0% found this document useful (0 votes)
52 views10 pages

IJCSDF 7 4 AnalysisofSecureHash

This document analyzes the use of the Secure Hash Algorithm (SHA) 512 for password encryption on web-based applications. It discusses weaknesses in using MD5 for password hashing, such as collision attacks. The document proposes updating to SHA 512, which is more secure due to its longer 512-bit hash values. It provides background on hashing, encryption, and different SHA algorithms. Testing of a patch updating an application from MD5 to SHA 512 for password hashing found agreement from 86% of users that the new system is secure for login processes.

Uploaded by

Nget Thearith
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
52 views10 pages

IJCSDF 7 4 AnalysisofSecureHash

This document analyzes the use of the Secure Hash Algorithm (SHA) 512 for password encryption on web-based applications. It discusses weaknesses in using MD5 for password hashing, such as collision attacks. The document proposes updating to SHA 512, which is more secure due to its longer 512-bit hash values. It provides background on hashing, encryption, and different SHA algorithms. Testing of a patch updating an application from MD5 to SHA 512 for password hashing found agreement from 86% of users that the new system is secure for login processes.

Uploaded by

Nget Thearith
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/327392778

Analysis of Secure Hash Algorithm (SHA) 512 for Encryption Process on Web
Based Application

Article · September 2018

CITATIONS READS

34 18,275

2 authors, including:

Imam Riadi
Ahmad Dahlan University
249 PUBLICATIONS 2,342 CITATIONS

SEE PROFILE

All content following this page was uploaded by Imam Riadi on 03 September 2018.

The user has requested enhancement of the downloaded file.


International Journal of Cyber-Security and Digital Forensics (IJCSDF) 7(4): 373-381
The Society of Digital Information and Wireless Communications (SDIWC), 2018 ISSN: 2305-001

Analysis of Secure Hash Algorithm (SHA) 512 for Encryption


Process on Web Based Application

Meiliana Sumagita1 and Imam Riadi2


[1,2]
Department of Information System, Universitas Ahmad Dahlan, Yogyakarta, Indonesia
Jl. Prof. Dr. Soepomo Sh, Warungboto, Umbulharjo, Kota Yogyakarta, Daerah Istimewa Yogyakarta
([email protected], [email protected])

ABSTRACT becomes an essential component of the security


system. This is a way to differentiate between
The login mechanism in web-based applications registered users and intruders. Authentication
implements the MD5 hash function as a form of users on a network is a must for many companies
password encryption that proves to have weaknesses that seriously protect their information assets and
in the form of Collision Attack that is likely to have to know who and what will be accessed on their
the same hash value on two different input values networks.
that can threaten the security and confidentiality of
Various kinds of techniques for increase security
the data. Implementation of password security in
web-based applications requires updating to improve data or information already is developed, one
reliability and ensure system security by using SHA common way is by cryptographic or encryption
512 method. Data collection was done by literature techniques [3]. Use of encryption is needed to
study, data collection from internet, and observation. support the security of the login process. The
The research method is divided into several sample web-based application used has been
processes, namely needs analysis and system applied encryption method using Message Digest
vulnerability, and analysis for improvement. The 5 (MD5) method so it must be updated using
program design consists of flowchart design and another more reliable method.
conceptual design of a hash function calling The SHA algorithm has a difference in the size
mechanism. Mitigation is carried out with the of each block, the word of the data used during
implementation of the new hash function calling a
the hashing process, the length of the message
method, code change for system repair (patching) and
test results from implementation. Testing is done by can be processed, and the size of the resulting
penetration testing and user acceptance test (UAT) message digest varies according to the algorithm
Testing after application of patch, the inputted used, shown as in Table 1. The size of the
password has been converted to more reliable hash Message Digest.
function using SHA 512 method, and the result of
UAT shows the result agreed and strongly agree with Table 1. Differences Each SHA Algorithm Variation
86, 00%, so the implementation of the patch used to Algorithm Message Block Word The Size
secure the password that was made during login can Length Size Size of the
run as required. (bit) (in (in Message
bits) bits) Digest
(bit)
KEYWORDS SHA 1 <264 512 32 160
SHA 256 <264 512 32 256
Secure, Hash, Algorithm, Web, SHA 512. SHA 384 <2128 1024 64 384
128
SHA 512 <2 1024 64 512
1 INTRODUCTION
SHA 1 has a 264-1 message input capacity, with
The security issues sparked the mechanism to
160 bits of hash results and 280 hash power
control access to the network in order to protect
evaluations. Finally, in 2005 Rijmen and Oswald
it from intruders [1]. A vulnerability in a web
published an attack on the reduced SHA 1
application can be opening way for an attack in
version (using only 53 rounds from 80 rounds)
the whole information system and does not close
and the results were found the collision with a
the possibility for the control server [2]. One
complexity of about 280 operations [4].
feature of the login feature is to authenticate
users as identity checks where this function
373
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 7(4): 373-381
The Society of Digital Information and Wireless Communications (SDIWC), 2018 ISSN: 2305-001

SHA 256 and 384 are not used much even certain value (hence it is called one direction).
though for security due to a protracted process The hash function is good if it is difficult to find
that causes the length of time in hashing [4]. 2 strings that will produce the same hash value
SHA 512 is a development of SHA 1 which is an [8]. The way the hash function works is shown
MD4 based improvement. According to Megah in Figure 2.
Mulya [5], 2009, the reliability of SHA 512 is
achieved by the ability to generate 512-bit hash
values, which is the longest hash value that a
hash function can generate. This long hash value
makes the SHA 512 more resistant to attack than
any other hash function so SHA 512 is
considered a powerful, robust and fast hash
Figure 2. Working Mechanism of One Way Hash
function. Function

2 BASIC TEORY 2.4 Secure Hash Algorithm (SHA) 512


The SHA 512 algorithm is an algorithm that uses
2.1 Login System the one-way hash function created by Ron
An application or system that requires Rivest. This algorithm is the development of
authentication of the owner of the access is previous algorithms SHA 0, SHA 1, SHA 256
definitely implementing the login system to and SHA 384 algorithms. Journal of research
secure the data. Login activity is generally done Christian Angga [9], 2007, explains how the
by entering data in the form of username and cryptographic algorithm of SHA 512 is receiving
password that has been registered in the input in the form of messages of any size and
application or system. If the information is valid, generates message diggest which has 512-bit
then the client is allowed to access the network length.
[6]. Its predecessor is SHA1, and MD5 which is a
renewal of MD4, the linkage, and development
2.2 Encryption of the hash algorithm, indicating that the
Encryption is a process that changes a code from algorithm has proven to have been found to be a
an understandable into a code that can not be collision vulnerability. Currently, the National
understood or not readable. Encryption is Institute of Standards and Technology (NIST)
intended to protect information from being seen has made SHA 224, SHA 256, SHA 384, and
by non-people or parties [7]. The way encryption SHA 512 as the new standard hash function. In
works are shown in Figure 1. Table 2 the resume parameters show some hash
functions.
Table 2. Comparison of Multiple Hash Functions
Algorithm The Size of Message Collision
the Message Block
Digest (bit) Size
MD2 128 128 Yes
Figure 1. Working Mechanism of Encryption and MD4 128 512 Almost
Decryption MD5 128 512 Yes
RIPEMD 128 512 Yes
2.3 Hash Cryptography Algorithm RIPEMD- 128/256 512 No
The one-way hash function is a one-way hash 128/256
function [4]. A one-way hash function, also RIPEMD- 160/320 512 No
known as message summary or compression 160/320
function is a mathematical function that takes the SHA-0 160 512 Yes
SHA-1 160 512 There is a
enter variable length and converts it into a binary
Disability
sequence of a fixed length. The one-way hash SHA-256/224 256/224 512 No
function is designed in a way that is difficult to SHA-512/384 512/384 1024 No
reverse the process, ie to find the circuit at a WHIRPOOL 512 512 No

374
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 7(4): 373-381
The Society of Digital Information and Wireless Communications (SDIWC), 2018 ISSN: 2305-001

SHA 512 hash function performs the same hash 3. Initialize Hash Value
operation as SHA 2 operation in general [10]. In the SHA 512 algorithm, the H hash value
SHA 512 hash function is a function that (0) consists of 8 words with 64 bits in the
generates message diggest 512-bit size and 1024 hexadecimal notation as in Table 3.
bit block length. How the cryptographic
algorithm works SHA 512 is to accept input in Table 3. Hexadecimal Notation SHA 512
Buffer Initial Value
the form of a message with any length or size
A 6a09e667f3bcc908
and will generate a message digest that has a B bb67ae8584caa73b
fixed length of 512 bits as shown in Figure 3. C 3c6ef372fe94f82b
D a54ff53a5f1d36f1
E 510e527fade682d1
F 9b05688c2b3e6c1f
G 1f83d9abfb41bd6b
H 5be0cd19137e2179

3 METHODOLOGY

This section will explain the systematic way


used to solve the research problem and also the
steps undertaken in the testing and analysis of
this research. The stages consist of literary
studies is to analyze the system used to
Figure 3. Working Illustration / Creation of Message determine the current conditions, needs,
Digest SHA 512 advantages, and disadvantages of these
programs. This stage is done by reading several
The workings of making message diggest with books, previous research journals, papers or
SHA 512 algorithm are as follows: articles that are appropriate or relevant as well as
1. The addition of bits collecting resources from the internet both
The first process is to add a message with a journals, websites, proceedings and source code
number of bit wedges such that the message that can be used in this research.
length (in bits) is congruent with 890 mod Needs analysis and system vulnerabilities are
1024. The thing to remember is that the 1024 carried out to analyze the vulnerabilities and
number appears because of the SHA 512 needs of the system used. The analysis is focused
algorithm processes messages in blocks of on the web-based application login system
1024 sizes. If there is a message with a 24-bit encryption function which aims to find out the
length, then the message will still be added advantages and disadvantages of the encryption
with the bundle bits. The message will be method currently used when replaced using the
added with 896- (24 + 1) = 871 bits. So the latest algorithm method.
length of the wedge bits is between 1 and Needs analysis and design for improvement are
896. Then one more thing to note is that the to describe and display an overview of the
bit bits consist of a bit 1 followed by the encryption process when the login is done. The
remaining bit 0. description carried out is by showing a flowchart
2. Adding Long Message Redemption Value and conceptual diagram so that the work process
Then the next process is the message added in which password encryption is carried out until
again with 128 bits stating the length of the the login activity occurs can be delivered and
original message. If the message length is understood more clearly.
greater than 2128 then the length is taken in Mitigation performed with the implementation of
modulo 2128. In other words, if initially, the the latest hash function algorithm calling the
message length is equal to K bit, then 128 bit method, code change for patching and test
adds K modulo 2128, so after the second results from implementation. Testing in this
process is done then the message length now study was conducted to show a comparison
is 1024 bits. between the use of MD5 encryption method and
SHA 512 encryption method. Testing was done

375
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 7(4): 373-381
The Society of Digital Information and Wireless Communications (SDIWC), 2018 ISSN: 2305-001

by Penetration Testing and User Acceptance Successfully accessing the


Password changed to hash system if the password hash is
Test. Penetration Testing is done by Brute Force value
Return to login form if password
appropriate

testing while User Acceptance Test is done by hash does not match

Server and database


filling out a questionnaire that is used as one of User
Login, input username
Sniffing Attack,
Data Hacked The hash value of the password is
Web-based
application
and password adjusted by the hash value in the system
the recommendations to improve data security in database

web-based applications. These stages are


described in Figure 4. Attacker

Figure 5. Schema Login In Web-Based Application

Study of Literature The explanation of the web-based application


login scheme above is as follows.
1. Users enter the data in the form of username
and password and send the data to the server.
Needs Analysis And System The data sent is data that has been changed
Vulnerabilities (Current Conditions) using the MD5 hash.
2. The server receives the data in the form of a
username and a hash value of the password
Needs Analysis And Design For
that has been sent by the user.
Improvement 3. The server will bring the hash value to the
database to be equated with the hash value of
the user's password. Verification process
here is password verification in the form of
Mitigation/implementation Of The Latest hash value and not the password in plaintext
Hash Method (patching) form.
4. If the hash value sent by a user with stored in
the same database then a user can enter and
access system, but if not used will get a
Testing warning that the wrong password and return
Figure 4. Block Diagram of Research Methodology
to main page login.
5. The problems found are the use of MD5 hash
4 RESULTS AND DISCUSSION methods that are vulnerable to collision
attacks [12], that threatening the security and
4.1 Vulnerability Analysis confidentiality of data such as the MITM
Information security is the preservation of attack (Man In The Middle Attack) to
information from all possible threats in an conduct sniffing, spofing and other illegal
attempt to ensure or ensure business continuity, activities [13].
minimize business risk, and maximize or
accelerate return on investment and business 4.2 Requirement and Improvement Analysis
opportunitie [11]. This analysis is a discussion of This analysis is a discussion of what are the
how the system login on web-based applications needs of improving the login system in web-
running. This analysis is useful to know the based applications. After the needs and
vulnerability of the system so that it can know vulnerability analysis is done, the result is that
the improvements that need to be done. the login system in the application must update
This study discusses the analysis of encryption the hash method used.
process in the web-based application using After knowing the hash method used in the login
algorithm method of a secure hash algorithm system, the use of encryption with the MD5 hash
(SHA) 512. The results of the analysis carried function has to be updated with more current and
out will be used as a reference or alternative in more reliable methods to maintain the security of
managing web-based application login security an application or system. Renewal of this hash
systems. Analysis of the problem that is being method is done by SHA 512 hash method which
discussed in this research will be explained in has more reliability than MD5.
Figure 5.

376
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 7(4): 373-381
The Society of Digital Information and Wireless Communications (SDIWC), 2018 ISSN: 2305-001

4.3 Mitigation and Testing Figure 7 is the result of data traffic capture done
using Wireshark tool. Capture data shows
4.3.1 System Attack Scheme username information contains admin and
The analysis process should be able to link password contains ciphertext with hash value
information from different variable includes the 154e2803428bb34b2a1c48ffadd177b6. After
completion of information against other obtaining the information is needed additional
information to explain an event or attacks data that is the hash function is likely to be used
activity [14]. Network forensics is defined in as by the system using Hash Identifier.
capture, recording, and analysis of network
events in order to discover the source of security
attacks or other problem incidents. In other
words, network forensics involves capturing,
recording and analyzing of network traffic [15].
Sniffing on a computer network involves the use
of a support tool that enables real-time
monitoring. Sniffing in this study was done to
check traffic on the network and retrieve a copy
Figure 8. Hash Identifier results
or capture of the packet data. The sniffing
activity scheme is described in Figure 6.
Figure 8 shows that the login process on the
application system has applied the MD5 hash
method.

4.3.2 Design Improvement


To facilitate analysis, a design and description
for system improvement will be made by
showing a flowchart and a conceptual image as
described in Figure 9 and Figure 10.
Figure 6. Sniffing Activity Scheme

1. Start
The sniffing experiment in this study was
conducted with the Wireshark tool. Wireshark is
one of the network packet analyzer tools.
2. Input
Wireshark will try to capture network packets username
& password
and try to display the packet data as completely
as possible. After the data obtained then will be
analyzed the data capture results Wireshark to
determine what type of hash function used by the 3. Change the
password to SHA
system. The analysis to determine the type of 512 hash form
hash function is done with the Hash Identifier
tool. As an example of sniffing activities and
analyzing the type of hash function performed in
4. Check the T
Figure 7 and Figure 8. database

5. Home
system

6. Finish
Figure 7. Sniffing Results Using Wireshark Applications
Figure 9. Flowchart Login Process Using SHA 512
Method

377
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 7(4): 373-381
The Society of Digital Information and Wireless Communications (SDIWC), 2018 ISSN: 2305-001

Based on the flowchart presented in Figure 9, calling the hash function on the system. There is
process no. 3 that was previously encrypted also a diagram can be seen in Figure 11.
using MD5 is changed using SHA 512 method.
So in that process, the data transmission in the Index.php
Config/gtfw_base_dir.def
(configuration that calls into
Index.php
(gtfw-php-app) (gtfw-php-base)
form of input from password will be changed to gtfw base)

SHA 512 hash form which has the hash value


much longer than MD5 therefore, user data will Inside GtfwCpu there are 2
Cpu/
be more secure from a vulnerability that can activities or processes,
namely initialize and process GtfwCpu.class.php

occur when using MD5 as described in Figure


10. Run the init
function In Gtfw Cpu the first function
Runs the login
GtfwSecurity.class.php called is the initialize (init)
function and processes
(function login) function and then the process
the SHA 512 hash
Successfully accessing the
function
The password is changed to system if the password hash is
SHA 512 hash value appropriate Automatically the
init security
Return to login form if password
hash does not match function in initialize
is executed
The function of the process
User Server and database Web-based will call the module for login
Login, input username The hash value of the password is application and activity with "enable
and password adjusted by the hash value in the system
database
security"

Figure 11. The Hash Function Calling Diagram


Figure 10. Image Conceptual Login Process Username
and User Password Using SHA 512
The process diagram shown in Figure 11 can be
The explanation of the conceptual image is as described as follows:
follows. 1. The index.php file is the first file executed by
1. Users access the application and login to the program or application. This file will
login to the application. The login process is display the login form, will then call the
done by sending data in the form of gtfw-php-base file as the base library of the
username and password. The process of system.
sending data is done by changing the 2. The gtfw_base_dir.def file shows where the
password data in the form of plaintext into gtfw-php-base file is located and goes
SHA 512 ciphertext hash. directly to index.php located in gtfw-php-
2. The application server receives the data in base.
the form of the hash value of the password 3. Inside index.php gtfw-php-base contains
and then forward it to the database. This system libraries that invoke many functions
process is performed to verify the hash sent or activities to process the system as a
by the user whether it is the same as the base/base function to run the system.
password hash stored in the database (hash 4. The index.php file on gtfw-php-base will
function for storing password). process GTFW_BASE_DIR_CORE on the
3. If the data is suitable then the user can enter GtfwCpu.class.php file. The main functions
and access the application. that are processed are the initialize and
process functions. The initialize (init)
function is a function that will run the
4.3.3 Patching Implementation
Renewal is done by changing the existing hash security command. The function of the
method into SHA 512 hash method combined process is a function that access/process
with the addition of SALT secret key. some modules/actions, one of which is the
Implementation done at this stage is encoding by module to log in. If in process function
creating a patch that will be used to call a hash access login module and another module
function during login. with "enable security" then automatically
The plot of the calling process and the data fungi init will be executed.
changes for the username and password is first 5. If init is done then will go to file
made before the encoding is done, so it can be GtfwSecurity.class.php and call the login
known where the calling of the hash function function residing in it. This login function
calling can change the password to the ciphertext performs a hash method call for encryption
hash value. This process generates a flowchart to secure password data when login is done.
The coding done in this research includes
changing the code or patch. The

378
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 7(4): 373-381
The Society of Digital Information and Wireless Communications (SDIWC), 2018 ISSN: 2305-001

GtfwSecurity.class.php file is used to print the


hash value of a user-entered password by calling
the SHA 512 hash function and receiving the
hash value from the server to match the hash
values stored in the database with the hash
values generated from the input process. The
Figure 13. Results of the Hash Function Calling Process
source code line for the GtfwSecurity.class.php After Patching Performed
file can be seen in the script below.
4.3.5 Testing
$salt = $this->RequestSalt();
if ($hashed) {
$hash = md5(md5($salt . 4.3.5.1 Penetration Testing
$user['Password'])); } else { This test has a purpose to show the resistance
$hash = $user['Password']; } and strength of each algorithm against brute
if (md5($password) === $hash) { force attacks. The testing mechanism is to attack
the resulting hash value by trying any
Changes and additions to code are done in the
combination to find the plaintext of the hash.
GtfwSecurity.class.php file, the addition of the
This test is done by using Hashcat tool that
code is used to call the SHA 512 hash function
serves to get plaintext from a hash or ciphertext.
that has been implemented earlier in the GTFW
The result of this test is the comparison of time
application. The source code line for the
from which hash is faster-found plaintext him.
GtfwSecurity.class.php file after adding the code
In the brute force test, the data obtained from the
can be seen in the script below.
experiment is the time taken to obtain a plaintext
$salt = $this->RequestSalt(); that has been in the hash with MD5 takes an
if ($hashed) { average of 54 seconds while the time taken for
$hash = hash('sha512', hash('sha512', hash with SHA 512 takes an average of 68
$salt . $user['Password'])); seconds. Based on the test it was found that the
} else {
$hash = $user['Password']; }
SHA 512 algorithm is better in terms of
if (hash('sha512', $password) === durability and strength for brute force testing
$hash) { because it has a longer time to find the plaintext
of the hash value of the algorithm.
After the password is set to hash value, then the
system will do the user data from the server then 4.3.5.2 User Acceptance Test
adjust the hash value with the existing in the User Acceptance Test is a testing process
database. Then stored in the login session and undertaken by the developer that will produce
login process was successful. the document presented as evidence that the
implementation of the program can be accepted
4.3.4 Results of Patching Implementation by the developer in accordance with the
The result of adding code or scripts done in the required. The result of the percentage of user
previous process is to increase the value of acceptance test is presented in a pie chart as
security in the process of sending data. The shown below.
result after the program is executed can be seen
as in Figure 12 and Figure 13. 8% 0% 0%
14% Disagree

Less Agree

Neutral

Agreement

Figure 12. Results Process Call Hash Function Before Strongly Agree
Patching Performed 78%
Figure 14. Percentage Test Result User Acceptance Test

379
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 7(4): 373-381
The Society of Digital Information and Wireless Communications (SDIWC), 2018 ISSN: 2305-001

Figure 14 shows the percentage of the above longer time to find the plaintext of the hash value
values indicates the responses of respondents to of the algorithm thus indicating that the hash
the statements in the Security Test questionnaire function is more reliable and robust. In addition
with SS answers of 8.00%, S of 78.00%, N of to testing the User Acceptance Test generate
14.00%, TS by 0.00%, and STS for 0.00%. agreed percentage and strongly agree at 86.00%,
Results obtained from the above test can be seen so the implementation of the patch used to
in Table 4 as table comparison of data security secure passwords on the login feature can run as
between before and after patching. required.
Table 4. Comparison Table Before and After Patching REFERENCES
Performed
No. Parameter Before After
Comparison Patching Patching [1] E. Kurniawan and I. Riadi, “Security level
Not fulfilling, Already analysis of academic information systems
because it still fulfilled. The based on standard ISO 27002:2003 using
uses the old encryption SSE-CMM,” vol. 16, no. 1, pp. 139–147,
Security hash method update uses 2018.
1. standard for that has been hash functions [2] I. Riadi, E. I. Aristianto, and A. Dahlan, “An
login feature. proven to have that have a Analysis of Vulnerability Web Against Attack
a dangerous more reliable Unrestricted Image File Upload,” Comput.
vulnerability. and robust Eng. Appl., vol. 5, no. 1, pp. 19–28, 2016.
security level.
[3] P. Irfan, Y. Prayudi, and I. Riadi, “Image
Less good, Good, because
The level of Encryption using Combination of Chaotic
because the the algorithm
password
algorithm method used System and Rivers Shamir Adleman ( RSA ),”
security on the Int. J. Comput. Appl., vol. 123, no. 6, pp. 11–
method used proved more
2. mechanism of 16, 2015.
has been secure and
web-based [4] M. H. W, “Development of Hash Function
proven to have reliable.
application
dangerous Encryption on SHA (Secure Hash
login feature.
vulnerabilities. Algorithm),” J. Ilmu Komput. dan Teknol.
The resulting The resulting Inf., vol. 3, no. 2, pp. 1–7, 2009.
hash value is hash value is [5] M. Megah, “Use of SHA-512 Algorithm to
The total value small so it only much more so Ensure Integrity and Authenticity of Message
of the hash takes a while as to generate
3. on Intranet,” no. 1, pp. 107–111, 2009.
function when a brute a long time
generated. force test is when a brute
[6] N. Hermaduanti and I. Riadi, “Automation
performed. force test is framework for rogue access point mitigation
performed. in ieee 802.1X-based WLAN,” J. Theor. Appl.
Inf. Technol., vol. 93, no. 2, pp. 287–296,
5 CONCLUSION 2016.
[7] A. Kristanto, Data Security On Computer
Networks. Yogyakarta: Penerbit Gava Media,
Based on the results of research and discussion 2003.
can be concluded that the login process in web- [8] SSL Information, “Difference Between
based applications requires updating of the Hashing and Encryption,” 2018. [Online].
encryption method used by the method of SHA Available:
512 algorithm. This update aims to improve the https://www.ssl2buy.com/wiki/difference-
security of password data on logging features between-hashing-and-encryption.
that are more reliable and powerful so that the [9] C. Angga, “Analysis of How Diverse Works
attacker will be very difficult to attack the Hash Functions Exist,” pp. 1–6, 2011.
system. Implementation of the SHA 512 [10] W. Setiawan, “Analysis and Comparison of
algorithm method produces the longest number Whirlpool and SHA-512 Algorithms as a
Hash Function,” Makal. IF3058 Kriptografi –
of bits of 512 bits so as to ensure system security
Sem. II Tahun 2010/2011, 2011.
and data confidentiality. [11] Y. P. Rosmiati, I. Riadi, “A Maturity Level
Penetration Testing against Brute Force attacks Framework for Measurement of Information
using the Hashcat tool indicates that the SHA Security Performance,” Int. J. Comput. Appl.,
512 algorithm is better in terms of endurance and vol. 141, no. 8, pp. 975–8887, 2016.
strength for brute force testing because it has a [12] S. Dewantono, “Weakness of Message Digest

380
International Journal of Cyber-Security and Digital Forensics (IJCSDF) 7(4): 373-381
The Society of Digital Information and Wireless Communications (SDIWC), 2018 ISSN: 2305-001

Function 5,” 2011.


[13] M. S. Ahmad, I. Riadi, and Y. Prayudi, “Live
Forensics Live From Investigation To
Analyze Man Attacks in the Middle Attack
Evil Twin Based,” Ilk. J. Ilm., vol. 9, no.
April, pp. 1–8, 2017.
[14] M. I. Mazdadi, I. Riadi, and A. Luthfi, “Live
Forensics on RouterOS using API Services to
Investigate Network Attacks,” Int. J. Comput.
Sci. Inf. Secur., vol. 15, no. 2, pp. 406–410,
2017.
[15] D. Mualfah and I. Riadi, “Network Forensics
For Detecting Flooding Attack On Web
Server,” IJCSIS) Int. J. Comput. Sci. Inf.
Secur., vol. 15, no. 2, pp. 326–331, 2017.

381

View publication stats

You might also like