Survey of hash-based authentication on modern hardware

Supervisors: Pınar Tözün, Niclas Hedam
Tags: benchmarking, hashing, security, GPU, hacking, HPC

Hash-based authentication is an effective way of protecting passwords in software systems. Hashing obscures the original passwords, such that it cannot be recovered in case of a database breach. However, as demonstrated by our paper titled Hash-Based Authentication Revisited in the Age of High-Performance Computers, the practical security depends on which hashing algorithm is used as well as the complexity of the passwords.

The main goal of this project is to do a study on which hashing-algorithms are the standard in current software systems as well as testing the cracking capacity of these hashing-algorithms on high-performance computers and home computers. Studying the real-world and practical security of authentication schemes is a relatively unexplored topic. Due to this, any significant findings may have a real-world impact on how we perceive and quantify security in software systems.

In parallel, we would like to investigate the effect of overheating when running intensive applications in a GPU such as the embarrassingly parallel workload of brute-forcing hashes.