An Enhancement of Secure Hash Algorithm-1 applied in Linkedin to secure users passwords 6
6
-
-
- viii, 58p. 28cm.
-
-
-
-
- .
- .
- 0 .
- .
- 0 .
Undergraduate Thesis (BS in Computer Science) Pamantasan ng Lungsod ng Maynila 2017.
5
ABSTRACT A well-known professional social networking site LinkedIn was breached in 2012 with a revealed 6.5 million user accounts compromised. It was reported that LinkedIn utilized a technique called SHA-1 in storing users' passwords. SHA-1 is a famous cryptographic hash function hash given by the National Institute of Standard and Technology (NIST). For this reason, the researchers studied and searched for the best solutions that will improve SHA-1's security. This paper then presents an Enhanced Secure Hash Algorithm-1. Computer Scientists have found collision attacks on SHA-1 hash function. To overcome this threat, the weak points of its protocols were evaluated. To increase its security, the researchers increased the chaining variable by one more variable. Due to this change, message digest generated is of 192 bits. Hashing, when used in security need to be slow. This is the reason why the computation speed of modified SHA-1 was also enhanced in this study. This algorithm has been designed to satisfy the different level of enhanced security and to resist the advanced SHA attacks. These attacks include brute force attack, rainbow tables, and lookup tables. The researchers added a salt that is cryptographically random to prevent these attacks. This way no two identical passwords will have the same hash. In addition, this paper also discussed the construction of the algorithm in detail and compared its strengths and weaknesses to the old one given by NIST.