
TI - The Ginger: Another Spice to Hinder Attacks on Password Files
SN - 978-989-758-613-2
IS - 2184-3252
AU - Buccafurri, F.
AU - De Angelis, V.
AU - Lazzaro, S.
PY - 2022
SP - 166
EP - 173
DO - 10.5220/0011576200003318
PB - SciTePress