TY - GEN
T1 - Analysis and comparison of MD5 and SHA-1 algorithm implementation in Simple-O authentication based security system
AU - Putri Ratna, Anak Agung
AU - Purnamasari, Prima Dewi
AU - Shaugi, Ahmad
AU - Salman, Muhammad
PY - 2013
Y1 - 2013
N2 - Simple-O, an automated essay grading application was developed at the Department of Electrical Engineering University of Indonesia. This application used MD5 + salt algorithm to perform protection for authentication password of users stored in its database. Unfortunately, due to a number of flaws contained in the MD5 algorithm, SHA-1 + salt algorithm was implemented in this application and then the comparison was carried out between those two algorithms. The experiments include time measurements and estimation of brute force attack for each algorithm. Processing time and CPU usage were also measured. In the brute force hash code scenario, it was tried to find plaintext from the chipertext. In this scenario, both MD5 and SHA-1 was implemented and tested using Hashcat tool. The better the algorithm, the more time needed to brute force the chipertext. In this scenario the password tested has 8 to 10 characters. The result from this testing shows that the implementation of SHA-1 algorithm is more robust against brute force attacks than MD5. The difference in processing time between SHA-1 + salt and MD5 + salt ranged from 0.001 seconds to 0.002 seconds for each length variation of the password from 8 to 10 character. While the difference in CPU usage is 0.545%, 0.985%, and 1.69% respectively for the password with 8, 9, and 10 characters length. These results indicate that while giving better security the implementation of the algorithm SHA-1 + salt does not impose on the performance of Simple-O application.
AB - Simple-O, an automated essay grading application was developed at the Department of Electrical Engineering University of Indonesia. This application used MD5 + salt algorithm to perform protection for authentication password of users stored in its database. Unfortunately, due to a number of flaws contained in the MD5 algorithm, SHA-1 + salt algorithm was implemented in this application and then the comparison was carried out between those two algorithms. The experiments include time measurements and estimation of brute force attack for each algorithm. Processing time and CPU usage were also measured. In the brute force hash code scenario, it was tried to find plaintext from the chipertext. In this scenario, both MD5 and SHA-1 was implemented and tested using Hashcat tool. The better the algorithm, the more time needed to brute force the chipertext. In this scenario the password tested has 8 to 10 characters. The result from this testing shows that the implementation of SHA-1 algorithm is more robust against brute force attacks than MD5. The difference in processing time between SHA-1 + salt and MD5 + salt ranged from 0.001 seconds to 0.002 seconds for each length variation of the password from 8 to 10 character. While the difference in CPU usage is 0.545%, 0.985%, and 1.69% respectively for the password with 8, 9, and 10 characters length. These results indicate that while giving better security the implementation of the algorithm SHA-1 + salt does not impose on the performance of Simple-O application.
KW - CPU usage
KW - MD5 algorithm
KW - SHA-1 algorithm
KW - Simple-O authentication system security
KW - brute force attack
KW - processing time
UR - http://www.scopus.com/inward/record.url?scp=84890282703&partnerID=8YFLogxK
U2 - 10.1109/QiR.2013.6632545
DO - 10.1109/QiR.2013.6632545
M3 - Conference contribution
AN - SCOPUS:84890282703
SN - 9781467357852
T3 - 2013 International Conference on Quality in Research, QiR 2013 - In Conjunction with ICCS 2013: The 2nd International Conference on Civic Space
SP - 99
EP - 104
BT - 2013 International Conference on Quality in Research, QiR 2013 - In Conjunction with ICCS 2013
T2 - 2013 13th International Conference on Quality in Research, QiR 2013 - In Conjunction with the 2nd International Conference on Civic Space, ICCS 2013
Y2 - 25 June 2013 through 28 June 2013
ER -