Web Application:(with) HoneyWords and HoneyEncryption

Harish Reddy B, Beatrice Ssowmiya J

Abstract: It has become much easier for an attacker to steal hash passwords and enter into the account through legitimate user by cracking the hash passwords. So, for each user account, the legitimate password is stored with several honeywords in order to sense impersonation. If honeywords are selected properly, an adversary who steals a file of hashed passwords cannot be sure if it is the real password or a honeyword for any account. Moreover, entering with a honeyword to login will trigger an alarm notifying the administrator about a password file breach. Here I am implementing Honey Encryption for the protection of data stored by the user in a web application, that produces a cipher text, which, when decrypted with an incorrect key as guessed by the attacker, presents a plausible-looking yet incorrect plaintext password or encryption key.

Keywords: Honeywords, Honey Encryption, Authentication, Security, Password