Int
ern
at
i
onal
Journ
al of Ele
ctrical
an
d
Co
mput
er
En
gin
eeri
ng
(IJ
E
C
E)
Vo
l.
10
,
No.
6
,
Decem
ber
2020
, p
p.
6582
~
6591
IS
S
N: 20
88
-
8708
,
DOI: 10
.11
591/
ijece
.
v10
i
6
.
pp
6582
-
65
91
6582
Journ
al h
om
e
page
:
ht
tp://i
je
ce.iaesc
or
e.c
om/i
nd
ex
.ph
p/IJ
ECE
Authenticati
on a
nd
p
assword
s
t
oring
i
mp
rovemen
t using
SXR alg
or
ithm
with
a hash fun
ction
Jakk
apon
g
P
ol
po
n
g
1
,
P
ongp
isi
t
Wu
tt
idi
t
tacho
tt
i
2
1
Facul
t
y
of
Infor
m
at
ion
T
ec
hnolo
g
y
and
Dig
ital
In
novat
ion
,
King
Mongkut’s Unive
rsit
y
of T
ec
hnolog
y
Nor
th
Bangkok
,
Th
a
iland
2
Depa
rtment of
Data
Com
m
unicati
on
and
Netwo
rking,
Fa
cul
t
y
of
Inform
at
ion
Tec
hnolog
y
and
Dig
it
al Innovation
,
King
Mongkut’s Unive
r
sit
y
of
T
ec
hnolog
y
Nor
th
Bangkok
,
Th
ai
l
and
Art
ic
le
In
f
o
ABSTR
A
CT
Art
ic
le
history:
Re
cei
ved
A
pr
13
, 20
20
Re
vised
Ju
n
2
,
2020
Accepte
d
J
un
1
5
, 202
0
Secur
e
p
assw
ord
storing
is
esse
nti
al
in
s
y
st
ems
working
base
d
o
n
passw
ord
aut
hen
ti
c
at
ion
.
In
thi
s
pape
r
,
S
XR
al
gorit
hm
(
Split
,
Exc
lusiv
e
OR,
and
Repl
a
ce
)
was
proposed
to
impro
ve
se
cur
e
passw
ord
storing
and
c
ould
al
so
b
e
ap
plied
to
cur
re
nt
aut
h
ent
i
cation
s
y
stems
.
SX
R
al
gorit
hm
consiste
d
of
four
steps
.
First,
the
rec
e
ive
d
passw
ord
from
users
w
as
hashe
d
throu
gh
a
gen
eral
hash
func
t
ion
.
Second,
the
ra
ti
o
and
th
e
num
ber
of
it
e
rations
fro
m
the
sec
r
et
ke
y
(
userna
m
e
a
nd
passw
ord
)
w
ere
c
al
cu
la
t
ed
.
Thi
rd,
th
e
hashe
d
passw
ord
and
rat
io
w
ere
computed,
and
t
he
hashe
d
passw
ord
was
divi
ded
base
d
on
the
r
at
io
(
Split
)
int
o
two
v
al
ue
s
.
Both
the
values
were
applie
d
to
XO
R
equa
t
ion
accordi
ng
to
the
num
be
r
of
i
te
r
at
ions,
r
esult
ing
in
two
new
va
l
ues
.
La
st,
th
e
obt
ai
n
ed
v
al
u
es
wer
e
con
cate
na
te
d
a
nd
stored
in
th
e
d
ataba
se
(
Repl
a
ce
)
.
On
eva
luating,
complexi
t
y
anal
y
s
es
and
compari
son
s
has
show
n
tha
t
SX
R
al
gori
thm
coul
d
provi
de
at
t
ac
k
r
esistance
with
a
stron
ger
hashe
d
passw
ord
aga
in
st
the
afo
reme
nti
on
ed
a
tt
a
cks
.
Consequent
l
y
,
ev
en
if
the
h
ac
ker
s
h
ac
k
ed
th
e
hashe
d
pa
ss
word,
it
would
be
cha
l
le
nging
and
would
consum
e
m
ore
ti
m
e
to
dec
r
y
pt
the
ac
tu
al
on
e,
because
the
pat
te
rn
of
the
stor
ed
pass
word
is
the
sa
m
e
as
the
one
t
hat
h
as
be
en
ha
shed
through
the
g
en
er
al
h
ash
func
ti
on
.
Ke
yw
or
d
s
:
Dict
ion
a
ry
a
tt
acks
Hash
f
unct
ion
Passwor
d
s
ecu
rity
Secu
re
p
ass
word
s
to
rag
e
Copyright
©
202
0
Instit
ut
e
o
f Ad
vanc
ed
Engi
n
ee
r
ing
and
S
cienc
e
.
Al
l
rights re
serv
ed
.
Corres
pond
in
g
Aut
h
or
:
Pongpisi
t
Wu
tt
idit
ta
cho
tt
i
,
Dep
a
rt
m
ent o
f Dat
a Com
m
un
ic
at
ion
a
nd N
et
work
i
ng
,
King Mo
ng
ku
t
’s Un
i
ver
sit
y o
f
Tec
hnology
North
Ban
gkok
,
1518 P
rac
har
at
Sai 1 R
d. Ba
ngsue
, Ba
ngkok 1
0800, T
haila
nd.
Em
a
il
:
po
ngpis
it
.
w@
it
.
km
utn
b
.
ac
.
th
1.
INTROD
U
CTION
In
th
e
21
st
c
entu
ry,
I
nform
at
ion
Tech
nolo
gy
play
s
a
sign
ific
a
nt
r
ole
in
our
da
il
y
activiti
es
.
Ma
ny
age
ncies
rely
on
in
f
or
m
at
ion
te
ch
nolo
gy
f
or
acce
ssin
g
var
i
ou
s
ser
vi
ces
on
t
he
inter
net
s
uch
as
fi
na
ncial
transacti
ons,
e
-
m
ail,
so
ci
al
ne
tworks
,
rem
ote
de
sk
t
op,
acc
ess
via
c
omm
a
nd
li
ne,
et
c
.
The
us
a
ge
of
v
a
rio
us
serv
ic
es
c
on
sis
ts
of
t
hr
ee
par
t
s
:
Con
fi
den
ti
al
it
y,
In
te
gr
it
y,
a
nd
Av
ai
la
bili
ty
[
1
]
.
Co
nf
id
ent
ia
li
t
y
m
eans
stori
ng
the infor
m
at
ion
or k
e
epi
n
g
t
he
infor
m
at
ion
co
nfi
de
ntial
, wh
ic
h
only
all
ow
s
access to th
ose
w
ho
hav
e t
he
r
ig
ht
to
the
in
form
ation
.
In
te
gr
it
y
m
eans
pr
otect
ing
the
in
form
a
ti
on
t
o
rem
ai
n
com
plete
and
a
ccur
at
e
.
Ther
e
sh
oul
d
be
a
ver
ific
at
io
n
m
echan
ism
to
c
hec
k
f
or
al
te
rati
on
s
that
m
ay
occ
ur
without
per
m
issi
on
.
Av
ai
la
bili
ty
m
eans
the
abili
ty
to
acce
ss
the
net
work
data
or
resou
rces
wh
e
nev
e
r
necessa
r
y
.
In
ot
her
w
ords,
a
pe
rs
on
with
the
rig
ht
or
pe
r
m
issi
on
to
acce
ss
the
netw
ork
inf
or
m
at
ion
or
data
s
ource
can
acce
ss
it
at
al
l
tim
es
witho
ut
any
la
te
ncy
[
2
]
.
Secu
re
Pas
sw
ord
St
or
i
ng
is
a
crit
ic
al
issu
e
[
3,
4
]
,
a
nd
there
are
m
any
m
e
tho
ds
to
c
hoos
e
f
ro
m
crypto
gr
a
phy
t
o
t
he
us
a
ge
of
a
has
h
f
un
ct
io
n
.
The
se
ca
n
c
hange
the
m
essages
so
that
t
hey
c
ou
l
d
no
t
be
read
as
act
ua
l
m
essages
anym
or
e
or
in
s
om
e
cases,
e
ve
n
if
th
ey
co
uld
be
re
ad,
they
co
uld
not
be
unde
rs
tood
.
Evaluation Warning : The document was created with Spire.PDF for Python.
In
t J
Elec
&
C
om
p
En
g
IS
S
N: 20
88
-
8708
Auth
e
nticati
on
and p
as
swo
rd
storin
g
im
prov
emen
t
us
i
ng
...
(
Jakkap
ong Pol
pong)
6583
The
m
ai
n
go
al
of
sto
rin
g
pass
words
secu
rely
is
to
pr
otect
confide
ntial
inf
or
m
at
ion
from
us
ers
with
m
alici
ou
s
intenti
on,
pr
e
ve
nt
data
le
aka
ge,
a
nd
to
pr
e
ven
t
dat
a
f
ro
m
bein
g
c
hange
d
du
rin
g
tra
nsm
issi
on
.
The
s
yst
e
m
sh
oul
d
able
t
o
detect
w
hethe
r
the
data
has
c
hange
d
durin
g
any
tran
sm
issio
n
.
Nowaday
s,
we
bs
it
es
with
m
any
us
ers
are
hacked,
m
e
m
ber
li
sts
co
ntainin
g
Usernam
e,
E
-
m
ai
l,
and
Pass
word,
as
well
as
ot
her
inf
or
m
a
ti
on
,
su
c
h
as
a
ddres
ses
or
cre
dit
ca
rd
i
nfor
m
at
ion
.
Of
te
nly,
the
tr
ap
f
r
om
the
web
sit
e
su
c
h
as
“
hav
e
i
bee
n
pwned
?
”
rev
eal
e
d
t
hat
m
any
fam
ou
s
web
sit
es,
s
uc
h
as
A
dobe
,
A
poll
o,
A
vast,
Bi
tTor
ren
t,
Li
nkedIn,
a
nd
Yahoo
had
been hac
ke
d
t
o re
veal m
e
m
be
rsh
i
p
in
f
or
m
at
i
on
[
5
]
.
In
s
umm
ary,
t
his
resea
rc
h
ai
m
s
to
desig
n
a
nd
de
velo
p
a
n
al
gorithm
to
increase
the
secu
rity
of
st
or
e
us
er
data
in
web
ap
plica
ti
on
s
rely
ing
on
w
orkin
g
with
ha
sh
functi
ons
in
var
io
us
al
gori
thm
s
su
ch
as
MD5
,
SHA1,
S
H
A25
6,
a
nd
S
H
A51
2
.
Curre
ntly
,
the
sec
ur
it
y
of
the
MD
5
al
gor
it
h
m
has
been
sign
ific
a
ntly
re
du
ce
d
because
a
group
of
m
al
ic
iou
s
us
e
rs
can
at
ta
ck
it
.
They
de
velo
p
pass
w
ord
c
om
par
iso
n
t
ables
of
MD
5
cal
le
d
Ra
inbow
Ta
bles,
wh
ic
h
a
re
la
rg
e
ta
bles
cre
at
ed
from
the
has
h
functi
on
[
6
]
.
These
ta
bles
co
ns
ist
of
ge
ner
a
l
basic
vo
ca
bula
ry that i
s
com
m
on
ly
u
sed
as
a p
ass
w
ord
.
In
orde
r
to
im
pr
ove
sec
ur
it
y
a
nd
t
o
m
ake
it
diff
ic
ult
to
dec
rypt
the
sec
ure
d
data
from
m
al
ic
iou
s
use
,
the
pa
sswo
rd
is
obta
ine
d
fro
m
the
has
h
f
unct
ion
by
s
plit
tin
g
the
data
i
nto
2
par
ts
.
The
rati
o
ca
n
be
ca
lc
ulate
d
from
the
(
1
)
c
al
le
d
“
Sp
li
t
”.
Nex
t
ste
p
is
to
com
pu
te
the
nu
m
ber
of
work
i
ng
it
erati
ons
f
ro
m
(
2
)
(
Iterati
on
)
,
and
the
n
ta
king
the
se
t
w
o
va
lues
th
rou
gh
a
m
at
he
m
at
ic
a
l
process
f
ro
m
(
3
)
cal
le
d
“
XOR
”
(
Exclusi
ve
-
OR
)
,
the
res
ult
is
called
“
Re
place
”.
The
n,
the
tw
o
values
a
re
ar
ra
ng
e
d
to
gethe
r,
wh
ic
h
is
cal
le
d
the
SX
R
al
gor
it
h
m
(
Sp
li
t,
Excl
us
i
ve
-
OR,
Re
pl
ace
).
Finall
y,
we
c
om
par
e
at
ta
ck
res
ist
a
nce
a
nd
proce
ssing
ti
m
e
between
tradit
ion
al
has
h functi
ons a
nd e
nh
a
nce
d
sec
ur
it
y has
h f
un
c
ti
on
s
with t
he SXR al
gorithm
.
2.
LIT
ERATUR
E REVIE
WS
This
sect
i
on
descr
ibes
e
xi
sti
ng
sec
ur
e
pas
swor
d
st
or
i
ng
m
et
ho
ds
.
A
has
h
functi
on
is
sim
il
ar
to
encr
y
ptin
g
by
a
te
ch
nique
of
c
hangin
g
the
form
at
of
the
m
essage
.
The
ha
sh
f
un
ct
io
n
will
cha
nge
the
pas
sw
ord
into
rand
om
char
act
e
r
s
a
nd
ra
ndom
nu
m
ber
s
.
Popul
ar
has
h
func
ti
on
s
a
re
MD
5
a
nd
SHA
-
1
[
7,
8
]
.
The
t
wo
feat
ures
of
the
ha
sh
functi
on
to
inc
rease
pass
wor
d
sec
ur
it
y
are
as
f
ollows
:
the
has
h
functi
on
ca
nnot
be
re
ver
se
d,
and
the
n
the
possibil
it
y
of
t
wo
diff
e
ren
t
pa
sswor
ds
ge
ne
rates
the
sam
e
ha
s
h
value by
rand
om
char
act
er
s a
nd num
ber
s
w
hich
is
v
e
ry h
a
rd m
et
ho
d.
A
m
et
ho
d
us
e
d
to
increase
st
r
onge
r
store
d
pa
sswor
ds
ca
n
be
done
by
us
in
g
a
sal
te
d
pa
ss
word
.
It
ca
n
increase
the
le
ng
t
h
of
pass
w
ords
by
ad
ding
a
rand
om
nu
m
ber
of
data
set
s
into
the
pa
sswor
d
that
th
e
us
er
enters
be
fore
go
i
ng
th
rou
gh
the
has
h
func
ti
on
.
H
ow
e
ve
r,
there
is
a
li
m
it
at
ion
that
the
sal
t
value
m
us
t
be
store
d
in
the
database
.
If
at
ta
cker
s
can
ac
cess
a
databa
s
e
with
sal
t
val
ues,
t
hey
can
easi
ly
decr
ypt
to
get
the
real
pass
w
ord
[
9,
10
]
.
Ma
riam
and
S
uj
i
tha
co
nducte
d
a
stu
dy
on
sec
ur
it
y
analy
sis
of
sal
t
an
d
pas
swor
d
has
hes
.
This
r
esearch
was
f
ocused
o
n
eva
luati
ng
the
effe
ct
iveness
of
s
al
t
in
passwords,
s
uc
h
as
pr
efix
or
su
f
fix
wh
ic
h
c
an
m
ake
at
ta
c
ker
s
m
or
e
diffi
cult
to
pr
e
dict
.
If
t
he
at
ta
cke
r
s
try
m
any
exp
erim
ents
un
ti
l
they
fin
d
the
f
ix
poi
nt,
the
p
a
sswo
r
d
the
n
c
ould
not be
pr
otect
ed
[
11
]
.
Pr
at
ham
esh
et
al
.
pr
ese
nted
a
te
chn
iq
ue
to
in
crease
the
sec
uri
ty
of
plain
te
xt
pass
wor
ds
in
t
he
ser
ver
database
.
The
researc
h
offe
re
d
m
et
ho
ds
of
e
ncr
y
ption
by
process
Ju
m
bling
-
Salt
in
g
(
JS
)
w
hich
can
pr
event
dicti
on
a
ry
at
ta
cks
a
nd
brute
f
or
ce
at
ta
cks
by
incre
asi
ng
t
he
le
ngth
of
t
he
ci
ph
e
rtext
.
The
ci
pherte
xt
is
cho
s
e
n
from
a
pr
e
defi
ned
c
ha
racter
set
with
m
od
ul
us
m
at
he
m
at
ic
al
fu
ncti
ons
.
Wh
e
n
ex
pe
rim
enting
with
AES
encr
y
ption,
it
was
f
ound
that
this
m
et
ho
d
m
ade
decip
he
rin
g
m
or
e
ti
m
e
and
m
or
e
s
e
cu
re
[
12
]
.
In
the
pr
e
viou
s
m
et
ho
ds,
al
th
ough
sal
te
d
r
andom
ly
assigned
t
o
eac
h
us
er
,
it
was
ke
pt
in
the
dat
abase
as
a
c
onsta
nt
.
The
vu
l
ner
a
bili
ty
is
t
hat
if
t
he
data
base
is
hack
e
d,
it
can
easi
ly
identify
an
d
us
e
sal
t
values
to
de
cryp
t
pass
words
.
Ther
ef
or
e
,
if
the
us
e
of
Access
-
base
d
Salt
s
tha
t
cha
ng
e
s
c
onti
nuously
,
it
will
m
ake
the
pass
wor
d
m
or
e secur
e
[
13
]
.
In
ad
diti
on
to
increa
sin
g
th
e
ef
fici
ency
of
the
hash
f
unct
ion,
C
hawd
hury
a
nd
Habi
b
propose
d
m
et
ho
ds
to
i
nc
rease
the
ef
fici
ency
of
M
D5
i
n
pas
sw
ord
se
cur
it
y
us
in
g
si
x
rese
rv
e
bits,
wh
ic
h
is
usual
ly
no
t
us
e
d
in
the
T
CP
Hea
der
.
Encr
y
pting
pa
ss
word
us
in
g
ha
sh
s
houl
d
be
perform
ed
pri
or
transm
i
tt
ing
it
out
thr
ough
the
ne
twork
.
Serv
e
r
side
the
n
us
es
the
val
ues
fro
m
the
TCP
He
ader
t
o
decr
y
pt
the
has
h
pass
word
.
This
te
c
hn
i
que
m
akes
it
ha
rder
for
t
hose
w
ho
wan
t
to
at
ta
ck
M
D5
with
a
Ra
i
nbow
Ta
ble
[
14
]
.
The
SHA
-
1
al
gorithm
has
been
im
pr
ove
d
to
increase
se
cur
it
y
w
hen
a
ppli
ed
to
web
a
pp
li
cat
io
ns
,
es
pecial
ly
fo
r
pa
sswor
d
has
hing
.
A
si
m
ple
qu
ad
rati
c
f
unct
ion
a
nd
sa
lt
values
has
bee
n
im
ple
m
ented
to
inc
re
ase
the
c
om
pl
exity
of
creati
ng
a
has
h
ta
ble
wh
ic
h
m
akes
it
dif
ficult
to
at
ta
ck
[
15,
16
]
.
Seong
a
nd
Kim
had
ad
op
te
d
hash
al
gori
thm
s
,
su
c
h
as
SHA
-
1,
SHA
-
256
,
an
d
MD
5,
to
incr
eas
e
the
eff
ic
ie
ncy
of
tra
ns
m
itti
ng
lo
ng
-
dista
nce
com
m
un
ic
at
ion
s
betwee
n
t
he
se
a
an
d
the
ground
to
pr
e
ve
nt
i
nfor
m
at
ion
l
oss
[
17
]
.
G
urpr
ee
t
et
al
.
prese
nted
t
he
us
e
of
M
essage
Au
t
hen
ti
cat
io
n
Co
de
(
MAC
)
us
in
g
sec
ret
cod
e
s
c
reated
by
De
oxyri
bonucl
ei
c
Acid
(
DNA
)
an
d
Linea
r
Ra
ndom
N
um
ber
Gen
e
rato
r
(
LCG
)
to work
with the
h
a
sh f
un
ct
io
n
[
18
]
.
Evaluation Warning : The document was created with Spire.PDF for Python.
IS
S
N
:
2088
-
8708
In
t J
Elec
&
C
om
p
En
g,
V
ol.
10
, No
.
6
,
Dec
e
m
ber
2020
:
6582
-
6591
6584
Fr
om
the
relat
ed
w
ork
disc
usse
d
in
t
his
pa
pe
r,
m
os
t
of
the
existi
ng
te
c
hniqu
es
usual
ly
ha
d
f
oc
us
e
d
on
im
pr
ov
i
ng
t
he
hash
f
unct
ion
.
Althou
gh
the
s
al
te
d
pa
sswor
d
has
ca
n
im
pr
ove
t
he
ef
fici
ency
of
store
pass
words,
it
m
ay
req
uire
stores
i
n
the
dat
abase
.
The
pro
po
s
ed
SX
R
i
n
this
pa
per,
on
t
he
oth
er
ha
nd,
fo
c
us
es
on m
anipu
la
ti
ng the
origi
nal hash
value
b
y
S
plit
, XOR, a
nd
R
eplace
b
as
ed
on u
s
er
nam
e a
nd p
a
sswor
d
.
3.
PROP
OSE
D
METHO
D
At
pr
ese
nt,
al
m
os
t
al
l
web
sit
es
on
ly
us
e
one
-
facto
r
aut
he
nt
ic
at
ion
.
T
he
use
r
just
e
nter
s
us
er
nam
e
an
d
pass
word
to
a
ccess
the
inf
or
m
at
ion
on
t
hat
we
bs
it
e
.
Espe
ci
al
ly
,
m
edium
and
sm
al
l
web
sit
es
do
not
ha
ve
a
budget
t
o
use
TLS
or
m
ulti
-
facto
r
a
ut
hen
ti
cat
io
n
se
r
vices
[
19
]
,
s
uc
h
as
O
TP,
bi
om
e
tric
,
toke
n,
et
c
.
This
m
akes
the
web
sit
es
po
s
sibly
insecu
re,
and
t
her
e
is
a
high
ris
k
of
bein
g
hac
ke
d
[
20
,
21
]
.
Most
us
er
s
pr
e
fer
to
us
e
t
he
sam
e
us
e
rna
m
e
and
pa
ss
word
on
al
l
we
bs
it
es,
a
nd
this
is
their
weakn
ess
.
When
an
at
ta
cker
decr
y
pts
this
in
form
ation
into
a
plainte
xt,
the
at
ta
cker
can
use
that
us
er
na
m
e
and
pas
sw
ord
on
oth
e
r
we
bs
it
es,
there
by
i
m
per
so
na
ti
ng
t
he
r
igh
tf
ul
pe
rs
on
.
The
at
ta
cker
m
ay
gain
acce
ss
to
im
po
rtant
an
d
co
nf
i
den
ti
al
inf
or
m
at
ion
from
these we
bs
it
es if they
do
not ha
ve p
rofess
ion
al
data
protect
ion
sta
nd
a
r
ds
[
22, 23
]
.
This
researc
h
has
div
i
ded
the
ex
per
im
ental
m
et
ho
d
into
tw
o
par
ts
:
the
firs
t
par
t
is
the
sp
e
ed
te
st,
an
d
the
sec
ond
par
t
is
a
sec
ur
it
y
te
st
f
or
at
ta
ck
f
r
om
m
alici
ou
s
us
ers
.
I
n
t
his
e
xp
e
rim
ent,
we
app
li
ed
th
e
operati
ng
pr
i
nciple
of
m
at
hem
atical
equ
at
ions,
cal
le
d
XO
R
(
Exclusi
ve
-
OR
)
,
w
hic
h
was
us
e
d
as
the
key
t
o
t
he
desig
n
and
de
velo
pm
e
nt
of
al
gorithm
s
.
XO
R
was
use
d
to
desi
gn
th
e
eq
uations
f
or
the
cal
culat
io
n
of
t
he
3
e
qu
a
ti
ons
to
inc
rease
pa
sswor
d
secu
rity
.
The
first
e
qu
at
io
n
wa
s
t
he
e
quat
ion
t
o
fi
nd
the
rati
o
(
Sp
li
t
)
,
the
s
eco
nd
equ
at
io
n
was
the
eq
uatio
n
for
fi
nd
i
ng
the
num
ber
of
it
erati
on
s
(
Iterati
on
)
.
The
third
e
quat
io
n
wa
s
a re
placem
ent
equ
at
io
n
(
Re
place
).
The w
ork
ing
of the
wh
ole syst
e
m
is sh
own
in Fi
gure
1
.
S
t
a
rt
1
.
T
h
e
p
l
a
i
n
t
e
x
t
p
a
s
s
w
o
rd
w
a
s
i
n
p
u
t
.
2
.
A
h
a
s
h
fu
n
c
t
i
o
n
w
a
s
s
e
l
e
c
t
e
d
.
3
.
T
h
e
h
a
s
h
v
a
l
u
e
w
a
s
p
ro
d
u
c
e
d
.
4
.
S
X
R
a
l
g
o
ri
t
h
m
w
a
s
u
s
e
d
.
5
.
T
h
e
c
i
p
h
e
rt
e
x
t
w
a
s
o
b
t
a
i
n
e
d
h
e
re
.
S
t
o
p
Figure
1
.
Syst
e
m
w
or
kfl
ows
The wo
r
kf
lo
w of
syst
e
m
s
consi
st
ed
of f
i
ve
st
eps
,
see
Figure
1
.
The
f
irst st
e
p was
to
us
e
th
e p
ass
w
ord
in
the
plain
te
xt
f
orm
at
that
the
ge
ne
ral
public
c
ould
un
der
sta
nd
.
The
seco
nd
ste
p
w
as
to
sel
ect
a
has
h
functi
on
that
was
us
e
d
for
t
he
tr
a
nsfo
rm
ation
of
the
pas
swor
d
that
m
a
de
it
hu
m
an
-
re
adab
le
,
c
on
sist
ing
of
popula
r
al
gorithm
s,
su
ch
as
MD5,
S
HA1,
SHA2,
S
H
A224,
S
H
A25
6,
and
S
HA5
12
.
The
t
hird
ste
p
wa
s
the
res
ult
of
the
ha
sh
f
un
ct
i
on
f
or
m
at
that
hu
m
ans
do
not
unde
rsta
nd
.
With
eac
h
da
ta
passin
g
th
rou
gh
the
has
h
f
un
ct
i
on,
it
m
us
t
ha
ve
be
en
un
e
qual
an
d
had
s
pecif
ic
cha
racteri
sti
cs
.
The
re
su
lt
s
of
this
process
wer
e
cal
le
d
hash
va
lue
.
The
four
t
h
ste
p
was
t
he
intr
oductio
n
of
the
S
XR
al
gorithm
.
Th
e
al
gorithm
ha
s
been
pro
po
se
d
to
i
nc
rease
the
e
ff
ic
ie
ncy
of
th
e
ha
sh
val
ues.
T
he
y
wer
e
obta
ine
d
f
ro
m
the
pr
e
vious
ste
ps
t
o
m
ake
it
m
or
e
com
plex
.
The
detai
l
of
t
he
w
ork
proce
ss
is
ex
plaine
d
in
Fig
ure
2
.
The
la
st
ste
p
wa
s
the
res
ults
ob
ta
ined
thr
ough the
S
X
R al
gorithm
.
This in
form
at
ion
w
as
uniq
ue
a
nd c
ou
l
d
no
t
be c
al
culat
ed bac
kw
a
r
d
.
The
S
XR
al
gorithm
was
us
e
d
t
o
inc
rease
the
ef
fici
ency
of
t
he
has
h
valu
es
,
s
ee
Fig
ur
e
2
.
First
ste
p
,
the
pass
w
ord
was
us
ed
t
hro
ugh
t
he
has
h
f
unct
ion
.
Fo
r
e
xam
ple,
the
use
r
nam
e
was
“
Jakk
a
1b
2
”
and
the
passwo
rd
was
“
Po
l
pong
”
after
pa
ssin
g
t
he
has
h
f
unct
ion
with
th
e
MD
5
al
go
rithm
,
the
res
ult
wa
s
“
f75
40
c
6248
9302e
-
37
5e48c
6e66
70f
6f2
”.
To
c
reate
t
he
secret
key,
t
he
first
4
ch
arac
te
rs
of
the
pa
sswor
d
“
Po
lp
”
a
nd
t
he
la
st
4
cha
rac
t
ers
of
t
he
us
e
r
nam
e
“
a1b2
”
wer
e
us
ed
t
o
ge
ner
at
e
the
sec
ret
key
“
a1
b2Po
lp
”.
Seco
nd
ste
p
,
t
he
sec
ret
key
was
c
onfi
gure
d
t
o
be
us
e
d
t
o
cal
culat
e
the
r
at
io
(
sect
ion
3
.
1
)
,
and
the
nu
m
ber
of
it
erati
on
s
(
sect
ion
3
.
2
)
was
us
e
d
in
the
pr
ocessin
g
.
Thi
r
d
ste
p
,
the
fir
st
equ
at
io
n
w
as
us
e
d
to
cal
culat
e
the r
at
io
(
90
%)
an
d
the
sec
ond
e
qu
at
io
n
t
o
c
al
culat
e the
num
ber
o
f
it
erati
on
s
(
27,
548
).
Evaluation Warning : The document was created with Spire.PDF for Python.
In
t J
Elec
&
C
om
p
En
g
IS
S
N: 20
88
-
8708
Auth
e
nticati
on
and p
as
swo
rd
storin
g
im
prov
emen
t
us
i
ng
...
(
Jakkap
ong Pol
pong)
6585
S
t
a
rt
1
.
T
h
e
p
a
s
s
w
o
rd
w
a
s
u
s
e
d
t
h
ro
u
g
h
t
h
e
h
a
s
h
f
u
n
c
t
i
o
n
.
2
.
T
h
e
s
e
c
re
t
k
e
y
w
a
s
c
o
n
fi
g
u
re
d
.
3
.
T
h
e
ra
t
i
o
a
n
d
t
h
e
n
u
m
b
e
r
o
f
i
t
e
ra
t
i
o
n
s
w
e
re
c
a
l
c
u
l
a
t
e
d
fro
m
t
h
e
s
e
c
re
t
k
e
y
.
4
.
T
h
e
h
a
s
h
v
a
l
u
e
w
a
s
d
i
v
i
d
e
d
i
n
t
o
t
w
o
p
a
rt
s
b
a
s
e
d
o
n
t
h
e
ra
t
i
o
v
a
l
u
e
.
5
.
T
h
e
t
w
o
s
e
g
m
e
n
t
h
a
s
h
e
d
v
a
l
u
e
s
w
e
re
X
O
R
t
o
t
h
e
l
a
s
t
i
t
e
ra
t
i
o
n
s
.
S
t
o
p
6
.
T
h
e
v
a
l
u
e
o
f
t
h
e
fi
rs
t
p
a
rt
w
i
t
h
t
h
e
s
e
c
o
n
d
p
a
rt
w
a
s
c
o
m
b
i
n
e
d
a
n
d
s
a
v
e
d
i
t
t
o
t
h
e
d
a
t
a
b
a
s
e
.
Figure
2
.
SX
R
al
gorithm
w
orkf
l
ow
In
the fo
ur
t
h
ste
p,
the
hash
va
lue w
as d
i
vid
e
d
into tw
o
pa
rts b
ased
on
t
he
values ob
ta
ine
d
in the th
i
r
d
ste
p
.
For
e
xam
ple,
th
e
cal
cul
at
ed
rati
o
wa
s
90
%
of
t
he
ha
sh
value
“
f7540c62
489302e
375e
48c6e
6670
f6f2
”
.
The
90
%
rati
o
would
di
vid
e
“
F7540c
62489302e
375e
48
c
6e
6670
|
f
6f2
”
and
t
hen
bri
ng
t
he
di
vid
e
d
values
t
o
m
ov
e
the
bit
in
the
m
idd
le
by
m
ov
ing
f
ro
m
righ
t
to
l
eft
.
The
res
ult
would
be
“
02e3
75e4
8c
6e6670
|
f6f2f
7540c6
24
893
”
a
nd
the
n
“
02
e
375e
48c6e66
70
”.
Thi
s
r
esult
was
assigne
d
as
t
he
first
par
t,
wh
il
e
“
f6f2f
7540c6
2489
3
”
was
the
seco
nd
par
t
t
o
be
use
in
the
ne
xt
ste
p
.
To
c
r
eat
e
the
ne
w
pa
sswor
d,
t
he
a
uthors
us
e
d
both
valu
es
from
the
four
t
h
ste
p
t
o
cal
culat
e
by
usi
ng
the
SX
R
e
qu
at
ion
(
sect
ion
3
.
3
)
w
hich
perform
ed
al
l
cal
culat
ion
s
accor
di
ng
t
o
t
he
nu
m
ber
of
i
te
rati
on
s
obta
ined
f
ro
m
the
it
erati
on
s
e
quat
ion
i
n
the
fift
h
ste
p
.
The
la
st
ste
p
was
to
colla
te
the
res
ults
of
the
cal
culat
io
ns
from
the
fifth
ste
p
by
c
om
bin
ing
the
va
lue
of
the f
ir
st pa
rt w
i
th the se
co
nd
pa
rt and sa
ve
d
it
to
the
d
at
a
bas
e
.
3
.
1
.
R
at
i
o
e
qu
at
i
on
The
rati
o
(
1
)
is
the
equ
at
ion
us
ed
to
determ
ine
the
rati
o
of
the
passw
or
d
ob
ta
ined
fr
om
the
cal
culat
ion
w
it
h
the h
ash
fu
nction
.
Th
e resu
lt
was
div
ided
into two
p
arts as f
ollow
s
:
[
(
(
ind
e
x
[
0
]
⨁
ind
e
x
[
4
])
+
128
)
* (
(
ind
ex
[
1
]
⨁
ind
e
x
[
5
])
+
128
)
]
m
od
9
9
=
rati
o
(
1
)
wh
e
re
Inde
x
[
0
]
:
the posit
io
n of
the f
ir
st
cha
rac
te
r
of the
secr
e
t key
Inde
x
[
4
]
:
the posit
io
n of
the 5
th
cha
racter
o
f
t
he
sec
ret
key
Inde
x
[
1
]
:
the posit
io
n of
the 2
nd
cha
racter
of
t
he
sec
ret
k
ey
Inde
x
[
5
]
:
the posit
io
n of
the 6
th
cha
racter
of
t
he
sec
ret
key
128
:
to inc
rease t
he si
ze of the
bits
in 1 cha
racter
to
the
size i
n t
he
b
ina
ry
nu
m
ber
r
a
nge
000000
00
-
1111
11
11
(
0
-
255
)
Mod
99
:
to d
et
e
rm
ine the r
at
io i
n
the
gr
oup
t
o be in
th
e ra
ng
e
0
–
99
%
To
cal
culat
e
rati
o
,
the
autho
rs
us
ed
the
secret
key
(“
a1b
2P
olp
”
)
of
us
ern
am
e
and
passw
or
d
.
Thu
s,
the
rati
o
equ
at
ion
w
as
[((
a
⨁
P
)
+
128
)
*
((
1
⨁
o
)
+
128
))]
m
od
9
9
=
rati
o,
the r
at
io o
f
this equ
at
ion
w
as 9
0
%.
3
.
2
.
Iter
ati
ons e
qu
at
i
on
The e
qu
at
ion
fo
r
find
ing
the n
um
ber
of
it
erati
on
s
(
2
)
is t
he e
qu
at
ion
us
ed
to d
et
erm
ine the n
um
ber
o
f
it
erati
on
s
.
C
al
culat
ing
the p
asswo
rd
g
ener
a
ti
on
o
f
new
h
ash
values
cou
ld b
e p
erf
or
m
ed
as f
ollow
s
:
[
(
(
ind
e
x
[
2
]
⨁
ind
e
x
[
6
])
+
128
)
* (
(
ind
ex
[
3
]
⨁
ind
e
x
[
7
])
+
128
)
]
=
it
eratio
n
(
2
)
wh
e
re
Inde
x
[
2
]
:
the posit
io
n of
the 3
rd
cha
racte
r
of
t
he
sec
ret
key
Inde
x
[
6
]
:
the posit
io
n of
the 7
th
cha
rac
te
r
of
t
he
sec
ret
key
Inde
x
[
3
]
:
the posit
io
n of
the 4
th
cha
racter
of
t
he
sec
ret
key
Inde
x
[
7
]
:
the posit
io
n of
the 8
th
cha
racter
of
t
he
sec
ret
key
128
:
to
inc
rease
the
siz
e
of
the
bi
ts
in
1
c
ha
racter
to
the
siz
e
in
the
bi
nar
y
nu
m
ber
0000
0000
-
11
1111
11
(
0
-
255
)
Evaluation Warning : The document was created with Spire.PDF for Python.
IS
S
N
:
2088
-
8708
In
t J
Elec
&
C
om
p
En
g,
V
ol.
10
, No
.
6
,
Dec
e
m
ber
2020
:
6582
-
6591
6586
W
it
h
the
nu
m
ber
of
it
erati
on
s
,
it
was
ver
y
li
kely
that
the
rati
oo
f
the
it
erati
on
equ
at
ion
was
[((
b
⨁
l
)
+
128
)
*
((
2
⨁
p
)
+
128
))
]
=
it
erati
on
, th
e it
erati
on
o
f
this equ
at
ion
w
as
27
,5
48
.
3
.
3
.
S
X
R
e
qu
at
i
on
The
equ
at
ion
fo
r
SX
R
(
3
)
is
the
equ
at
ion
us
ed
to
cal
culat
e
ha
sh
values
with
the
XO
R
op
erator
com
bin
ed
with m
ov
ing
the b
it
to
the r
igh
t as fo
ll
ow
s
:
X
i1
⨁
X
j1
=
X
ij1
X
ij1
S
hift left i
%
m
ax
ind
e
x X
ij1
*
i
1
=
X
y1
X
i1
⨁
X
y1
=
X
i2
X
j1
⨁
X
y1
=
X
j2
[ (
X
i2
⨁
X
y1
)
⨁
(
X
j2
⨁
X
y1
)
]
*
i
2
=
X
ij2
X
ij2
S
hift left i
%
m
ax
ind
e
x X
ij2
*
i
2
=
X
y2
X
i2
⨁
X
y2
=
X
i3
X
j2
⨁
X
y2
=
X
j3
[
(
X
i3
⨁
X
y2
)
⨁
(
X
j3
⨁
X
y2
)
]
*
i
3
=
X
ij3
X
ij3
S
hift left i
%
m
ax
ind
e
x X
ij3
*
i
3
=
X
y3
:
:
:
[ (
X
in
-
1
⨁
X
yn
-
1
)
⨁
(
X
jn
-
1
⨁
X
yn
-
1
) ]
*
i
n
-
1
=
X
ijn
X
ijn
S
hift left i
%
m
ax
ind
e
x X
ijn
*
i
n
=
X
yn
(
3
)
wh
e
re
X
i
:
the v
al
ue o
btaine
d from
the divisi
on of
half fr
om
the f
irst
pa
rt of the
(
1
)
X
j
:
the v
al
ue o
btained fr
om
the divisi
on of
half fr
om
the secon
d part
of the
(
1
)
i
:
the v
al
ue o
btained fr
om
calc
ulati
ng
t
he n
um
ber
o
f
it
erati
on
s
fro
m
the
(
2
)
The SXR
equ
at
ion
fo
r
cal
culat
ing
t
he
new
p
asswo
rd
w
it
h
the r
at
io an
d
the n
um
ber
o
f
it
erati
on
s w
er
e
dev
ided
into
two
equ
at
ion
s
.
The
X
i1
was
the
first
par
t,
the
X
j1
was
the
secon
d
par
t
and
the
i
was
def
ined
by
the
nu
m
ber
of
it
erati
on
s
.
Fo
r
exam
ple,
if
the
hash
value
that
div
ided
by
the
rati
o
was
“
02
e37
5e4
8c6
e66
70
-
f6f2f754
0c624893
”
,
the
X
i1
of
this
hash
value
was
“
02
e37
5e4
8c6
e66
70
”
,
the
X
j1
of
this
hash
value
was
“
f6f2f754
0c624893
”
and
the
i
was
“
27
,5
48
”
.
Then
,
the
two
values
wer
e
arr
ang
ed
tog
et
her
(
X
yn
and
X
in
-
1
)
,
wh
ic
h
resu
lt
in
the
new
pas
swo
rd
of
this
hash
value
wh
ic
h
was
“
ec96
2b
45
38
afab
7c6
69
71
83
9e6
62
9ef
9
”
and
it
w
as k
ept in th
e d
at
abase
as
dep
ic
te
d
in
(
4
)
.
02
e
375e
48c6e
6670
⨁
f6f2f
7540c6
24
893
=
f41
182b08
00
c
2ee3
f41
182b08
00
c
2ee3 S
hift left
1
%
m
ax
ind
ex
16
*
1
=
41182b
0800c2
ee3f
02
e
375e
48c6e
6670
⨁
41182b
0800c2
ee3f
=
43f
b5
eec
8cac
884f
f6f2f
7540c6
24
893
⨁
41182b
0800c2
ee3f
=
b7
ea
dc
5c0
c
a0a
6ac
[ (
43f
b5eec8ca
c884
f
⨁
41182b
080
0c2ee3f
)
⨁
(
f6
f
2f7
540c
624893
⨁
41182b
0800c2
ee3f
)
]
*
2
=
16
a
13
537101
9d81b
16
a
1353
71019d81
b
S
hift left
2
%
m
ax
ind
ex
16
*
2
=
1426a6e
2033
b036
2
:
:
:
[ (
X
in
-
1
⨁
X
yn
-
1
)
⨁
(
X
jn
-
1
⨁
X
yn
-
1
) ]
*
i
n
-
1
=
X
ijn
X
ijn
S
hift left i
%
m
ax
ind
e
x X
ijn
*
27,
548
=
X
yn
(
4
)
4.
RESU
LT
S
AND
DI
SCUS
S
ION
The
pr
op
os
ed
SX
R
al
go
rithm
with
hash
fu
nction
was
evaluated
in
two
aspects
:
pr
ocessing
ti
m
e
and
at
ta
ck
resist
ance
.
Fo
r
the
exp
erim
ent,
the
po
pu
la
r
passw
or
ds
of
20
18
and
the
te
st
set
4
fo
rm
s
w
ere
util
iz
ed
.
The
evaluati
on
was
div
ided
into
five
par
ts
.
The
first
par
t
was
data
us
ed
in
per
fo
rm
ance
te
sti
ng
.
The
secon
d
par
t
was
per
fo
rm
ance
evaluati
on
.
The
third
par
t
was
com
par
ison
of
the
eff
ect
iveness
of
resist
ance
to
at
ta
ck
.
The
fo
ur
th p
art was
col
li
sion
eff
ic
ie
ncy com
par
ison
.
The
fifth
par
t was ap
plica
ti
on
o
f
the SX
R al
go
rithm
.
4
.
1
.
Da
t
as
e
t a
nd
e
xp
eri
men
t
se
tt
in
g
Fo
r
t
he
e
xp
e
rim
ent,
the
data
con
sist
ed
of
f
ive
f
or
m
s
ref
e
ren
ce
d
f
r
om
t
he
resea
rc
h
on
“
Passwor
d
Entr
op
y
an
d
Passwor
d
Q
ua
li
ty
”
[
24
]
a
nd
the
oth
e
r
f
our
f
or
m
s
wh
ic
h
c
onsist
ed
of
t
he
fir
st
f
or
m
(
te
st
set
1
)
was
a
po
pu
l
ar
ye
ar
20
18
[
25
]
,
seco
nd
form
(
te
st
set
2
)
al
l
low
e
rcase
c
ha
racter
s
Evaluation Warning : The document was created with Spire.PDF for Python.
In
t J
Elec
&
C
om
p
En
g
IS
S
N: 20
88
-
8708
Auth
e
nticati
on
and p
as
swo
rd
storin
g
im
prov
emen
t
us
i
ng
...
(
Jakkap
ong Pol
pong)
6587
(
abcd
ef
ghij
klm
nopqr
-
stu
vwxy
z
)
,
third
form
(
te
st
set
3
)
al
l
uppe
rcase
c
har
act
er
s
(
ABCDEF
GHI
JKLMN
OPQR
STUV
WXYZ
)
,
f
ourth
f
orm
(
te
st
set
4
)
al
l
al
ph
an
um
eric
ch
aracte
rs
(
01234567
890
)
,
an
d
fifth
f
or
m
(
te
st
set
5
)
,
c
har
act
e
r
s
m
ixed
bet
we
en
form
1
-
4
t
og
et
her
with
sp
eci
al
char
act
e
rs
(!
@
#
$
%
^
&
*
()
_
+
[]:
<>?
)
,
a
s
sho
wn
in
Ta
ble
1
.
All
the
e
xperim
ents
we
re
car
ried
out
us
i
ng
a
des
ktop
com
pu
te
r
.
The
s
pe
ci
ficat
ion
was
In
te
l
C
or
e
i7
3
.
4
GH
z
with
32
GB
R
AM
.
The
pro
pose
d
te
c
hn
i
que
was
im
ple
m
e
nted
in
Pyt
hon3
.
T
he
e
ff
i
ci
ency
of
t
he
al
gorithm
was
te
ste
d
by
com
par
ing
be
tween
the
tradit
io
nal
has
h
f
un
ct
io
ns,
includi
ng
M
D
5,
S
H
A1,
SHA
256
a
nd
SHA
512,
an
d
the
has
h
f
un
ct
i
on
t
hat
us
e
d
the S
XR alg
or
i
thm
.
Table
1
.
E
xam
ples
of
pass
w
ords
for t
est
set
1
-
5
Test set 1
Test set 2
Test set 3
Test set 4
Test set 5
1
2
3
4
5
6
v
y
o
n
iu
rxh
sld
EWHLSBR
W
G
1
6
4
7
3
9
3
6
3
4
2
1
iq
C
-
NXrQ
p
ass
wo
rd
o
rpctieq
jf
wc
KUOHD
LH
MF
5
7
2
8
9
2
2
8
srv
Yo
C;b
X
[=
R
1
2
3
4
5
6
7
8
9
ea
m
w
y
u
wwt
IGRVY
EPT
AK
5
5
6
1
3
0
7
4
6
9
7
4
0
|
O
=
-
=
M4f
1
2
3
4
5
6
7
8
lcq
wjjlh
k
ljb
NXKI
VHI
XH
1
5
5
3
9
6
5
3
8
6
0
#
m
#
y
-
?
^6O4
1
2
3
4
5
u
f
shblrh
b
f
STT
Y
W
U
ZQ
4
5
6
7
7
9
2
8
g
P5
/*
OJGy
U
4
.
2
.
Perfo
rm
an
ce e
valua
tio
n
The
pe
r
form
ance
evaluati
on
was
di
vid
e
d
in
to
two
par
ts
.
The
fi
rst
pa
rt
was
the
siz
e,
t
he
num
ber
of
bits
that
hav
e
com
e
ou
t
f
ro
m
the
norm
al
process
a
nd
the
SX
R
al
gorith
m
i
m
p
leme
ntatio
n
.
Seco
nd
pa
rt
was
a com
par
iso
n o
f
the
tim
e sp
en
t i
n
the
proce
ss
b
et
wee
n n
or
m
al
an
d t
hro
ugh
the S
XR alg
or
i
thm
.
Exam
ples u
se
d i
n per
form
ance test
ing
i
nclu
de
Usernam
e
:
Cha
nG
a
1b2
Passwor
d
:
Jak
ka
pong
Ra
m
ark
:
The
resu
lt
s
wer
e
in d
iffer
ent f
on
t
siz
es accor
din
g
to each
al
go
rithm
.
The
secon
d
m
et
ho
d
was
a
m
et
ho
d
of
SX
R
al
go
rithm
that
us
ed
the
a1b
2J
akk
as
a
secret
cod
e
to
increase
the
eff
ic
ie
ncy
of
the
passw
or
d
.
It
can
be
seen
that
the
hash
values
ob
ta
ined
fr
om
bo
th
fo
rm
s
gen
erated
diff
eren
t
fo
nt
s
iz
es
.
The
ou
tpu
t
value
of
each
char
act
er,
thu
s,
is
diff
eren
t
.
It
was
fo
un
d
that
the
aver
age
ti
m
e
of
the
tradit
ion
al
hash
fu
nction
was
0
.
00004001
-
0
.
00
01
56
secon
ds
fr
om
the
MD5,
SH
A1
,
SH
A2
56
and
SH
A5
12
al
go
rithm
s
.
As
fo
r
the
hash
fu
nction
that
has
been
enh
a
nced
with
the
SX
R
al
go
rithm
,
it
w
as
fo
un
d
that
the av
erag
e
ti
m
e
ta
ken
fr
om
fo
ur
al
go
rithm
s
is 0
.
00
23
08
to
0
.
01
56
32
secon
ds
.
Exp
erim
ental
resu
lt
s
sh
ow
ed
that
the
tradit
ion
al
hash
fu
nction
too
k
le
ss
ti
m
e
to
per
fo
rm
than
the
hash
fu
nction
that
has
been
enh
an
ced
by
the
SX
R
al
go
rithm
,
wh
ic
h
sp
ent
app
ro
xim
at
el
y
50
ti
m
es
lon
ger
.
This
m
eans
tradit
ion
al
hash
fu
nctions
hav
e
go
od
per
fo
rm
ance
in
te
rm
s
of
op
erati
on
al
ti
m
e
.
Moreo
ver
,
in
the
te
st
of
the
ti
m
e
sp
ent
in
pr
ocessing
,
resu
lt
s
are
le
ss
than
0
.
1
secon
ds
[
26
]
.
In
te
rm
s
of
act
ual
us
age,
hu
m
ans
will
no
t
reali
ze
the
diff
eren
ce in the p
ro
cessi
ng
ti
m
e
.
T
h
e
r
e
s
u
l
t
s
a
r
e
s
h
o
w
n
i
n
T
a
b
l
e
2
.
Table
2
.
E
xam
ples
of
has
h va
lue
s
ob
ta
ine
d f
ro
m
trad
it
ion
al
m
e
tho
ds a
nd the
SX
R
alg
or
it
hm
Alg
o
rith
m
s
Hash
Or
ig
in
al
Hash
Or
ig
in
al
+
SXR
Hash
Or
ig
in
al
(
s
)
Hash
Or
ig
in
al
+
SXR
MD5
ab
5
2
4
a4
d
eecaa19
f54
9
9
4
5
4
c
9
d
2
2
1
f
2
9
5
d
7
2
9
2
5
1
d
c6
d
d
cef34
9
3
f
3
8
2
c2
c7
f
c2
e
0
.
0
0
0
0
4
0
0
1
0
.
0
02308
SHA1
d
a8
ead9
e6
f
7
f
ea38cc
b
b
aa62
af
2
6
2
6
0
e
2
a1
fb4
ca
c5
3
2
a0
7
f
0
a0
5
3
4
9
c
3
1
a4
cb
4
9
e7
8
2
7
5
5
9
0
e
b
b
d
8
4
f
0
.
0
0
0
0
76
0
.
0
02764
SHA2
5
6
1
9
a9
d
7
2
d
b
1
7
0
c3
5
aaf
9
5
5
ccf8e
2
7
b
5
2
1
3
0
9
0
9
b
9
d
f43
0
0
d
e9
2
9
3
ab
1
f
4
a
7
b
d
4
5
b
3
5
b
c7
c2
2
c0
f
ec2ab8
9
5
aaf
7
a6
f
1
f
8
1
ea83
0
8
8
d
7
c7
6
3
f68
6
0
4
cf
3
1
d
e9
7
5
6
a0
5
c3
2
0
.
00
01
0
.
0
05514
SHA5
1
2
0
e7
2
6
2
e2
0
9
7
6
cc7
5
6
6
4
6
ab
cad1
3
0
8
9
d
5
c3
4
0
5
2
4
4
b
f
0
1
d
d
1
ed
6
1
c
e3
5
2
2
4
b
9
d
8
e1
0
4
c8
6
6
3
f
d
2
1
1
f
1
3
2
7
7
3
8
ed
c8
1
8
f
9
d
1
8
8
a8
cc7
f
2
d
caecbe4
3
8
3
9
0
6
6
c4
c8
2
7
b
8
8
f
cf
9
1
7
f
3
d
f41f
6
1
2
a6
7
c2
a4
d
6
3
6
b
b
0
8
1
0
4
c0
d
d
aab0
2
e5
8
1
2
2
9
8
4
6
3
b
ce2b
4
8
0
6
9
9
3
f
9
6
1
9
7
6
9
e4
eb
2
b
6
6
e5
e1
9
1
6
1
5
5
7
7
d
ea9d
a1
7
5
2
3
2
6
3
4
ab
d
ccf67
8
2
0
3
c8
7
5
3
5
6
0
0
.
00
0156
0
.
0
15632
4
.
3
.
Co
mp
ari
so
n
of the e
ff
e
ctivenes
s
of
re
sista
nc
e t
o a
ttack
This
resea
rch
com
par
e
d
the
resist
ance
agai
ns
t
at
ta
ck
between
tra
diti
onal
hash
al
gorithm
s
and
has
h
al
gorithm
s
that
enh
ance
d
se
cur
it
y
with
th
e
SX
R
al
gorithm
by
co
m
pa
rin
g
the
resist
ance
to
at
ta
ck
with
Dict
ion
a
ry
at
ta
ck,
B
ru
te
-
f
or
ce
an
d
Bi
rth
day
at
ta
ck
.
T
his
at
ta
ck
-
resist
ance
perform
ance
exp
e
rim
ent
was
te
ste
d
by
us
i
ng
the
100
pa
sswor
ds
that
we
re
e
ncr
y
pted
with
t
rad
i
ti
on
al
ha
sh
f
unct
ion
s
a
nd
has
h
functi
ons
tha
t
ha
ve
been en
ha
nce
d wit
h
t
he
S
XR
al
gorithm
is sh
own
i
n
Ta
ble
3
.
Evaluation Warning : The document was created with Spire.PDF for Python.
IS
S
N
:
2088
-
8708
In
t J
Elec
&
C
om
p
En
g,
V
ol.
10
, No
.
6
,
Dec
e
m
ber
2020
:
6582
-
6591
6588
Table
3
.
Com
par
iso
n of t
he
e
f
fici
ency o
f resi
sta
nce a
gainst
Brute
-
force a
nd
Dict
ion
a
ry att
ack in
test
set
1
–
5
Alg
o
rith
m
s
Hash
Or
ig
in
al
+
SXR
(
test set 1
)
Hash
Or
ig
in
al
+
SXR
(
test set 2
)
Hash
Or
ig
in
al
+
SXR
(
test set 3
)
Hash
Or
ig
in
al
+
SXR
(
test set
4
)
Hash
Or
ig
in
al
+
SXR
(
test set 5
)
MD5
0
%
0
%
0
%
0
%
0
%
SHA1
0
%
0
%
0
%
0
%
0
%
SHA2
5
6
0
%
0
%
0
%
0
%
0
%
SHA5
1
2
0
%
0
%
0
%
0
%
0
%
The
ex
pe
rim
en
t
resu
lt
in
Tabl
e
3
sho
ws
the
com
par
ison
of
the
eff
ect
ive
ne
ss
of
resist
an
ce
to
at
ta
ck
with
Br
ute
-
for
ce
an
d
Dict
io
nar
y
at
ta
ck
i
n
tradit
iona
l
ha
sh
al
go
rithm
s,
an
d
ha
sh
al
gorithm
s
that
enh
a
nce
d
secur
it
y wit
h
t
he
SX
R
al
gorit
hm
of
te
st
set
1
to
5
.
The
res
ul
t
showe
d
0
%
in
al
l
e
xperim
e
nts b
eca
us
e
t
he
us
a
ge
of
pass
w
ords
and
secret
ke
y
to
m
ake
the
at
ta
ck
te
ch
ni
qu
es
a
nd
m
eth
ods
c
urre
ntly
unable
to
cal
culat
e
the d
ec
odin
g
.
In
ad
diti
on,
th
e
res
ults
f
ro
m
the
S
XR
al
gorithm
had
th
e
sam
e
siz
e
and
f
or
m
at
as
the
no
rm
al
encr
y
ption
m
et
hods
.
It
was
even
dif
ficult
to
cal
culat
e
th
e
has
h
val
ue
of
t
hat
data
.
Th
us
,
the
dec
r
ypti
ng
m
et
ho
d
of
th
e
SX
R
al
gori
thm
cou
ld
be
achieve
d
by
creati
ng
a
ne
w
al
go
rithm
.
In
or
der
t
o
enter
the
inf
orm
ation
use
d
t
o
fi
nd
the
ha
sh
valu
e,
it
m
us
t
consi
st
of
tw
o
vari
ables,
pa
sswo
rd
s
a
nd
sec
ret
co
de
s
wh
ic
h
is
the
r
equ
i
rem
ent
to
be
searc
he
d
usi
ng
Br
ute
-
for
ce
te
ch
nique
.
The
ef
fici
ency
of
dec
ryptin
g
usi
ng
the Br
ute
-
f
orce
att
ack ca
n be
pr
ese
nted
as t
he
Bi
g O
no
ta
ti
on
as foll
ows
:
O
(
n
2
)
(
5
)
Fr
om
the
(
5
)
,
the
value
O
(
n
2
)
is
der
ived
fr
om
the
Brute
-
fo
rce
of
the
SX
R
al
go
rithm
wh
ic
h
has
the f
ollow
ing
steps
:
Notatio
n
:
has
h
P
:
Has
h value
of the
pass
wor
d
t
hat the att
ac
ker desire
s to
sear
ch fr
om
the S
X
R al
gorithm
P
bf
:
The pass
w
ord
assig
ned b
y t
he
att
acker
t
o
th
e init
ia
l value
of the B
ru
te
-
f
orce
P
ld
:
Passwo
rd
li
st t
hat the att
acker
assigns
as a s
ear
ch
value
with the D
ic
ti
on
ary at
ta
ck
SC
bf
:
The
sec
ret c
ode assi
gn
e
d by
the att
acker
to t
he
init
ia
l valu
e of the
Br
ute
-
f
or
ce
SX
R
h
:
The res
ults from
ap
plyi
ng
t
he
P
bf
an
d SC
bf
var
ia
bles are
c
al
culat
ed
th
rou
gh
(
1
)
-
(
3
)
.
Algorithm
1
:
Brute
-
f
or
ce
SX
R
V
e
rificat
ion
Input
:
a hashed password hash P
a start password brute
-
fo
rc
e
P
bf
a start secret key SC
bf
Output
:
true or false
Start
1
:
P
bf
char
(
00000000
)
2
:
SC
bf
char
(
0000
)
3
:
while
(
ha
sh
P
=!
SXR
h
)
do
4
:
P
bf
P
bf
+
1 bit
5
:
for
(
i
0; i <
=
127
8
; i
++
)
{
6
:
SC
bf
SC
bf
+
1 bit
7
:
SXR
h
SXRfunction
(
P
bf
, SC
bf
)
8
:
if
(
SXR
h
=
hash P
)
then
9
:
return true
10
:
end if
11
:
end for
12
:
end while
Stop
The
Brute
-
fo
rce
SX
R
Ver
ific
at
ion
was
an
al
go
rithm
fo
r
cal
culat
ing
the
plainte
xt
of
passw
or
ds
and
secret
cod
es
.
The
at
ta
cker
wo
uld
br
ing
the
hash
value
fr
om
the
at
ta
ck
(
hash
P
)
to
find
the
plainte
xt
of
the
passw
or
d
and
secret
cod
e
in
the
Brute
-
fo
rce
m
et
ho
d,
by
assignin
g
the
passw
or
d
fr
om
8
to
12
dig
it
s
.
The
init
ia
l
value
of
the
first
loo
p
is
00
00
00
00
and
plu
s
1
bit
each
fo
r
the
nex
t
loo
p
.
Then
set
the
value
of
the
secret
cod
e
to
4
to
8
dig
it
s,
sta
rting
at
00
00
in
the
first
loo
p,
and
plu
s
1
bit
each
of
the
nex
t
loo
p
.
The
passw
or
d
and
secret
cod
es
con
sist
ed
of
nu
m
ber
s,
char
act
ers,
sp
eci
al
char
act
ers
that
are
al
l
po
ssible
in
the
ran
ge
of
4
to
8
char
act
ers
.
The
resu
lt
was
the
passw
or
d
(
P
bf
)
and
the
secret
cod
e
(
SC
bf
).
The
dicti
on
ary
Evaluation Warning : The document was created with Spire.PDF for Python.
In
t J
Elec
&
C
om
p
En
g
IS
S
N: 20
88
-
8708
Auth
e
nticati
on
and p
as
swo
rd
storin
g
im
prov
emen
t
us
i
ng
...
(
Jakkap
ong Pol
pong)
6589
at
ta
ck
m
et
ho
d
was
the
def
ault
wo
rd
li
st
to
search
fo
r
the
hash
value
to
find
the
secret
cod
e
resu
lt
s
fr
om
the SX
R al
go
rithm
.
Algori
thm
2
:
Dict
ion
a
ry att
ack SXR
Ver
i
ficat
ion
Input
:
a hashed password hash P
a start password lists of dictionary attack P
ld
a start secret key SC
bf
Output
:
true or false
Start
1
:
P
ld
password list
2
:
SC
bf
char
(
0000
)
3
:
i
0
4
:
while
(
i
<
P
ld
.
size
)
do
5
:
for
(
j
0; j <
=
127
8
; j
++
)
do
6
:
SC
bf
SC
bf
+
1 bit
7
:
SXR
h
SXRfunction
(
P
ld
.[
i
]
, SC
bf
)
8
:
if
(
SXR
h
=
hash P
)
then
9
:
return true
10
:
end if
11
:
i
+=
1
12
:
end for
13
:
end while
14
:
return false
Stop
Fr
om
the
Dict
ion
ary
at
ta
ck
SX
R
Ver
ific
at
ion
al
go
rithm
,
cal
culat
ing
the
plainte
xt
value
of
the
secret
cod
e
by
the
at
ta
cker
cou
ld
br
ing
the
hash
value
fr
om
the
at
ta
ck
(
hash
P
)
to
find
the
plainte
xt
value
of
the
secret
cod
e
us
ing
dicti
on
ary
at
ta
ck
by
com
par
ing
the
value
fr
om
the
pas
swo
rd
li
st
by
passw
or
d,
find
the
secret
cod
e
in
the
sam
e
way
as
Brute
-
fo
rce
m
et
ho
d
.
The
resu
lt
was
a
passw
or
d
(
P
ld
)
and
a
secret
cod
e
(
SC
bf
).
Then
,
the
pr
ocessing
ti
m
e
du
ring
the
at
ta
ck
had
been
analy
zed
as
ado
pted
fr
om
the
m
et
ho
d
of
W
enj
ia
n
Luo
[
27
]
,
as sh
ow
n
in Tab
le
4
.
Notatio
n
:
•
N
d
:
the num
ber
of
el
e
m
ents in
a
pa
sswor
d
li
st;
•
N
sc
:
the num
ber
of
el
e
m
ents in
a s
ecret key l
ist
;
•
N
p
:
th
e num
ber
of
pass
words to
be crac
ked
;
•
T
h
:
the tim
e sp
ent
on ex
ec
utin
g
a
crypto
gr
a
phic
has
h
f
unct
ion
;
•
T
ks
:
the tim
e sp
ent
on ex
ec
utin
g
a
key stretc
hi
ng
al
gorithm
;
•
T
sxr
:
the tim
e sp
ent
on ex
ec
utin
g
a
SX
R al
gorithm
;
•
T
m
_hash
:
the tim
e sp
ent
on
dete
rm
ining
whethe
r
tw
o h
ash values
m
atch
;
•
T
m
_ks
:
the
ti
m
e
sp
ent
on
determ
ining
wh
et
her
tw
o
pass
w
ords
e
nhance
d
by
a
ke
y
stret
chin
g
a
lgorit
hm
m
at
ch;
Table
4
.
The
C
om
par
ison o
f
a
tt
ack co
m
plexity
Sch
e
m
es
Ti
m
e
co
m
p
lex
it
y
Hash
ed
pas
swo
rd
O
(
N
d
*
N
p
* (
T
h
+
T
m
_
h
as
h
))
Salted
pas
swo
rd
O
(
N
d
*
N
p
* (
T
h
+
T
m
_
h
as
h
))
Key
st
retchin
g
O
(
N
d
*
N
p
* (
T
ks
+
T
m
_
k
s
))
SXR
(*
p
rop
o
sed
al
g
o
rith
m
)
O
(
N
d
*
N
sc
*
N
p
* (
T
h
+
T
s
x
r
+
T
m
_
h
as
h
))
T
a
b
l
e
4
h
i
g
h
t
l
i
g
h
t
e
d
t
h
a
t
t
h
e
S
X
R
m
e
t
h
o
d
i
s
m
o
r
e
s
e
c
u
r
e
i
n
p
r
e
v
e
n
t
i
n
g
d
i
c
t
i
o
n
a
r
y
a
t
t
a
c
k
t
h
a
n
o
t
h
e
r
m
e
t
h
o
d
s
.
I
n
c
l
u
s
i
v
e
l
y
,
t
h
e
e
q
u
a
t
i
o
n
b
y
a
d
d
i
n
g
1
m
o
r
e
s
e
c
r
e
t
c
o
d
e
i
s
c
o
n
s
i
d
e
r
e
d
t
h
e
s
t
r
e
n
g
t
h
o
f
t
h
i
s
r
e
s
e
a
r
c
h
.
W
h
i
l
e
e
x
i
s
t
i
n
g
t
e
c
h
n
i
q
u
e
s
u
s
u
a
l
l
y
t
r
y
t
o
i
m
p
r
o
v
e
t
h
e
h
a
s
h
f
u
n
c
t
i
o
n
[
18
,
28
]
,
t
h
e
p
r
o
p
o
s
e
d
S
X
R
t
e
c
h
n
i
q
u
e
f
o
c
u
s
e
s
o
n
t
h
e
p
a
s
s
w
o
r
d
s
t
o
r
i
n
g
.
E
n
h
a
n
c
i
n
g
s
e
c
u
r
i
t
y
c
o
u
l
d
b
e
d
o
n
e
b
y
c
a
l
c
u
l
a
t
i
n
g
t
h
e
r
a
t
i
o
t
h
a
t
d
i
v
i
d
e
s
t
h
e
h
a
s
h
v
a
l
u
e
a
n
d
t
h
e
n
u
m
b
e
r
o
f
i
t
e
r
a
t
i
o
n
s
.
U
n
l
i
k
e
e
x
i
s
t
i
n
g
s
a
l
t
e
d
p
a
s
s
w
o
r
d
a
p
p
r
o
a
c
h
e
s
,
t
h
e
y
n
e
e
d
t
o
a
d
d
c
h
a
r
a
c
t
e
r
s
e
t
t
o
t
h
e
p
a
s
s
w
o
r
d
t
o
i
n
c
r
e
a
s
e
s
t
r
e
n
g
t
h
,
b
u
t
a
l
s
o
n
e
e
d
t
o
s
t
o
r
e
t
h
i
s
c
h
a
r
a
c
t
e
r
s
e
t
i
n
t
h
e
d
a
t
a
b
a
s
e
[
10
,
11
]
.
O
u
r
S
X
R
i
s
t
o
u
s
e
t
h
e
u
s
e
r
n
a
m
e
a
n
d
p
a
s
s
w
o
r
d
a
s
t
h
e
b
a
s
i
s
f
o
r
i
m
p
r
o
v
i
n
g
t
h
e
e
f
f
i
c
i
e
n
c
y
t
o
i
n
c
r
e
a
s
e
t
h
e
c
o
m
p
l
e
x
i
t
y
o
f
p
a
s
s
w
o
r
d
,
s
o
t
h
e
d
e
c
r
y
p
t
i
n
g
m
u
s
t
c
o
n
s
i
s
t
o
f
t
w
o
p
a
r
t
s
.
Evaluation Warning : The document was created with Spire.PDF for Python.
IS
S
N
:
2088
-
8708
In
t J
Elec
&
C
om
p
En
g,
V
ol.
10
, No
.
6
,
Dec
e
m
ber
2020
:
6582
-
6591
6590
Ou
r
te
chn
iqu
e
neither
interven
es
no
r
m
od
ifie
s
the
hash
al
go
rithm
.
It
streng
thens
the
passw
or
d
after
the
hash
fu
nction
and
keep
s
the
passw
or
d
in
t
he
database
.
Thu
s,
the
pr
op
os
ed
te
chn
iqu
e
is
app
li
cable
to
any
existi
ng
hash
al
go
rithm
.
The
on
ly
disadv
antage
is
that
the
encr
ypti
on
ti
m
e
is
increased
becau
se
the
us
ern
am
e
and
passw
or
d
are
us
ed
to
create
a
secret
key
.
Ho
wev
er,
us
ers
will
no
t
be
awar
e
of
th
e
encr
ypti
on
ti
m
e
.
The
per
fo
rm
ance
of
the
pr
op
os
ed
te
chn
iqu
e
is
con
sidered
by
us
ing
the
pr
ocessing
ti
m
e
fo
r
a
hash
passw
or
d
.
As
per
the
exp
erim
ent,
the
aver
age
ti
m
e
of
the
hash
fu
nction
with
the
SX
R
al
go
rithm
is
0
.
00
23
08
to
0
.
01
56
32
secon
ds
.
Altho
ug
h
resu
lt
has
ta
ken
m
or
e
ti
m
e
than
the
tradit
ion
al
hash
fu
nction
by
50
ti
m
es
,
in
act
ual
us
e,
the
pr
ocessing
ti
m
e
is
le
ss
than
0
.
1
secon
ds
.
Hu
m
ans
will
no
t
reali
ze
the
diff
eren
ce
in
the
pr
ocessing
ti
m
e
[
26
]
.
As
fo
r
the
resist
ance
against
at
ta
ck,
the
pr
op
os
ed
te
chn
iqu
e
can
pr
even
t
10
0
%
fr
om
Dict
ion
ary at
ta
ck,
Bru
te
-
fo
rce an
d
Bi
rthd
ay
att
ack
.
5.
CONCL
US
I
O
NS
A
ND FUT
UR
E
WO
RK
At
pr
ese
nt,
da
ta
base
threats
com
e
in
m
any
ways,
an
d
th
ere
are
m
any
repor
ts
of
da
ta
base
at
ta
cks
occurri
ng
.
The
sever
it
y
of
t
he
se
at
ta
cks
seem
s
to
be
bec
om
ing
m
or
e
dangero
us
,
wh
et
he
r
it
is
the
loss
of
data,
pro
per
ty
or
dis
trust
i
n
the
sec
ur
it
y
crit
eria
of
the
syst
em
or
web
sit
e
.
Con
se
qu
e
ntly
,
t
he
c
r
i
te
ria
or
m
et
ho
ds
f
or
storing
pa
sswo
rd
s
a
re
c
onsid
ered
to
be
a
pri
or
it
y
in
syst
em
dev
el
opm
ent
.
The
m
et
ho
d
of
sto
rin
g
pas
s
words
has
m
any
for
m
s,
su
ch
as
e
nc
ryptio
n
us
in
g
the
hash
f
unct
ion
.
The
m
ai
n
obj
ect
ive
of
th
e
ab
ov
e
m
et
ho
ds
a
re
m
ai
ntaining
th
e
secur
it
y
of
a
database
s
o
t
ha
t
the
secu
rity
syst
e
m
re
m
ai
n
s
sta
ble
an
d
rel
ia
ble,
an
d
ca
n
ver
ify
the
accuracy
of
the
in
form
a
ti
on
an
d
be
a
ble
to
pr
e
ve
nt
or
re
port
when
there
has
been
a
n
unaut
horize
d
m
od
ific
at
ion
of
data
.
In
this
pa
pe
r,
we
pro
posed
S
XR
al
gorithm
by
cal
culat
ing
the
us
er
nam
e
a
nd
pass
word
to
get
a
secret
key,
t
hen
br
i
ngin
g
t
hem
thr
ough
t
he
SX
R
al
gorithm
an
d
st
or
e
the
pa
sswor
d
i
nto
th
e
data
base
.
Although
the
pa
sswo
rd
a
tt
acker
will
get
the
pass
wor
d
or
m
ay
get
int
o
the
data
base;
it
would
not
he
lp
to
m
ake
it
easi
er
to
rand
om
l
y
fi
nd
t
he
co
rr
ect
pass
word,
bec
ause
the
f
orm
of
the
pass
wor
d
store
d
is
the
sam
e
as
the
password
thr
ough the
g
e
ner
al
has
h func
ti
on
.
Ex
per
im
ental
resu
lt
s
ha
ve
sho
wn
th
at
the
po
pu
la
r
pass
w
ord
that
is
intro
du
ced
thr
ough
th
e
al
go
rithm
pro
po
se
d
with
the
MD5
al
gor
it
h
m
can
incre
ase
the
secu
rity
of
the
databa
se
.
Eve
n
if
t
he
database
is
at
ta
cked,
pass
word
at
ta
cker
ca
nnot
dec
rypt
the
data,
t
hu
s
the
data
st
or
e
d
in
the
dat
abase
is
sec
ure
.
This
resea
rch
can
help
i
n
buil
di
ng
cre
dib
il
it
y
for
we
b
a
ppli
cat
i
on
de
velo
pers
or
va
rio
us
ide
nt
it
y
authen
ti
cat
ion
s
oft
war
e
a
m
on
g
us
ers
.
I
n
fu
t
ur
e
w
ork,
the
a
uthors
plan
t
o
util
iz
e
in
i
nv
est
m
e
nt
tra
ns
act
io
ns
for
i
ncr
easi
ng
secur
it
y
of
the
data
with
m
ulti
-
factor
a
uth
e
ntica
ti
on
s
uc
h
a
s
IP
address
,
OTP,
bio
m
et
rics,
et
c
.
,
a
s
well
as
t
o
im
pr
ove
the
S
XR
al
gorithm
sch
em
e w
it
h
pr
op
e
r
en
c
ryptio
n
in
order t
o
i
ncr
ea
se the att
ack
r
e
sist
ance
.
REFERE
NCE
S
[1]
M
.
Abadi,
“
Secu
rity
Proto
col
s a
n
d
Speci
f
ic
a
ti
ons,
”
Ber
li
n
,
Heid
elberg,
pp
.
1
-
13
,
1
999
.
[2]
B
.
A
.
Forouza
n,
“
Cr
y
p
togra
ph
y
a
nd
Network
Se
c
urity
,
”
McGraw
-
Hill
,
Inc
.
,
p
p
.
1
-
480
,
200
7
.
[3]
B
.
Savege
,
“
A Guide
to
Hash Alg
orit
hm
s
,
”
GIA
C
Prac
tical Re
posit
or
y
,
SA
NS
Institute,
2003
.
[4]
A
.
Singh
and
S
.
Raj
,
“
Secur
ing
passw
ord
using
d
y
nami
c
p
assw
ord
pol
icy
gen
erator
al
gori
thm,
”
Journal
o
f
K
ing
Saud
Unive
rs
i
t
y
-
Computer
and
Information
Sc
ience
s,
2019
.
[5]
T
.
Hunt
,
“
Have
I
Bee
n
Pw
ned
?
”
2013
.
[
Online
]
.
Avail
ab
le
:
htt
ps
://
have
ibeenpwne
d
.
com
/
Pw
nedW
ebsit
es
.
[6]
H
.
Kum
ar
,
et
al
.
,
“
Rai
nbow
ta
bl
e
to
cr
ac
k
p
assw
ord
usi
ng
MD
5
hashing
a
lgori
th
m
,
”
in
2013
IE
E
E
Conf
ere
nce
o
n
Information
&
C
omm
unic
ati
on
T
ec
hnolog
ie
s
,
pp
.
433
-
439
,
2013
.
[7]
R
.
Rive
st,
“
The
MD
5
Mess
age
-
Digest
Algorit
h
m
,
”
MIT
La
bor
a
tor
y
fo
r
Com
pute
r
Scie
n
ce
and
RS
A
Data
Secur
ity
,
1992
.
[8]
U
.
S
.
Depa
rtmen
t
of
Com
m
erc
e
,
“
FIP
S
PU
B
180
-
4,
Fed
eral
Infor
m
at
ion
Proc
essing
Stand
ard
s
Pu
bli
c
at
ion
:
Secur
e
Hash
Standa
rd
(
SHS
)
,
”
Nati
on
al
Insti
tute
of
Standa
rds
and
Te
chno
log
y
,
Crea
t
eSpac
e
Inde
p
ende
nt
Publishi
ng
Plat
form
,
p
p
.
1
-
36
,
2012
.
[9]
R
.
Morris
and
K
.
Thomps
on,
“
Pass
word
sec
urity
:
a
ca
se
h
istor
y
,
”
Comm
un
ic
ati
ons
of
the
AC
M,
vol
.
22,
no
.
11,
pp
.
594
-
597,
19
79
.
[10]
S
.
Kharod,
et
al
.
,
“
An
improved
hashing
bas
ed
p
assw
ord
sec
urity
sche
m
e
using
s
al
ti
ng
and
d
iffe
r
ent
i
al
m
asking,
”
in
2015
4th
In
te
r
nati
onal
Con
fe
re
nce
on
Re
l
iabi
l
ity,
In
foc
om
Tech
nologi
es
and
Op
ti
mization
(
ICRI
TO
)
(
Tr
ends
and
Fut
ure
Dire
ct
ion
s
)
,
pp
.
1
-
5
,
2015
.
[11]
M
.
M
.
Kass
im
and
A
.
Sujit
ha,
“
Procure
Pass
:
A
Us
er
Authentic
at
ion
Protocol
t
o
Resist
Pass
word
Stealing
and
Pass
word
Reuse
Atta
ck
,
”
in
2013
Inte
rnat
ional
Sy
mpos
ium
on
Co
mpu
tat
ional
and
Busine
ss
In
te
l
ligence
,
pp
.
31
-
34
,
2013
.
[12]
P
.
P
.
Churi,
e
t
al
.
,
“
Jum
bli
ng
-
S
al
ti
ng
:
An
impr
ovised
appr
oa
ch
for
passw
ord
enc
r
y
p
ti
on
,
”
in
2015
Inte
rnation
al
Confe
renc
e
on
S
ci
en
ce and
Tech
nology
(
TICST
)
,
pp
.
236
-
242
,
20
15
.
[13]
J
.
Jeong,
et
al
.
,
“
Enha
n
ce
m
ent
of
W
ebsit
e
Pass
word
Secur
ity
b
y
Us
ing
Ac
ce
ss
Log
-
base
d
Salt,
”
in
2019
Inte
rnational
C
onfe
renc
e
on
S
y
stems
of
Coll
ab
oration
Bi
g
Dat
a,
Int
erne
t
o
f
T
hings
&
Sec
urity
(
SysCoBIoTS
)
,
pp
.
1
-
3
,
2019
.
Evaluation Warning : The document was created with Spire.PDF for Python.
In
t J
Elec
&
C
om
p
En
g
IS
S
N: 20
88
-
8708
Auth
e
nticati
on
and p
as
swo
rd
storin
g
im
prov
emen
t
us
i
ng
...
(
Jakkap
ong Pol
pong)
6591
[14]
M
.
D
.
A
.
Chawdhur
y
and
A
.
H
.
M
.
A
.
Habib,
“
Secur
ity
en
hanc
e
m
ent
of
MD
5
hashe
d
p
a
ss
words
by
usi
ng
the
unused
bit
s
of
TCP
he
ade
r
,
”
in
2008
11
th
Int
ernati
onal
Conf
ere
nce
on
Comp
ute
r
and
In
formation
Technol
og
y
,
pp
.
714
-
717
,
20
08
.
[15]
F
.
E
.
D
.
Guzm
an,
et
a
l
.
,
“
Enha
n
ce
d
Secur
e
H
ash
Algori
thm
-
512
base
d
on
Quadr
a
ti
c
Funct
ion
,
”
in
2018
IE
EE
10th
Inte
rnational
Confe
renc
e
on
H
umanoid,
Nanot
ec
hnolog
y,
In
formation
Technology,
Comm
unic
at
ion
and
Control
,
Env
ironment
an
d
Manage
ment
(
HNICEM
)
,
pp
.
1
-
6
,
2018
.
[16]
F
.
E
.
D
.
Guzm
an,
e
t
a
l
.
,
“
Im
plem
ent
at
ion
of
En
hanc
ed
Secur
e
Hash
Algorit
hm
Towa
rds
a
Se
cur
ed
W
eb
Porta
l,
”
in
2019
IEEE
4
th
I
nte
rnational
Co
nfe
renc
e
on
Co
mputer
and
Com
municat
ion
System
s
(
ICCCS
)
,
pp
.
189
-
192
,
2019
.
[17]
K
.
T
.
Seong
and
G
.
H
.
Kim
,
“
Impl
ementation
of
vo
y
ag
e
data
re
c
ording
d
evi
c
e
using
a
d
igi
t
al
for
e
nsics
-
base
d
h
ash
al
gorit
hm
,
”
Inter
nati
onal
Journ
al
of
El
e
ct
ri
cal
and
Computer
E
ngine
ering
(
IJE
CE
)
,
vo
l
.
9,
no
.
6,
p
p
.
5412
-
5419
,
2019
.
[18]
G
.
Sodhi,
et
al
.
,
“
Im
ple
m
ent
ation
of
m
essage
aut
h
ent
i
ca
t
ion
code
using
DN
A
-
LCG
ke
y
an
d
a
nov
el
h
ash
al
gorit
hm
,
”
Inter
nati
onal
Journal
of
E
le
c
tric
a
l
and
Computer
Engi
ne
ering
(
IJ
ECE
)
,
vol
.
9,
no
.
1,
p
p
.
352
-
358
,
2019
.
[19]
D
.
Dasgupta,
e
t
al
.
,
“
Multi
-
Fac
to
r
Authen
tication
,
”
in
D
.
Dasgupta,
e
t
al
.
(
eds
)
,
A
dvanc
es
in
Us
er
Authen
ti
c
ation,
Cham
,
Springer
Inte
rnational
Pu
bli
shing
,
pp
.
185
-
233
,
2017
.
[20]
R
.
D
.
Piet
ro
,
et
al
.
,
“
A
two
-
facto
r
m
obil
e
au
the
nt
ic
a
ti
on
sch
eme
f
or
sec
ure
fina
n
cial
tr
ansa
c
ti
ons,
”
in
Inte
rnat
ional
Confe
renc
e
on
Mobil
e
Busine
ss
(
ICMB'05
)
,
pp
.
28
-
34
,
2005
.
[21]
S
.
Subra
y
an,
et
al
.
,
“
Multi
-
fa
ctor
Authent
i
ca
t
io
n
Scheme
for
Shadow
Atta
cks
in
Social
Net
wor
k,
”
in
2017
Inte
rnational
Co
nfe
renc
e
on
Te
c
hnic
al
Adv
an
cem
ent
s
in
Compu
te
rs
and
Comm
unic
ati
ons
(
ICTACC
)
,
pp
.
36
-
40
,
2017
.
[22]
R
.
G
.
Rit
te
nho
use
and
J
.
A
.
Chaudhr
y
,
“
A
Surve
y
of
Alt
e
rna
ti
v
e
Authentication
Methods
,
”
Inte
rnational
Confe
renc
e
on
R
ec
en
t
Ad
vances in
Computer
Syst
ems
(
RA
CS
2015
)
, p
p
.
179
-
182,
2
015
.
[23]
D
.
Dasgupta,
e
t
al
.
,
“
Adapti
ve
Multi
-
f
ac
tor
Authent
i
cation,
”
i
n
D
.
Dasgupta,
et
al
.
(
eds
)
,
A
dvanc
es
in
Us
e
r
Authent
i
ca
t
ion,
Cham
,
Springer
Inte
rnational
Pu
bli
shing
,
pp
.
281
-
355
,
2017
.
[24]
W
.
Ma,
et
a
l
.
,
“
Pass
wo
rd
Ent
rop
y
and
Pass
word
Qualit
y
,
”
in
2
010
Fourth
Inter
nati
onal
Con
fer
enc
e
on
N
et
wo
rk
and
Syste
m
Sec
u
rity
,
pp
.
583
-
587
,
2010
.
[25]
J
ohn
Hall,
“
SplashData
’
s
T
op
100
W
orst
Pass
words
of
2018
,
”
201
8
.
[
Online
]
.
Avail
able
:
htt
ps
://
www
.
te
a
m
sid
.
com
/
splashdat
as
-
top
-
100
-
w
orst
-
passw
ords
-
of
-
2018
/
.
[26]
R
.
B
.
Mill
er
,
“
Response
ti
m
e
i
n
m
an
-
computer
conve
rsat
iona
l
tra
nsac
ti
ons,
”
T
he
Proceedi
ngs
of
the
fal
l
joi
n
t
compute
r c
on
fe
r
enc
e
,
part
I
,
San
Franc
isco
,
C
al
if
ornia
,
pp
.
267
-
277,
1968
.
[27]
W
.
Luo,
e
t
al
.
,
“
Authentication
b
y
Enc
r
y
p
te
d
N
ega
t
ive
Pass
word,
”
IEEE
Tr
ansacti
ons
on
Infor
mation
Forensi
c
s
and
Sec
uri
ty,
vol
.
14,
no
.
1,
pp
.
114
-
128,
2019
.
[28]
A
.
Abouchoua
r
,
et
al
.
,
“
New
conc
ept
fo
r
cr
y
p
togra
phi
c
constr
uct
ion
d
esign
b
ase
d
on
noni
te
r
at
iv
e
beh
avi
or,
”
Inte
rnational
Jo
urnal
of Artifici
a
l
Int
el
l
ige
nc
e
(
IJ
-
AI
)
,
vol
.
9,
no
.
2,
pp
.
229
-
235,
2020
.
BIOGR
AP
HI
ES OF
A
UTH
ORS
Jakk
apo
ng
Pol
pon
g
was
born
in
Yala,
in
1988
.
He
recei
ved
a
B
ac
he
lor
of
Sci
en
ce
in
Com
pute
r
scie
nc
e
from
fa
cul
t
y
of
Applied
Scie
nc
e,
Kin
g
Mongkut
’
s
Univer
sit
y
of
Tec
hnolog
y
North
Bangkok,
in
20
09
.
He
recentl
y
re
ceive
d
a
M
a
ster
of
Sc
ie
n
ce
in
Inform
a
ti
on
T
ec
hno
log
y
,
King
Mongkut
’
s
Univer
si
t
y
o
f
T
ec
hnolog
y
Nort
h
Bangkok
,
in
2
014
.
At
pr
ese
nt
,
he
is
a
Ph
.
D
.
Candi
date in I
nf
orm
at
ion
T
ec
hn
olog
y
and
Digita
l
Innova
ti
on
at KM
UTNB
.
Dr
.
Pongp
isit
Wuttidittachotti
is
cur
r
ent
l
y
an
associa
t
e
prof
essor
and
h
ea
d
of
the
D
epa
rtment
of
Data
Com
m
u
nic
a
ti
on
and
Net
working
at
the
Facul
t
y
of
Infor
m
at
ion
Te
chno
l
og
y
and
Digital
Innova
ti
on
,
Kin
g
Mongkut
’
s
Unive
rsit
y
of
Tech
nolog
y
North
B
angkok
(
KM
UT
NB
)
,
Thaila
nd
.
He
recei
v
ed
his
Ph
.
D
.
in
Networ
ks,
Tele
comm
un
ic
a
ti
ons,
S
y
stem
s a
nd
Archi
tectu
res
from
INP
T
-
ENSEEIHT,
in
Franc
e
.
He
rec
ei
v
ed
an
outst
andi
ng
emplo
y
e
e
awa
rd
in
soc
ia
l
serv
ic
e
a
t
the
univ
ersity
le
ve
l
in
20
19
,
an
outst
andi
n
g
emplo
y
ee
a
ward
at
the
fa
cul
t
y
le
v
el
and
the
univ
ersity
l
eve
l
in
2020
.
He
owns
m
ore
tha
n
30
rec
ogn
ize
d
ce
rt
ifi
c
ations,
for
exa
m
ple,
CISS
P,
CISM
,
CISA
,
CRIS
C,
CGEIT,
IRCA
I
SO
/
IEC
27001
:
2013
Le
ad
Aud
it
or,
COBIT
5
Foundati
on,
COBIT
2019
Foun
d
at
ion
,
COBIT
2019
Design
&
I
m
ple
m
ent
at
ion
,
Data
Protection
Offic
er
(
DPO
)
etc
.
So
far
,
W
utti
dit
tachotti
h
as
o
ver
t
en
y
e
ars
of
working
exp
erienc
e
cov
eri
ng
software
dev
el
o
pm
ent
,
ne
twork,
sec
uri
t
y
,
audit,
risk
m
ana
gemen
t,
I
T
gove
rna
nc
e
,
and
stand
ard
,
and
comp
li
an
ce
.
His
expe
rti
se
h
as
show
n
out
as
a
m
ember
of
the
ISA
CA
Bangkok
Chapt
er
comm
it
te
e
sinc
e
2015,
and
an
Acc
red
i
te
d
Tra
i
ner
-
COBIT®
2019
Foundation
for
ISA
CA
Bangkok
Chapter
.
He
has
con
duct
ed
and
pub
li
shed
m
an
y
r
e
sea
rch
art
i
cles
cont
inu
al
l
y
in
informati
o
n
se
cu
rity
and
r
el
a
te
d
t
opic
s
.
Evaluation Warning : The document was created with Spire.PDF for Python.