Intrusion Detection System Using Honeyword
Abstract
We proposed a most accurate and best method for improving the security of hashed passwords by providing of additional “honeywords” (false passwords) associated with each user’s account. An adversary who wants to steals a file of hashed passwords and inverts the hash function cannot tell if he has found the password or a honeyword. An auxiliary server (the “Honeychecker”) can distinguish the user password from honeywords for the login routine, and will set off an alarm if a honeyword is use. we suggest an alternative approach that select the honeywords(fake pass) from existing user password in the system in order to provide realistic honeywords, a perfectly flat honeyword generation method and also to reduce the storage cost.
Keywords: Authentication, honeypot, honeywords, login, passwords, password cracking
Full Text:
PDFDOI: https://doi.org/10.37591/jons.v8i2.720
Refbacks
- There are currently no refbacks.
Copyright (c) 2020 Journal of Network Security
- eISSN: 2395–6739
- ISSN: 2321–8517