Paper 2023/148

PassPro: A secure password protection from the adversaries

Ripon Patgiri, National Institute of Technology Silchar
Laiphrakpam Dolendro Singh, National Institute of Technology Silchar

In this paper, we present a client-side password hashing method, called PassPro. PassPro uses two secrets and a domain word to shuffle the strings. The shuffled strings are converted into hash values and sent to the identity manager for authentication or identity creation. The shuffling is based on a pseudo-random algorithm. The legitimate user can reproduce the shuffled string again. The hash values are encrypted in the password database with a different key for each user. Therefore, PassPro features- a) client-side password metering, b) client-side password hashing, c) prevention of the domino effect, d) protection of the password database from stealing, e) memory hardness, f) encryption of the hash values using a mutually reproducible secret key, and g) prevention of dictionary and guessing attacks. Also, PassPro guarantees that identity managers, including adversaries, cannot retrieve the original password and user ID of the user. Alternatively, the original user ID and password cannot be retrieved even if the password database is given to the adversary. Furthermore, the user ID and password of a password database are invalid in other domains, even if the same user ID and password are used in multiple domains.

Available format(s)
Publication info
Password security
Contact author(s)
ripon @ cse nits ac in
ldsingh @ cse nits ac in
2023-02-15: approved
2023-02-08: received
See all versions
Short URL
Creative Commons Attribution-NonCommercial


      author = {Ripon Patgiri and Laiphrakpam Dolendro Singh},
      title = {PassPro: A secure password protection from the adversaries},
      howpublished = {Cryptology ePrint Archive, Paper 2023/148},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.