Cryptographic Module Based Approach for Password Hashing Schemes
Date: December 2014
Publication: 7th International Conference on Passwords (Passwords14 Trondheim). Lecture Notes in Computer Science, Volume 9393
Page(s): 39 - 57
Source 1: http://dx.doi.org/10.1007/978-3-319-24192-0_3 - Subscription or payment required
Abstract or Summary:
Password Hashing is the technique of performing one-way transformation of the password. One of the requirements of password hashing algorithms is to be memory demanding to provide defense against hardware attacks. In practice, most Cryptographic designs are implemented inside a Cryptographic module, as suggested by NIST in a set of standards (FIPS 140). A cryptographic module has a limited memory and this makes it challenging to implement a password hashing scheme (PHS) inside it.
In this work, we propose a novel approach to allow a limited memory cryptographic module to be used in the implementation of a high memory password hashing algorithm. We also analyze all the first round entries of the Password Hashing Competition (PHC) to evaluate the suitability of the submitted algorithms to be implemented with a Cryptographic module. We graphically show that the submissions to the PHC can be securely implemented in a crypto-module following our suggestion. To the best of our knowledge, this is the first attempt in the direction of secure implementation of password hashing algorithms.
PasswordResearch.com Note: Video of presentation: https://video.adm.ntnu.no/pres/54980a597dfaf
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.