[RndTbl] Suggestion For Improvements To Cryptographic Hashing
Ihor Jakowec
ijakowec at icloud.com
Tue Mar 14 14:53:06 CDT 2017
I hope this is readable, if not please notify me.
This article is also readable from google+
Keywords: Ihor Jakowec DEJA VU HASH Revised
Or, copy and paste, the below link...
https://drive.google.com/open?id=0BxLingfkcfkbQ3JwYUlZVVBGZGc
DEJA VU HASH
Abstract
Described here is a self modifying cryptographic hash,
that changes with every login, and/or, after an arbitrary
time interval. In addition to a password, the hash
uses login statistics. A hacker would would have less
time to crack a password, because the hash value could
keep changing. Also, hacker would need login statistics.
TIME SENSITIVE CRYPTOGRAPHIC HASH
This method is used for remote logins from computers with
an operating system containing log files that hold login
data and network traffic data. This method is NOT for use
by “dumb” terminals, or on guest computers where data is
erased upon logout.
The input to the hash consists of some or all of the
following:
1.) Password.
2.) Time delay, established by use either/or:
- the mode and variance of several ping attempts
- a truncated value common to most ping trials
- or the intersection algorithm. [1]
3.) Login time.
4.) Previous or, current login duration.
5.) CPU serial number.
6.) An array that is a histogram of values of the number
of packets sent and received (the interval size is
arbitrary)
[1]
_________________
 Wikipedia Contributors “Intersection Algorithm”
“Wikipedia, The Free Encyclopedia”
Wikipedia, The Free Encyclopedia
5 May 2014. Web. 5 May 2014.
NOTE:
You could use NTP (Network Time Protocol), with
peer-to-peer connectivity for both the login
client and the server; to increase the resolution
of the above items: 2, 3, and 4.
(Referring to item 4.) If the current login is used,
the hash is performed at the end of the login.
A different hash value can be kept for each login
from a different CPU. (This could be a weakness if
many different CPU’s have been used, and infrequently
at that.) Therefore, using item 5. should only be
considered as an option, for those who want to
restrict logins to a select few computers.
How these values are arranged as input to the hash
is arbitrary. You could use sequential concatenation.
Or, values can be hashed separately, then xored to
the final hash value. Input values can also be bit
shuffled.
Modification: Item 6 could consist of a single array
that is a histogram of differences:
(number of data packets sent - number of data packets received)
The arbitrary time interval is:
login duration / inter login interval
Both the server and the client would have records of items
1 to 6 on their respective file systems. However, for
concealment, the way they are stored, and used as input to
the hash can vary.
Since, this method results in a different hash for every
login. A hacker’s cracking time would be limited to the
time interval between successive logins
PSEUDO LOGIN
The concept here is to use pseudo logins. This is not a
full login. Only the login state tables are synchronized
and the password hash value is re-hashed. The login interval
can be based on information known to both the client and
the server. The average of the last five logins could be
used, where a fraction, or multiple, of this average is used
as the pseudo login interval. Moreover, the pseudo login
interval can be vary. This interval can be made slightly
longer or shorter. This variation can be based on the
histogram of differences previously mentioned. The
histogram can be partitioned into percentiles, or an
arbitrary n-tile. Lower than average values can be used
to shrink the pseudo login interval, while higher than
average values can be used to lengthen the interval.
Optimally, the average of these intervals should be slightly
shorter than the amount of time needed by the average hacker
to crack a hash value. Or, it could be left up to the system
adminstrator to set the length of the pseudo login interval.
This would depend on the need for security in juxtaposition
to system load demands.
SALTING THE SALT
As an added security feature, each pseudo login hash can be
salted with a random number. The same value that is used
by the server and the remote login. The random number
generator and the seed value used, would be common to the
server and the login client. The type of random number
generator used would be quasi-propriatary to the system
being used. That is, each random value could be
cryptographically hashed with a common seed value. The
resulting hash value could be used with the hash value of
the previous login or previous pseudo login hash value.
==================================================
DISCLAIMER
Any words not defined, in this collection of documents;
use the definition given to them, by the O.E.D. and/or
American Webster's dictionary. It is not my intention
to use double entendre: either from English or in any
other language, or from pop subculture (past or present).
Any words redefined by me, or phrases defined by me, are
simply technical in nature. They are not intended to
refer to any:
group, institution, organization, person or persons.
— No alternate meaning to any word or phrase is implied
or intended.
— My intent is NOT to:
slight, insult, affront, or offend.
Ihor Jakowec Tuesday 14 December 2017
===================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://muug.ca/pipermail/roundtable/attachments/20170314/fd50dd88/attachment-0001.html>
More information about the Roundtable
mailing list