Master - Lab - Analysis of default authentication (hashing + 2FA) in CMS and web application frameworks

Supervisor: Eva (gerlitz@cs.uni-bonn.de)

Ntantogian et al. analyzed the default hashing schemes of commonly used and popular CMS and web application frameworks in 2018. They found that many use deprecate hash functions.

Your task

Replication of their analysis: What default hashing functions are used in 2022?
What are the default user facing password policies?
Expansion of the analysis by including 2FA/MFA (+ deciding on properties to evaluate the implementation)
How is it implemented? Are libraries used or is it self-written?

Literature to start with

Ntantogian, Christoforos, Stefanos Malliaros, and Christos Xenakis. “Evaluation of password hashing schemes in open source web platforms.” Computers & Security 84 (2019): 206-224.

Last updated on Jan 1, 0001