IMPROVING THE RESISTANCE OF PASSWORDS IN WEB SYSTEMS USING ADVANCED HASHING SCHEMES
DOI:
https://doi.org/10.31891/2307-5732-2024-331-6Keywords:
security of web systems, password-hashing schemes, resistance of passwordsAbstract
Researching the security of web systems is a relevant and integral component in the process of developing and operating Internet projects. Ensuring the security of user passwords is a key aspect in this context, as compromised passwords can lead to undesirable consequences, including loss of sensitive information, unauthorized access and website compromise.
One approach to making passwords more resistant to cracking is the use of hashing techniques. When a user account is created, the password is hashed using the selected hash function. The development of parallel computing allows for many attacks when cracking password hashes. To counter such attacks, it is necessary to constantly develop new password hashing schemes that will be effective and provide a higher level of password security in web systems.
The results of the study confirm that most of the popular frameworks used for the development of web systems do not provide a sufficiently high level of password protection. Many of them simply hash user data using fast and less stable algorithms such as SHA2 or MD5. This makes passwords vulnerable to hash table and dictionary attacks.
According to OWASP guidelines and accepted security practices, highly robust salted hashing algorithms are one of the most effective methods for keeping passwords secure. Such algorithms provide much greater resistance to various attacks, including attacks using specialized hardware and parallel computing.
Argon2id is one of the most robust password hashing algorithms that has won a password hashing contest and is considered one of the most reliable options for password security. Using Argon2id allows you to configure configuration parameters such as the minimum memory size, the number of iterations and the degree of parallelism, which allows you to achieve an optimal balance between security and performance.