Security Analysis of MD5 Algorithm in Password Storage-Reference-Cited by-同舟云学术

Security Analysis of MD5 Algorithm in Password Storage

Published:2013-08 Issue: Volume:347-350 Page:2706-2711
ISSN:1662-7482
Container-title:Applied Mechanics and Materials
language:
Short-container-title:AMM

Author:

Ah Kioon Mary Cindy¹,Wang Zhao Shun¹,Deb Das Shubra¹

Affiliation:

1. University of Science and Technology Beijing

Abstract

Hashing algorithms are commonly used to convert passwords into hashes which theoretically cannot be deciphered. This paper analyses the security risks of the hashing algorithm MD5 in password storage and discusses different solutions, such as salts and iterative hashing. We propose a new approach to using MD5 in password storage by using external information, a calculated salt and a random key to encrypt the password before the MD5 calculation. We suggest using key stretching to make the hash calculation slower and using XOR cipher to make the final hash value impossible to find in any standard rainbow table.

Publisher

Trans Tech Publications, Ltd.

Link

https://www.scientific.net/AMM.347-350.2706.pdf

Reference5 articles.

1. Rivest, R. The MD5 message-digest algorithm. RFC 1321, 37 (April 1992).

2. Zhang Shaolan, Xing Guobo, Yang Yixian, Improvement and Security Analysis on MD5 [J]. Computer Application, 2009, vol. 29(4): 947-949.

3. Xiaoling Zheng, JiDong Jin, Research for the Application and Safety of MD5 Algorithm in Password Authentication, 9th International Conference on Fuzzy Systems and Knowledge Discovery, (2012).

4. H. Mirvaziri, Kasmiran Jumari, Mahamod Ismail, Z. Mohd Hanapi, A new Hash Function Based on Combination of Existing Digest Algorithms , The 5th Student Conference on Research and Development – SCOReD 2007, 11-12 December 2007, Malaysia.

5. Md. Didarul Alam Chawdhury, and A.H.M. Ashfak Habib, Security Enhancement of MD5 Hashed Passwords by using the Unused Bits of TCP Header, Proceedings of 11th International Conference on Computer and Information Technology (ICCIT 2008) 25-27 December, 2008, Khulna, Bangladesh.

Cited by 15 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Revolutionizing IoT Security: Integrating Audio Data Transfer and Multi-Factor Authentication with Smartphones;2024 IEEE International Conference on Electro Information Technology (eIT);2024-05-30

2. Efficient Cloud Data Deduplication with Blake3 and Secure Transfer using AES;2024 4th International Conference on Pervasive Computing and Social Networking (ICPCSN);2024-05-03

3. Secure authentication protocols to resist off-line attacks on authentication data table;Journal of Computer Security;2024-02-02

4. Secure Internet Financial Transactions: A Framework Integrating Multi-Factor Authentication and Machine Learning;AI;2024-01-10

5. Efficient Braille Transformation for Secure Password Hashing;IEEE Access;2024