Date Thesis Awarded

4-2009

Document Type

Honors Thesis

Degree Name

Bachelors of Science (BS)

Department

Computer Science

Advisor

Haining Wang

Committee Member

Phil Kearns

Committee Member

Paul Davies

Abstract

Passwords play a critical role in online authentication. Unfortunately, passwords suffer from two seemingly intractable problems: password cracking and password theft. In this paper, we propose PasswordAgent, a new password hashing mechanism that utilizes both a salt repository and a browser plug-in to secure web logins with strong passwords. Password hashing is a technique that allows users to remember simple low-entropy passwords and have them hashed to create high-entropy secure passwords. PasswordAgent generates strong passwords by enhancing the hash function with a large random salt. With the support of a salt repository, it gains a much stronger security guarantee than existing mechanisms. PasswordAgent is not vulnerable to offline attacks, and it provides stronger protection against password theft. Moreover, PasswordAgent offers usability advantages over existing hash-based mechanisms, while maintaining users' familiar password entry paradigm. We build a prototype of PasswordAgent and conduct usability experiments.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License.

Comments

Thesis is part of Honors ETD pilot project, 2008-2013. Migrated from Dspace in 2016.

Share

COinS