PROVIDING PASSWORD SECURITY BY SALTED PASSWORD HASHING USING BCRYPT ALGORITHM

World Wide Web has become a popular medium to search information, business, trading and so on. Various organizations and companies are also employing the web in order to introduce their products or services around the world. E-commerce is any type of business or commercial transaction that involves the transfer of information across the internet. A huge amount of information is generated and stored in the web services. This document is intended for System endusers, System architects and System developers and Software Testers. This project focuses on providing security to user’s data by using Salted Password Hashing Technique. Shopping Online can be so vulnerable, since the user information are saved as a plain text in their database. To overcome this scenario hashing is used. This project focuses on saving an encrypted user data to the database rather their saving as a plain text. To provide more security to user data Bcrypt algorithm is implemented. Bcrypt algorithm can encrypt the data up to 512bits which provides a longer encryption key and give hashed value of the user data. Hash functions are primarily used in hash tables, to quickly locate a data records.

[1]  Xiaoyun Wang,et al.  How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[2]  C. H. Chen,et al.  A NOVEL PRIVATE INFORMATION RETRIEVAL SCHEME WITH FAIR PRIVACY IN THE USER SIDE AND THE SERVER SIDE , 2009 .

[3]  Howard M. Heys,et al.  FPGA implementation of MD5 hash algorithm , 2001, Canadian Conference on Electrical and Computer Engineering 2001. Conference Proceedings (Cat. No.01TH8555).

[4]  David Mazières,et al.  The Advanced Computing Systems Association a Future-adaptable Password Scheme a Future-adaptable Password Scheme , 2022 .

[5]  Howard M. Heys,et al.  FPGA IMPLEMENTATION OF MD 5 HASH ALGORITHM , 2001 .

[6]  Reyhaneh Tamimi,et al.  The application of web usage mining in E-commerce security , 2013, 7th International Conference on e-Commerce in Developing Countries:with focus on e-Security.

[7]  Ralf Zimmermann,et al.  High-speed implementation of bcrypt password search using special-purpose hardware , 2014, 2014 International Conference on ReConFigurable Computing and FPGAs (ReConFig14).

[8]  Tim Güneysu,et al.  Evaluation of Standardized Password-Based Key Derivation against Parallel Processing Platforms , 2012, ESORICS.

[9]  Chanathip Namprempre,et al.  The One-More-RSA-Inversion Problems and the Security of Chaum's Blind Signature Scheme , 2003, Journal of Cryptology.

[10]  Muthusamy Madheswaran,et al.  A novel secure hash algorithm for public key digital signature schemes , 2012, Int. Arab J. Inf. Technol..

[11]  Simon Josefsson,et al.  The scrypt Password-Based Key Derivation Function , 2016, RFC.

[12]  Rafail Ostrovsky,et al.  Public Key Encryption That Allows PIR Queries , 2007, CRYPTO.

[13]  David Mazières,et al.  A future-adaptive password scheme , 1999 .

[14]  Gwoboa Horng,et al.  Privacy Protection in On-line Shopping for Electronic Documents , 2009, IAS.

[15]  Donald E. Eastlake,et al.  US Secure Hash Algorithm 1 (SHA1) , 2001, RFC.

[16]  Mohammed Ahmed Al-Fayoumi,et al.  Blind Decryption and Privacy Protection , 2005 .