A study on one way hashing function and its application for FTMSK webmail / Noor Hasimah Ibrahim Teo

Password is a normal way for securing data from intruders. The widespread use of password is in email account. The advances of technology have reduced the function of password in security, where there are many chances of password to be sniffed or hack by intruders. FTMSK webmail is using passwor...

Full description

Bibliographic Details
Main Author: Ibrahim Teo, Noor Hasimah
Format: Thesis
Language:English
Published: 2005
Subjects:
Online Access:http://ir.uitm.edu.my/id/eprint/1732/
http://ir.uitm.edu.my/id/eprint/1732/1/TD_NOOR%20HASIMAH%20IBRAHIM%20TEO%20CS%2005_5%20P01.pdf
Description
Summary:Password is a normal way for securing data from intruders. The widespread use of password is in email account. The advances of technology have reduced the function of password in security, where there are many chances of password to be sniffed or hack by intruders. FTMSK webmail is using password as an authentication method. The problem was, their lecturer is not allowed to send examination question through email. This means that they do not trust the security of webmail. There are several techniques use to transform plaintext password to other form of password. One of it is call one-way hashing function. One-way hashing function consists of several algorithms. However MD5 is the most common hashing function currently in use. The research are aim to detemriine security of using one way hashing function at client side for FTMSK webmail login system and design framework for one way hashing function. A prototype is developed using MD5 algorithm and based on prototype approach, since it study on existing system. Tests are run for both FTMSK webmail and prototypes to determine whether the plain text password can be retrieved. Furthermore framework for one way hashing function is designed. Password need to be store in database on server in the form of hashing value. Secure password during transmission can be obtained by running protection on the client side of client server architecture.