Master - Lab - Analysis of default authentication (hashing + 2FA) in CMS and web application frameworks

Supervisor: Eva (gerlitz@cs.uni-bonn.de)

We would like to encourage you to work with fellow students (up to three). If you want to apply as a group, please hand in only one expose. If you apply on your own, we might ask you to work with other students who also applied.

Ntantogian et al. analyzed the default hashing schemes of commonly used and popular CMS and web application frameworks in 2018. They found that many use deprecate hash functions.

Your task is to expand this work:

1. What are the default user facing password policies?
2. Expansion of the analysis by including 2FA/MFA (+ deciding on properties to evaluate the implementation)
3. How is it implemented? Are libraries used or is it self-written?

Literature to start with

Ntantogian, Christoforos, Stefanos Malliaros, and Christos Xenakis. “Evaluation of password hashing schemes in open source web platforms.” Computers & Security 84 (2019): 206-224.