JIS  Vol.10 No.2 , April 2019
Security of Password Hashing in Cloud
Abstract: Though the History of using password in computing can be traced back to as far as mid of last century little focus has been implied on how to securely store and retrieve password to authenticate and authorize services to the end users. In this paper the current security of various password hashing schemes that are in use today will be investigated through practical proof of concept-GPU based, password hash dump cracking using the power of cloud computing. We will be providing comparison on different password hashing cracking time using the cloud GPU power in AWS. The focus of this paper is to show the possible use of cloud computing in cracking hash dumps and the way to countermeasures them by using secure hashing algorithm and using complex passwords.
Cite this paper: Kamal, P. (2019) Security of Password Hashing in Cloud. Journal of Information Security, 10, 45-68. doi: 10.4236/jis.2019.102003.

[1]   O’Gorman, L. (2003) Comparing Passwords, Tokens, and Biometrics for User Authentication. Proceedings of the IEEE, 91, 2021-2040.

[2]   Adams, A., Sasse, M.A. and Lunt, P. (1997) Making Passwords Secure and Usable. In: Thimbleby, H., et al., Eds., Proceedings of HCI on People and Computers XII, Springer-Verlag, London, 1-19.

[3]   (2016) MD5 Message Digest Algorithm Hash Collision Weakness.

[4]   Qiu, W.D., Gong, Z., Guo, Y.D., Liu, B.Z., Tang, X. and Yuan, Y. (2016) GPU-Based High-Performance Password Recovery Technique for Hash Functions. ResearchGate.

[5]   Thompson, C.J., Hahn, S. and Oskin, M. (2002) Using Modern Graphics Architectures for General-Purpose Computing: A Framework and Analysis. Proceedings of the 35th annual ACM/IEEE International Symposium on Microarchitecture, Istanbul, 18-22 November 2002, 306-317.

[6]   Cook, D.L., Ioannidis, J., Keromytis, A.D. and Luck, J. (2005) CryptoGraphics: Secret Key Cryptography Using Graphics Cards. Cryptographers’ Track at the RSA Conference, 334-350.

[7]   Yang, J. and Goodman, J. (2007) Symmetric Key Cryptography on Modern Graphics Hardware. Advances in Cryptology, 249.

[8]   Di Biagio, A., Barenghi, A., Agosta, G. and Pelosi, G. (2009) Design of a Parallel AES for Graphics Hardware Using the CUDA Framework. IEEE International Symposium on Parallel & Distributed Processing, Rome, 23-29 May 2009, 1-8.

[9]   Manavski, S.A. (2007) CUDA Compatible GPU as an Efficient Hardware Accelerator for AES Cryptography. IEEE International Conference on Signal Processing and Communications, Dubai, 24-27 November 2007, 65 p.

[10]   Harrison, O. and Waldron, J. (2007) AES Encryption Implementation and Analysis on Commodity Graphics Processing Units. Cryptographic Hardware and Embedded Systems CHES 2007, 209 p.

[11]   Bernstein, D., Chen, H.C., Cheng, C.M., Lange, T., Niederhagen, R., Schwabe, P. and Yang, B.Y. (2010) ECC2K-130 on NVIDIA GPUs. Progress in Cryptology-Indocrypt, 328-346.

[12]   Hu, G., Ma, J. and Huang, B. (2010) High Throughput Implementation of MD5 Algorithm on GPU. Proceedings of the 4th International Conference on Ubiquitous Information Technologies & Applications, Fukuoka, 20-22 December 2009, 1-5.

[13]   Mukherjee, R., Rehman, M.S., Kothapalli, K., Narayanan, P.J. and Srinathan, K. (2009) Presenting New Speed Records and Constant Time Encryption on the GPU. 3.

[14]   Zhang, R. and Wang, X. (2011) MD5 Crack Method Based on Compute Unified Device Architecture. Computer Science, 38, 302-305.

[15]   Weng, J., Wu, Q. and Yang, C. (2011) OpenCL-Based MD5 Decryption Algorithm. Computer Engineering, 37, 119-121.

[16]   Nguyen, D.H., Nguyen, T.T., Duong, T.N. and Pham, P.H. (2010) Cryptanalysis of MD5 on GPU Cluster. Proceedings of International Conference on Information Security and Artificial Intelligence, Vol. 2, Chengdu, 17-19 December 2010, 910-914.

[17]   Bauspiess, F. and Damm, F. (1992) Requirements for Cryptographic Hash Functions. Computers, and Security, 11, 427-437.

[18]   Anon (2016)

[19]   Jose, R.T. and Thomas, C.G. (2015) A Comparative Study on Different Hashing Algorithms. International Journal of Innovative Research in Computer and Communication Engineering, 3, 170-175.

[20]   Menezes, A.J., Van Oorschot, P.C. and Vanstone, S.A. (1997) Handbook of Applied Cryptography. CRC, Boca Raton, 8, 14, 15.

[21]   Reid, D. and Knipping, C. (2010) Proof in Mathematics Education: Research, Learning and Teaching.

[22]   Florencio, D. and Herley, C. (2007) A Large-Scale Study of Web Password Habits.

[23]   Hellman, M. (1980) A Cryptanalytic Time-Memory Tradeoff. IEEE Transactions on Information Theory, 26, 401-406.

[24]   Password Strength Checker (2016)

[25]   Mariger, H. (2016) Cognitive Disabilities and the Web: Where Accessibility and Usability Meet.

[26]   Yang, Y., Lindqvist, J. and Oulasvirta, A. (2014) Text Entry Method Affects Password Security. Computing Research Repository.

[27]   Liu, Y. and Wu, E. (2008) Emerging Technology about GP-GPU. Circuits and Systems Asia Pacific Conference, Macao, 30 November-3 December 2008, 618-622.

[28]   Rupp, K. (2016) CPU, GPU and MIC Hardware Characteristics over Time.

[29]   Vecchiola, C., Pandey, S. and Buyya, R. (2009) High-Performance Cloud Computing: A View of Scientific Applications. 10th International Symposium on Pervasive Systems, Algorithms, and Networks, Kaohsiung, 14-16 December 2009, 4-16.