|
| 1 | +\documentclass[11pt,a4paper]{article} |
| 2 | +\usepackage[utf8]{inputenc} |
| 3 | +\usepackage{amsmath} |
| 4 | +\usepackage{amsfonts} |
| 5 | +\usepackage{amssymb} |
| 6 | +\usepackage{graphicx} |
| 7 | +\usepackage{listings} |
| 8 | +\usepackage{xcolor} |
| 9 | +\usepackage{url} |
| 10 | +\usepackage{hyperref} |
| 11 | +\usepackage[margin=1in]{geometry} |
| 12 | + |
| 13 | +% Code listing settings |
| 14 | +\lstset{ |
| 15 | + basicstyle=\ttfamily\footnotesize, |
| 16 | + breaklines=true, |
| 17 | + frame=single, |
| 18 | + language=Python, |
| 19 | + showstringspaces=false, |
| 20 | + commentstyle=\color{green!50!black}, |
| 21 | + keywordstyle=\color{blue}, |
| 22 | + stringstyle=\color{red} |
| 23 | +} |
| 24 | + |
| 25 | +\title{FibroHash: A Cryptographically Secure Password Generation Framework for System Administration} |
| 26 | +\author{Spyros Lefkaditis\\ |
| 27 | +Independent Researcher\\ |
| 28 | +ORCID: 0009-0000-8432-4667} |
| 29 | +\date{November 6, 2025} |
| 30 | + |
| 31 | +\begin{document} |
| 32 | + |
| 33 | +\maketitle |
| 34 | + |
| 35 | +\begin{abstract} |
| 36 | +FibroHash is an enterprise-grade, cryptographically secure password generation framework designed specifically for system administrators and security professionals. Unlike traditional password generators that rely on simple randomization, FibroHash implements a novel multi-layered cryptographic approach combining PBKDF2 key derivation, HMAC-based entropy generation, and mathematical sequence algorithms to produce passwords with guaranteed entropy levels exceeding 190 bits. |
| 37 | + |
| 38 | +The framework addresses critical security gaps in existing password generation tools by implementing proper cryptographic salt handling, resistance to timing attacks, and compliance with modern security standards including NIST SP 800-63B \cite{nist2017digital}, PCI DSS, and ISO/IEC 27001. FibroHash operates entirely offline using only Python's standard library, ensuring no external dependencies or network communications that could compromise security. |
| 39 | + |
| 40 | +\textbf{Keywords:} Python, cryptography, password generation, security, system administration, PBKDF2, entropy analysis |
| 41 | +\end{abstract} |
| 42 | + |
| 43 | +\section{Introduction} |
| 44 | + |
| 45 | +System administrators and security professionals require password generation tools that provide both high entropy and reproducible security analysis. Existing solutions often suffer from predictable patterns, insufficient entropy, or lack proper cryptographic foundations. Recent research on password behavior through persuasion techniques \cite{paudel2024priming} demonstrates the importance of user-centered approaches to secure password creation. Many tools also require external dependencies or network connectivity, introducing potential security vulnerabilities, while contemporary studies on password manager adoption \cite{tian2025unraveling} reveal ongoing challenges in organizational credential management practices. Recent analysis of password hashing methods using CSPRNG and PBKDF2 \cite{mustafa2024analysis} demonstrates the critical importance of implementing proper cryptographic foundations in password generation tools. |
| 46 | + |
| 47 | +FibroHash addresses these limitations by providing: |
| 48 | + |
| 49 | +\begin{enumerate} |
| 50 | +\item \textbf{Cryptographic Security}: Implementation of PBKDF2-HMAC-SHA256 with configurable iterations (1,000-10,000) following NIST SP 800-63B guidelines \cite{nist2017digital} ensuring resistance to rainbow table and brute-force attacks |
| 51 | +\item \textbf{Entropy Verification}: Built-in entropy analysis tools providing Shannon entropy calculations and character distribution analysis |
| 52 | +\item \textbf{Compliance Framework}: Automated validation against industry security standards with detailed audit reporting |
| 53 | +\item \textbf{Research Reproducibility}: Comprehensive test suite enabling security researchers to validate and extend the cryptographic methodology |
| 54 | +\end{enumerate} |
| 55 | + |
| 56 | +The framework has been designed with system administrators in mind, providing both command-line interfaces for operational use and programmatic APIs for integration into larger security frameworks. |
| 57 | + |
| 58 | +\section{Research Contribution and Methodology} |
| 59 | + |
| 60 | +FibroHash introduces an approach to password generation that combines mathematical sequence generation with modern cryptographic primitives \cite{nist2017digital}. The key contribution lies in the use of HMAC-based mathematical sequence generation, which provides the benefits of deterministic testing capabilities while maintaining cryptographic security through proper PBKDF2 key derivation. |
| 61 | + |
| 62 | +\subsection{Cryptographic Architecture} |
| 63 | + |
| 64 | +The password generation process follows a multi-stage cryptographic pipeline: |
| 65 | + |
| 66 | +\begin{enumerate} |
| 67 | +\item \textbf{Input Processing}: User phrases undergo validation and sanitization to prevent injection attacks |
| 68 | +\item \textbf{Key Derivation}: PBKDF2-HMAC-SHA256 transforms user input and cryptographic salt into derived keys |
| 69 | +\item \textbf{Entropy Generation}: Multiple entropy sources including HMAC-based sequence generation and secure random number generation |
| 70 | +\item \textbf{Character Encoding}: Secure base conversion using extended character sets with 90+ characters |
| 71 | +\item \textbf{Quality Assurance}: Automated validation of character diversity and entropy levels |
| 72 | +\end{enumerate} |
| 73 | + |
| 74 | +\subsection{Security Analysis} |
| 75 | + |
| 76 | +The framework provides theoretical entropy levels of 192+ bits for 32-character passwords using a 90-character alphabet. Security analysis includes: |
| 77 | + |
| 78 | +\begin{itemize} |
| 79 | +\item \textbf{Timing Attack Resistance}: Consistent operation times regardless of input characteristics |
| 80 | +\item \textbf{Salt Uniqueness}: Cryptographically secure salt generation for each password instance |
| 81 | +\item \textbf{Pattern Avoidance}: Detection and mitigation of sequential, keyboard, and dictionary patterns |
| 82 | +\end{itemize} |
| 83 | + |
| 84 | +\subsection{Validation Framework} |
| 85 | + |
| 86 | +FibroHash includes a comprehensive validation framework enabling reproducible security research: |
| 87 | + |
| 88 | +\begin{lstlisting}[caption=Security Analysis Example] |
| 89 | +from main import generate_password |
| 90 | +from security_utils import generate_security_report |
| 91 | + |
| 92 | +# Generate cryptographically secure password |
| 93 | +password = generate_password("research phrase", 32, "maximum") |
| 94 | + |
| 95 | +# Perform comprehensive security analysis |
| 96 | +report = generate_security_report(password) |
| 97 | +print(f"Entropy: {report['audit_results']['entropy_analysis']['theoretical_entropy']} bits") |
| 98 | +print(f"Security Score: {report['audit_results']['security_score']}/100") |
| 99 | +\end{lstlisting} |
| 100 | + |
| 101 | +\section{Examples} |
| 102 | + |
| 103 | +\subsection{Basic Usage} |
| 104 | + |
| 105 | +\begin{lstlisting}[caption=Basic Password Generation] |
| 106 | +from main import generate_password |
| 107 | + |
| 108 | +# Generate password with default settings (32 chars, high security) |
| 109 | +password = generate_password("secure research phrase") |
| 110 | + |
| 111 | +# Generate with custom parameters |
| 112 | +password = generate_password("phrase", password_length=24, security_level="maximum") |
| 113 | +\end{lstlisting} |
| 114 | + |
| 115 | +\subsection{Security Analysis} |
| 116 | + |
| 117 | +\begin{lstlisting}[caption=Advanced Security Analysis] |
| 118 | +from security_utils import SecurityAuditor, SecurePasswordValidator |
| 119 | + |
| 120 | +auditor = SecurityAuditor() |
| 121 | +validator = SecurePasswordValidator() |
| 122 | + |
| 123 | +# Comprehensive security audit |
| 124 | +audit_results = auditor.audit_password_quality(password) |
| 125 | + |
| 126 | +# Policy validation |
| 127 | +is_valid, violations = validator.validate(password) |
| 128 | +\end{lstlisting} |
| 129 | + |
| 130 | +\subsection{Configuration and Testing} |
| 131 | + |
| 132 | +\begin{lstlisting}[language=bash, caption=Setup and Testing Commands] |
| 133 | +# Setup and configuration |
| 134 | +python3 setup.sh |
| 135 | + |
| 136 | +# Run comprehensive security test suite |
| 137 | +python3 test.py |
| 138 | + |
| 139 | +# Interactive password generation |
| 140 | +./init.sh |
| 141 | +\end{lstlisting} |
| 142 | + |
| 143 | +\section{Impact and Applications} |
| 144 | + |
| 145 | +FibroHash has applications in: |
| 146 | + |
| 147 | +\begin{itemize} |
| 148 | +\item \textbf{System Administration}: Secure password generation for server and service accounts |
| 149 | +\item \textbf{Security Research}: Reproducible password security analysis and entropy validation |
| 150 | +\item \textbf{Compliance Auditing}: Automated validation against security standards |
| 151 | +\item \textbf{Educational Use}: Teaching cryptographic principles and password security |
| 152 | +\end{itemize} |
| 153 | + |
| 154 | +The framework's emphasis on reproducible security analysis makes it particularly valuable for security researchers studying password generation algorithms and entropy analysis techniques. |
| 155 | + |
| 156 | +\section{Acknowledgements} |
| 157 | + |
| 158 | +The author acknowledges the Python cryptography community for establishing secure cryptographic practices and the NIST Cybersecurity Framework for providing security standards guidance. |
| 159 | + |
| 160 | +\bibliographystyle{plain} |
| 161 | +\bibliography{references} |
| 162 | + |
| 163 | +\end{document} |
0 commit comments