{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,3]],"date-time":"2025-12-03T21:28:47Z","timestamp":1764797327443,"version":"3.41.2"},"reference-count":57,"publisher":"Frontiers Media SA","license":[{"start":{"date-parts":[[2024,2,29]],"date-time":"2024-02-29T00:00:00Z","timestamp":1709164800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["frontiersin.org"],"crossmark-restriction":true},"short-container-title":["Front. Comput. Sci."],"abstract":"A password hashing algorithm is a cryptographic method that transforms passwords into a secure and irreversible format. It is used not only for authentication purposes but also for key derivation mechanisms. The primary purpose of password hashing is to enhance the security of user credentials by preventing the exposure of plaintext passwords in the event of a data breach. As a key derivation function, password hashing aims to derive secret keys from a master key, password, or passphrase using a pseudorandom function. This review focuses on the design and analysis of time-memory trade-off (TMTO) attacks on recent password hashing algorithms. This review presents a comprehensive survey of TMTO attacks and recent studies on password hashing for authentication by examining the literature. The study provides valuable insights and strategies for safely navigating transitions, emphasizing the importance of a systematic approach and thorough testing to mitigate risk. The purpose of this paper is to provide guidance to developers and administrators on how to update cryptographic practices in response to evolving security standards and threats.<\/jats:p>","DOI":"10.3389\/fcomp.2024.1368362","type":"journal-article","created":{"date-parts":[[2024,2,29]],"date-time":"2024-02-29T05:29:17Z","timestamp":1709184557000},"update-policy":"https:\/\/doi.org\/10.3389\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["On time-memory trade-offs for password hashing schemes"],"prefix":"10.3389","volume":"6","author":[{"given":"Ayse Nurdan","family":"Saran","sequence":"first","affiliation":[]}],"member":"1965","published-online":{"date-parts":[[2024,2,29]]},"reference":[{"key":"B1","doi-asserted-by":"crossref","first-page":"454","DOI":"10.1109\/PADSW.2014.7097841","article-title":"An efficient implementation of PBKDF2 with RIPEMD-160 on multiple FPGAs","volume-title":"Proceedings of the 20th IEEE International Conference on Parallel and Distributed Systems (ICPADS)","author":"Abbas","year":"2014"},{"key":"B2","first-page":"215","article-title":"Precomputation for rainbow tables has never been so fast","volume-title":"Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Volume 12973","author":"Avoine","year":"2021"},{"key":"B3","doi-asserted-by":"crossref","first-page":"286","DOI":"10.1145\/3579856.3582825","article-title":"Stairway to rainbow","volume-title":"Proceedings of the 2023 ACM Asia Conference on Computer and Communications Security","author":"Avoine","year":"2023"},{"key":"B4","doi-asserted-by":"publisher","first-page":"183","DOI":"10.1007\/11596219_15","article-title":"Time-memory trade-offs: False alarm detection using checkpoints","author":"Avoine","year":"2005","journal-title":"Progress in Cryptology"},{"key":"B5","doi-asserted-by":"crossref","first-page":"161","DOI":"10.1049\/cp:19950490","article-title":"Improved \u201cexhaustive search\u201d attacks on stream ciphers","volume-title":"European Convention on Security and Detection","author":"Babbage","year":"1995"},{"key":"B6","first-page":"312","article-title":"Multi-instance security and its application to password-based cryptography","volume-title":"Annual Cryptology Conference","author":"Bellare","year":"2012"},{"key":"B7","unstructured":"BiryukovA.\n Some Thoughts on Time-Memory-data Tradeoffs. Cryptology ePrint Archive, Paper 2005\/2072005"},{"volume-title":"Argon2 (version 1, 2.). Technical Report","year":"2015","author":"Biryukov","key":"B8"},{"key":"B9","doi-asserted-by":"crossref","first-page":"292","DOI":"10.1109\/EuroSP.2016.31","article-title":"Argon2: new generation of memory-hard functions for password hashing and other applications","volume-title":"2016 IEEE European Symposium on Security and Privacy (EuroS&P)","author":"Biryukov","year":"2016"},{"key":"B10","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/3-540-44448-3_1","article-title":"Cryptanalytic time\/memory\/data tradeoffs for stream ciphers","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2000","author":"Biryukov","year":"2000"},{"volume-title":"Balloon Hashing: A Memory-Hard Function Providing Provable Protection Against Sequential Attacks","year":"2016","author":"Boneh","key":"B11"},{"key":"B12","unstructured":"BorstJ.\n BelgiumDept. Elektrotechniek, Katholieke Universiteit LeuvenBlock Ciphers: Design, Analysis and Side-channel Analysis2001"},{"key":"B13","first-page":"111","article-title":"On the time-memory tradeoff between exhaustive key search and table precomputation","volume-title":"Symposium on Information Theory in the Benelux","author":"Borst","year":"1998"},{"key":"B14","doi-asserted-by":"crossref","first-page":"1161","DOI":"10.23919\/MIPRO.2018.8400211","article-title":"Brute-force and dictionary attack on hashed real-world passwords","volume-title":"2018 41st International Convention on Information and Communication Technology, Electronics and Microelectronics (Mipro)","author":"Bo\u0161njak","year":"2018"},{"key":"B15","doi-asserted-by":"crossref","DOI":"10.6028\/NIST.SP.800-63-2","volume-title":"SP 800-63-2. Electronic Authentication Guideline. Technical Report","author":"Burr","year":"2013"},{"key":"B16","doi-asserted-by":"publisher","first-page":"163","DOI":"10.1007\/s10207-018-0405-5","article-title":"Cryptanalytic time-memory trade-off for password hashing schemes","volume":"18","author":"Chang","year":"2019","journal-title":"Int. J. Inf. Secur"},{"key":"B17","first-page":"227","article-title":"Random oracles and non-uniformity","volume-title":"Annual International Conference on the Theory and Applications of Cryptographic Techniques","author":"Coretti","year":"2018"},{"key":"B18","doi-asserted-by":"crossref","unstructured":"DunkelmanO.\n KellerN.\n Treatment of the Initial Value in Time-Memory-Data Tradeoff Attacks on Stream Ciphers2008","DOI":"10.1016\/j.ipl.2008.01.011"},{"key":"B19","first-page":"716","article-title":"Evaluation of standardized password-based key derivation against parallel processing platforms","volume-title":"Computer Security-ESORICS 2012, 17th European Symposium on Research in Computer Security, Pisa, Italy, September 10-12, 2012. Proceedings 17","author":"D\u00fcrmuth","year":"2012"},{"key":"B20","first-page":"64","article-title":"Password hashing and preprocessing","volume-title":"Annual International Conference on the Theory and Applications of Cryptographic Techniques","author":"Farshim","year":"2021"},{"key":"B21","unstructured":"ForlerC.\n LucksS.\n WenzelJ.\n Catena: A Memory-Consuming Password-Scrambling Framework2013"},{"key":"B22","doi-asserted-by":"crossref","first-page":"130","DOI":"10.1007\/978-3-319-93524-9_8","article-title":"Examination of a new defense mechanism: honeywords","volume-title":"Information Security Theory and Practice","author":"Gen\u00e7","year":"2018"},{"key":"B23","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-031-38545-2_16","volume-title":"The Query-Complexity of Preprocessing Attacks","author":"Ghoshal","year":"2023"},{"key":"B24","doi-asserted-by":"publisher","first-page":"239","DOI":"10.1007\/3-540-69053-0_17","article-title":"Cryptanalysis of alleged a5 stream cipher","author":"Goli\u0107","year":"1997","journal-title":"Advances in Cryptology"},{"key":"B25","doi-asserted-by":"publisher","first-page":"401","DOI":"10.1109\/TIT.1980.1056220","article-title":"A cryptanalytic time-memory trade-off","volume":"26","author":"Hellman","year":"1980","journal-title":"IEEE Trans. Inf. Theory"},{"key":"B26","doi-asserted-by":"publisher","first-page":"559","DOI":"10.1007\/s00145-012-9128-3","article-title":"A comparison of cryptanalytic tradeoff algorithms","volume":"26","author":"Hong","year":"2013","journal-title":"J. Cryptol"},{"key":"B27","doi-asserted-by":"publisher","first-page":"353","DOI":"10.1007\/11593447_19","article-title":"New applications of time memory data tradeoffs","author":"Hong","year":"","journal-title":"Advances in Cryptology"},{"key":"B28","unstructured":"HongJ.\n SarkarP.\n Rediscovery of Time Memory Tradeoffs"},{"key":"B29","unstructured":"IEEE Standard for Information Technology Telecommunications and Information Exchange Between Systems Local, and Metropolitan Area Networks-Specific Requirements Part 11: (IEEE Std 802.11-2007 (Revision of IEEE Std 802.11-1999)), Vol. 122007"},{"volume-title":"RFC 2898\u2014PKCS #5: Password-based Cryptography Specification Version 2.0","year":"2000","author":"Kaliski","key":"B30"},{"key":"B31","doi-asserted-by":"crossref","first-page":"523","DOI":"10.1109\/SP.2012.38","article-title":"Guess again (and again and again): measuring password strength by simulating password-cracking algorithms","volume-title":"2012 IEEE Symposium on Security and Privacy","author":"Kelley","year":"2012"},{"key":"B32","doi-asserted-by":"crossref","first-page":"95","DOI":"10.1007\/978-3-642-17342-4_5","article-title":"Brute force attacks","volume-title":"The Block Cipher Companion","author":"Knudsen","year":"2011"},{"key":"B33","doi-asserted-by":"crossref","first-page":"109","DOI":"10.1109\/CSR51186.2021.9527961","article-title":"On security of key derivation functions in password-based cryptography","volume-title":"2021 IEEE International Conference on Cyber Security and Resilience (CSR)","author":"Kodwani","year":"2021"},{"key":"B34","doi-asserted-by":"publisher","first-page":"116","DOI":"10.17706\/jsw.10.2.116-126","article-title":"On the security analysis of pbkdf2 in openoffice","volume":"10","author":"Li","year":"2015","journal-title":"J. Softw"},{"key":"B35","first-page":"10","article-title":"Are your passwords safe: energy-efficient bcrypt cracking with low-cost parallel hardware","volume-title":"Proceedings of the 8th USENIX Workshop on Offensive Technologies (WOOT'14)","author":"Malvoni","year":"2014"},{"key":"B36","doi-asserted-by":"publisher","first-page":"323","DOI":"10.1007\/11802839_41","article-title":"Time-memory trade-off attack on fpga platforms: unix password cracking","author":"Mentens","year":"2006","journal-title":"Reconfigurable Computing: Architectures and Applications"},{"key":"B37","unstructured":"MoriartyK.\n KaliskiB.\n RuschA.\n RFC EditorPKCS #5: Password-based Cryptography Specification Version 2.12017"},{"volume-title":"Recommendation for Password-based Key Derivation","year":"2010","key":"B38"},{"key":"B39","doi-asserted-by":"publisher","first-page":"617","DOI":"10.1007\/978-3-540-45146-4_36","article-title":"Making a faster cryptanalytic time-memory trade-off","author":"Oechslin","year":"2003","journal-title":"Advances in Cryptology - CRYPTO 2003"},{"key":"B40","first-page":"81","article-title":"Stronger key derivation via sequential memory-hard functions","volume-title":"Proceedings of the BSD Conference","author":"Percival","year":"2009"},{"key":"B41","doi-asserted-by":"crossref","unstructured":"PercivalC.\n JosefssonS.\n The Scrypt Password-based Key Derivation Function2016","DOI":"10.17487\/RFC7914"},{"volume-title":"yescrypt \u201cPassword Hashing Scalable Beyond Bcrypt and Scrypt.\u201d","year":"2014","author":"Peslyak","key":"B42"},{"key":"B43","unstructured":"PorninT.\n The MAKWA Password Hashing Function (2015)2015"},{"key":"B44","first-page":"81","article-title":"Future-adaptable password scheme","volume-title":"Proceedings of the USENIX Annual Technical Conference","author":"Provos","year":"1999"},{"key":"B45","first-page":"429","article-title":"How easy is collision search? Application to des","volume-title":"Advances in Cryptology","author":"Quisquater","year":"1990"},{"key":"B46","article-title":"Acceleration attacks on PBKDF2: or, what is inside the black-box of oclHashcat?","volume-title":"10th USENIX Workshop on Offensive Technologies","author":"Ruddick","year":""},{"key":"B47","article-title":"Acceleration attacks on PBKDF2: or, what is inside the Black-Box of oclHashcat?","volume-title":"10th USENIX Workshop on Offensive Technologies (WOOT 16)","author":"Ruddick","year":""},{"key":"B48","unstructured":"SaranN.\n AnkaraDept. Cryptography, Middle East Technical UniversityTime Memory Trade off Attack on Symmetric Ciphers2009"},{"key":"B49","doi-asserted-by":"publisher","first-page":"50","DOI":"10.1002\/j.1538-7305.1951.tb01366.x","article-title":"Prediction and entropy of printed English","volume":"30","author":"Shannon","year":"1951","journal-title":"Bell. Syst. Tech. J"},{"key":"B50","unstructured":"Simplicio JrM.\n AlmeidaL.\n AndradeE.\n dos SantosP.\n BarretoP.\n Lyra2: Password Hashing Scheme with Improved Security against Time-Memory Trade-offs2015"},{"key":"B51","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1007\/978-3-540-85912-3_3","article-title":"New distinguishers based on random mappings against stream ciphers","volume-title":"Sequences and Their Applications-SETA 2008: 5th International Conference Lexington, KY, USA, September 14-18, 2008 Proceedings 5","author":"S\u00f6nmez Turan","year":"2008"},{"key":"B52","doi-asserted-by":"publisher","first-page":"593","DOI":"10.1007\/3-540-36400-5_43","article-title":"A time-memory tradeo. using distinguished points: new analysis and FPGA results","author":"Standaert","year":"2003","journal-title":"Cryptographic Hardware and Embedded Systems"},{"key":"B53","first-page":"205","article-title":"Random oracles and auxiliary input","volume-title":"Advances in Cryptology-CRYPTO 2007, 27th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2007. Proceedings 27","author":"Unruh","year":"2007"},{"key":"B54","doi-asserted-by":"crossref","first-page":"119","DOI":"10.1007\/978-3-319-26823-1_9","article-title":"On the weaknesses of pbkdf2","volume-title":"Cryptology and Network Security: 14th International Conference, CANS 2015, Marrakesh, Morocco, December 10-12, 2015. Proceedings 14","author":"Visconti","year":"2015"},{"key":"B55","doi-asserted-by":"publisher","first-page":"296","DOI":"10.1016\/j.jisa.2019.03.016","article-title":"Examining pbkdf2 security margin\u2014case study of Luks","volume":"46","author":"Visconti","year":"2019","journal-title":"J. Inf. Sec. Appl"},{"key":"B56","unstructured":"Additional modes for ascon version 1.1\n WeatherleyR.\n Paper presented at the Lightweight Cryptography Workshop2023"},{"key":"B57","doi-asserted-by":"crossref","first-page":"391","DOI":"10.1109\/SP.2009.8","article-title":"Password cracking using probabilistic context-free grammars","volume-title":"2009 30th IEEE Symposium on Security and Privacy","author":"Weir","year":"2009"}],"container-title":["Frontiers in Computer Science"],"original-title":[],"link":[{"URL":"https:\/\/www.frontiersin.org\/articles\/10.3389\/fcomp.2024.1368362\/full","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,2,29]],"date-time":"2024-02-29T05:29:45Z","timestamp":1709184585000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.frontiersin.org\/articles\/10.3389\/fcomp.2024.1368362\/full"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,2,29]]},"references-count":57,"alternative-id":["10.3389\/fcomp.2024.1368362"],"URL":"https:\/\/doi.org\/10.3389\/fcomp.2024.1368362","relation":{},"ISSN":["2624-9898"],"issn-type":[{"type":"electronic","value":"2624-9898"}],"subject":[],"published":{"date-parts":[[2024,2,29]]},"article-number":"1368362"}}