Security enhancement of MD5 hashed passwords by using the unused bits of TCP header
暂无分享,去创建一个
When a password is encrypted by a hash algorithm the resultant is called hashed password. In a server client based communication system such as Yahoo Messenger, AIM, passwords of clients are hashed by MD5 and passed to the server for authentication. This type of transmission is always a subject of interception by the hackers. These hashed passwords are passed through the Internet as a data packet. TCP header is a most common part of the data packet. In a TCP header there are six reserved bits which remains always unused. In this paper we propose a new approach to enhance the security of hashed passwords by using the six reserved bits of a TCP header. Here we encrypt the hashed password by a random key using simple mathematical function. The information needed to decrypt the encrypted hashed password is carried by the six bits of TCP header.
[1] Philippe Oechslin,et al. Making a Faster Cryptanalytic Time-Memory Trade-Off , 2003, CRYPTO.
[2] Benny Pinkas,et al. Securing passwords against dictionary attacks , 2002, CCS '02.
[3] Dan Kaminsky,et al. MD5 To Be Considered Harmful Someday , 2004, IACR Cryptol. ePrint Arch..