Rainbow table

About: Rainbow table is a research topic. Over the lifetime, 488 publications have been published within this topic receiving 11528 citations.

LightFlow: Speeding up GPU-based flow switching and facilitating maintenance of flow table

Abstract: Flow-based switching is increasingly important in accordance with the growing demand for in-network processing for cloud applications. Flow switching performance tends to be degraded in proportion to the number of flow entries. To reduce the number of flow entries, they can be aggregated by applying wildcard fields. Meanwhile, the existence of the wildcard entry adversely affects the use of a hash-based lookup on a flow table, and thus a linear search is inherent in flow switching. However, the linear search is currently the primary cause of performance limitation. To date, two flow tables, one for hash-based lookup and the other for a wildcard-enabled linear search, have been used for flow switching. While hash-based table lookup is much faster than linear search, it needs to be manually updated for every exact match entry. Maintaining a hash-based table of all the flow switches is not feasible from a network operator viewpoint. In this paper, LightFlow, a mechanism to accelerate software flow switching processing and relieve the burden of maintaining the flow table is proposed. In LightFlow, two-dimensional parallelization of a linear search is introduced to accelerate lookup of the wildcard-enabled flow entries. It also introduces a mechanism that allows updating of the hash table to be performed automatically based on the result of wildcardaware table lookup. LightFlow satisfies both the need for fast table lookup and feasibility of flow table management which needs to allow a large number of wildcard entries. Experimental results show that LightFlow can increase the speed of lookup of a wildcard-aware flow table three-fold or more compared to the current GPU-based wildcard search mechanisms.

Authentication using a weak hash of user credentials

Abstract: Methods and apparatus for logging into a computer are disclosed. The computer receives a username and password. The computer determines whether a user with the username is authorized to access the computer. If so, the computer retrieves a weak cryptographic hash of the user's password and compares it to a weak cryptographic hash of the received password. The computer grants access if the weak cryptographic hashes are identical, and sends the username and password to a server. The server determines whether a user with the username has a server account. If so, the server retrieves a strong cryptographic hash of the user's password and compares it to a strong cryptographic hash of the received password. The server grants the user access to an account or service if the strong cryptographic hashes are identical.

Authentication by Encrypted Negative Password

Abstract: Secure password storage is a vital aspect in systems based on password authentication, which is still the most widely used authentication technique, despite some security flaws. In this paper, we propose a password authentication framework that is designed for secure password storage and could be easily integrated into existing authentication systems. In our framework, first, the received plain password from a client is hashed through a cryptographic hash function (e.g., SHA-256). Then, the hashed password is converted into a negative password. Finally, the negative password is encrypted into an encrypted negative password (ENP) using a symmetric-key algorithm (e.g., AES), and multi-iteration encryption could be employed to further improve security. The cryptographic hash function and symmetric encryption make it difficult to crack passwords from ENPs. Moreover, there are lots of corresponding ENPs for a given plain password, which makes precomputation attacks (e.g., lookup table attack and rainbow table attack) infeasible. The algorithm complexity analyses and comparisons show that the ENP could resist lookup table attack and provide stronger password protection under dictionary attack. It is worth mentioning that the ENP does not introduce extra elements (e.g., salt); besides this, the ENP could still resist precomputation attacks. Most importantly, the ENP is the first password protection scheme that combines the cryptographic hash function, the negative password, and the symmetric-key algorithm, without the need for additional information except the plain password.

Password management system

Abstract: PROBLEM TO BE SOLVED: To improve the security at a low cost by attaining the unitary management of passwords. SOLUTION: An authentication DB is retrieved by using an inputted user ID as a key and then a password management DB is retrieved with the user ID and a selected work system used as keys when the identity of a user is decided (S11-S13). A system user ID of the password management DB and the data stored in a system password are automatically and substitutionally inputted to a user ID input column and a password input column respectively on a password input screen of the selected work system (S14, S15). Then various system authentication DBs are retrieved with the inputted user ID used as a key, and the password stored in the password of a retrieval system is compared with the password inputted to the password input column of the password input screen to confirm the identity of the user. Thus, the selected work system is available (S16).