T. Nathezhtha, V. Vaidehi and D. Sangeetha. Numerical Method Based Dynamic Salt Generator for Password Database Security. Dynamic Systems and Applications 30 (2021) No.8, 1286 – 1303

https://doi.org/10.46719/dsa20213085

ABSTRACT.
Honeyword are bogus passwords used against password theft. Sugar word are user’s original password, they are stored along with several honeyword. Sugar word and honeyword are together referred as sweet words, which are maintained in password database to trap the attackers. The Proposed Questionnaire based word mangling honeyword generator (Q-HG) increases the password cracking overhead on attackers. Q-HG produces a word list with the information collected from the users. Word mangling is performed on word list and a Q-List is produced. The words in Q-List follow the context of original passwords. Q-List reduces the password guessing attacks but it is vulnerable to rainbow table attack. To minimize the intensity of such attack and to achieve flatness, a secret seed is added to every word in Q-List. A dynamic salt generator (DSG) is proposed based on concepts of numerical methods. DSG generates dynamic salt for every word in Q-list before hashing. DSG finds local minima and local maxima of Q-list words, which further formed as a matrix to compute Eigen value and vector to generate dynamic salt. The generated salt is used while hashing the Q-List and the resultant list is referred as Q-HG list. Q-HG list contains the generated honeyword which are hashed with dynamic salt and appended with seedbed. The experimental analysis shows that, the Proposed Q-HG is highly tolerant to attacks like Targeted Password guessing, Dictionary attack, and Brute-force attacks, Rainbow table attack compared to other honeyword generation approaches.

Keywords: Honeyword, Dynamic Salt, Password, Password Cracking, Authentication.