Next Article in Journal
Simple, Near-Optimal Quantum Protocols for Die-Rolling
Previous Article in Journal
Cryptanalysis and Improvement of ECC Based Authentication and Key Exchanging Protocols
Article Menu

Export Article

Open AccessArticle
Cryptography 2017, 1(2), 10;

Password-Hashing Status

Department of Electrical & Computer Engineering, Technical University of Crete, Akrotiri Campus, 73100 Chania, Greece
Received: 15 March 2017 / Revised: 10 June 2017 / Accepted: 22 June 2017 / Published: 27 June 2017
Full-Text   |   PDF [1353 KB, uploaded 27 June 2017]   |  


Computers are used in our everyday activities, with high volumes of users accessing provided services. One-factor authentication consisting of a username and a password is the common choice to authenticate users in the web. However, the poor password management practices are exploited by attackers that disclose the users’ credentials, harming both users and vendors. In most of these occasions the user data were stored in clear or were just processed by a cryptographic hash function. Password-hashing techniques are applied to fortify this user-related information. The standardized primitive is currently the PBKDF2 while other widely-used schemes include Bcrypt and Scrypt. The evolution of parallel computing enables several attacks in password-hash cracking. The international cryptographic community conducted the Password Hashing Competition (PHC) to identify new efficient and more secure password-hashing schemes, suitable for widespread adoption. PHC advanced our knowledge of password-hashing. Further analysis efforts revealed security weaknesses and novel schemes were designed afterwards. This paper provides a review of password-hashing schemes until the first quarter of 2017 and a relevant performance evaluation analysis on a common setting in terms of code size, memory consumption, and execution time. View Full-Text
Keywords: password-hashing; key-derivation; PHC; PHS; KDF password-hashing; key-derivation; PHC; PHS; KDF

Figure 1

This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).

Share & Cite This Article

MDPI and ACS Style

Hatzivasilis, G. Password-Hashing Status. Cryptography 2017, 1, 10.

Show more citation formats Show less citations formats

Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Metrics

Article Access Statistics



[Return to top]
Cryptography EISSN 2410-387X Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top