Abstract:
Password-based encryption methods are used to protect private data that is vulnerable to brute force attacks by giving a message that the key has been decrypted or the key is guessed is incorrect, which causes the attacker to re-decrypt until the original message is reached.
Honey Encryption is a general and simple way to encrypt messages and produce encrypted text using the lowest value keys for entropy. When decoding with any number of incorrect keys, it produces a reasonable or correct message , but it is false called honey messages.
In this search the application was applied to the password because it is more susceptible to attack for , its ease and simplicity. Therefore, hashing and salting method use in this search, is a way to defend password theft, used to store and classify the password entered by the user into a real password and honey words, and store them in the database in hexadecimal format if the user is new.
If the user is already logged on, the system checks the password entered in the database , if it exists, does the second check, the server matches the password with the user name. If the password does not exist or the password does not match the user name, the system sends a message to the admin containing the name of the attacker and the password that he tried to enter and the transfer of the attacker to the imaginary system.
The result of use this algorithm is better password security in a faster time, helped to reduce the existing congestion in password-based encryption methods, password storage problems, provide security beyond conventional brute force limits, and provide high protection against partial disclosure of Min-entropy keys.
This research can be applied to protect all types of private data such as security messages and can be complicated by the complexity of salting and the choice of a better encryption algorithm. Over time, the security of honey encryption reduces the security of password-based encryption methods that with efficiency and computing power.
