The Ginger: Another Spice to Hinder Attacks on Password Files
Francesco Buccafurri, Vincenzo De Angelis, Sara Lazzaro
2022
Abstract
One of the threats to password-based authentication is that the attacker is able to steal the password file from the server. Despite the fact that, thanks to the currently adopted security mechanisms such as salt, pepper, and key derivation functions, it is very hard for the attacker to reverse the password file, dedicated hardware is available that can make this attack feasible. Therefore, there is still a need to better counter password-file reversing. In this paper, we propose a new mechanism, called ginger, which can be combined with the above mechanisms, to increase the robustness of password-based authentication against password-file reversing. Unlike pepper and salt, ginger is stored client-side, and enables a stateful authentication process. A careful security analysis shows the benefits of the proposed innovation.
DownloadPaper Citation
in Harvard Style
Buccafurri F., De Angelis V. and Lazzaro S. (2022). The Ginger: Another Spice to Hinder Attacks on Password Files. In Proceedings of the 18th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST, ISBN 978-989-758-613-2, pages 166-173. DOI: 10.5220/0011576200003318
in Bibtex Style
@conference{webist22,
author={Francesco Buccafurri and Vincenzo De Angelis and Sara Lazzaro},
title={The Ginger: Another Spice to Hinder Attacks on Password Files},
booktitle={Proceedings of the 18th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,},
year={2022},
pages={166-173},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011576200003318},
isbn={978-989-758-613-2},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 18th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,
TI - The Ginger: Another Spice to Hinder Attacks on Password Files
SN - 978-989-758-613-2
AU - Buccafurri F.
AU - De Angelis V.
AU - Lazzaro S.
PY - 2022
SP - 166
EP - 173
DO - 10.5220/0011576200003318