Inloggning
Lösenordskryptering och Brute force attack
This report is the result of a sub-project of a larger project to create a platform formathematical education. The sub-project focuses on authentication with associ-ated security, where security is emphasized. The project environment is Java EE 6where GlassFish 4.0 acts as the server. The project has been divided into threeparts; password encryption, Java EE authentication and brute force attack. Thepassword encryption part focuses on examining different hash functions executionspeed, the result shows that none of the examined hash algorithms is suitable fordirect use. Instead its recommended to use PBKDF2 with salt to encrypt pass-words. The Java EE section constructs a working application where users can reg-ister and login etc. This is performed as a study of the security tools available inJava EE. The result meets the requirement specification and a section on Java EEsecurity tools is presented. The brute force attack section is a theoretical study ofwhat can be done to protect against a brute force attack. The result shows thatCAPTCHAs is not recommended by OWASP and a system using cookies and aform of userblocking is purposed. The various parts are separated as far as possi-ble through the report with the exception that the result of the password encryp-tion section is applied in the Java EE application.