Security Analysis of MD5 Algorithm in Password Storage

Mary Cindy Ah Kioon; Zhao Shun Wang; Shubra Deb Das

doi:10.4028/www.scientific.net/AMM.347-350.2706

Paper Titles

Emotional Interaction Agents in Intelligent Tutoring Systems
p.2682

A New Multivariate-Based Ring Signature Scheme
p.2688

A Secured Distributed and Data Fragmentation Model for Cloud Storage
p.2693

A Genetic Algorithm-Based Quasi-Linear Regression Method and Application
p.2700

Security Analysis of MD5 Algorithm in Password Storage
p.2706

Feature Selection Algorithm for Palm Bio-Impedance Spectroscopy Based on Immune Clone
p.2712

Design and Application of a Policy-Driven Interactive Security Model
p.2717

Equipment Maintenance Support Analysis Model Based on Field-Theory
p.2721

An Improved Algorithm Based on LEACH Protocol
p.2725

HomeApplied Mechanics and MaterialsApplied Mechanics and Materials Vols. 347-350Security Analysis of MD5 Algorithm in Password...

Security Analysis of MD5 Algorithm in Password Storage

Abstract:

Hashing algorithms are commonly used to convert passwords into hashes which theoretically cannot be deciphered. This paper analyses the security risks of the hashing algorithm MD5 in password storage and discusses different solutions, such as salts and iterative hashing. We propose a new approach to using MD5 in password storage by using external information, a calculated salt and a random key to encrypt the password before the MD5 calculation. We suggest using key stretching to make the hash calculation slower and using XOR cipher to make the final hash value impossible to find in any standard rainbow table.

You might also be interested in these eBooks

View Preview

Info:

Periodical:

Applied Mechanics and Materials (Volumes 347-350)

Pages:

2706-2711

DOI:

https://doi.org/10.4028/www.scientific.net/AMM.347-350.2706

Citation:

Cite this paper

Online since:

August 2013

Authors:

Mary Cindy Ah Kioon, Zhao Shun Wang, Shubra Deb Das

Keywords:

Component, Data Security, Dictionary Attacks, MD5, Password Storage Security, Rainbow Tables

Export:

RIS, BibTeX

Price:

Permissions:

Request Permissions

References

[1] Rivest, R. The MD5 message-digest algorithm. RFC 1321, 37 (April 1992).

Google Scholar

[2] Zhang Shaolan, Xing Guobo, Yang Yixian, Improvement and Security Analysis on MD5 [J]. Computer Application, 2009, vol. 29(4): 947-949.

DOI: 10.3724/sp.j.1087.2009.00947

Google Scholar

[3] Xiaoling Zheng, JiDong Jin, Research for the Application and Safety of MD5 Algorithm in Password Authentication, 9th International Conference on Fuzzy Systems and Knowledge Discovery, (2012).

DOI: 10.1109/fskd.2012.6234010

Google Scholar

[4] H. Mirvaziri, Kasmiran Jumari, Mahamod Ismail, Z. Mohd Hanapi, A new Hash Function Based on Combination of Existing Digest Algorithms , The 5th Student Conference on Research and Development – SCOReD 2007, 11-12 December 2007, Malaysia.

DOI: 10.1109/scored.2007.4451409

Google Scholar

[5] Md. Didarul Alam Chawdhury, and A.H.M. Ashfak Habib, Security Enhancement of MD5 Hashed Passwords by using the Unused Bits of TCP Header, Proceedings of 11th International Conference on Computer and Information Technology (ICCIT 2008) 25-27 December, 2008, Khulna, Bangladesh.

DOI: 10.1109/iccitechn.2008.4803081

Google Scholar