Cryptographic Module Based Approach for Password Hashing Schemes
Author(s): Donghoon Chang, Arpan Jati, Sweta Mishra, Somitra Kumar Sanadhya

Date: December 2014
Publication: 8th International Conference on Passwords (Passwords14 Norway). Lecture Notes in Computer Science, Volume 9393
Page(s): 39 - 57
Publisher: Springer
Source 1: - Subscription or payment required

Abstract or Summary:
Password Hashing is the technique of performing one-way transformation of the password. One of the requirements of password hashing algorithms is to be memory demanding to provide defense against hardware attacks. In practice, most Cryptographic designs are implemented inside a Cryptographic module, as suggested by NIST in a set of standards (FIPS 140). A cryptographic module has a limited memory and this makes it challenging to implement a password hashing scheme (PHS) inside it.

In this work, we propose a novel approach to allow a limited memory cryptographic module to be used in the implementation of a high memory password hashing algorithm. We also analyze all the first round entries of the Password Hashing Competition (PHC) to evaluate the suitability of the submitted algorithms to be implemented with a Cryptographic module. We graphically show that the submissions to the PHC can be securely implemented in a crypto-module following our suggestion. To the best of our knowledge, this is the first attempt in the direction of secure implementation of password hashing algorithms. Note: Video of presentation:

Do you have additional information to contribute regarding this research paper? If so, please email with the details.

<-- Back to Authentication Research Paper Index

[Home] [About Us] [News] [Research]

Copyright © 2016