Empirical Analysis of Popular Cryptographic Algorithms
Mentor:John Dionisio, Associate Professor, Loyola Marymount University
There are many cryptographic algorithms available that can be used to secure sensitive information such as user account passwords and other information useful in authentication processes. Some of these algorithms are stronger than others. Some of these algorithms have even been broken entirely rendering them ineffective for securing passwords. However, among the algorithms that remain unbroken, there is a standing question of which algorithm is the most effective at securing passwords for user accounts. There are a handful of algorithms that are generally accepted as the most effective. What each of these algorithms lack is empirical support for the effectiveness of the security provided when they are applied to passwords.
This project aims to test each of the most popular cryptographic algorithms by putting them through a series of analytical tests within the context of a real world situation in which the strength of the algorithm would be of paramount importance. In a situation where a database containing user password information has been compromised, the strength of the algorithm used to encrypt the passwords is the last line of defense for the user accounts. Assuming access to a list of the encrypted passwords, we attempt a typical brute force attack against the passwords by encrypting lists of plain-text words and then matching the computed results against the list of encrypted passwords from the database. If any of our computed hashes match any of the hashes acquired from the database, we will have effectively mapped the plain text to the encrypted result and uncovered the plain text password used for the corresponding user account. The percentage of passwords compromised in the process serves as an indicator of the effectiveness of the cryptographic algorithm used.