Master - Lab - Analysis of default authentication (hashing + 2FA) in CMS and web application frameworks

Supervisor: Eva (

Ntantogian et al. analyzed the default hashing schemes of commonly used and popular CMS and web application frameworks in 2018. They found that many use deprecate hash functions.

Your task

  • Replication of their analysis: What default hashing functions are used in 2022?
  • What are the default user facing password policies?
  • Expansion of the analysis by including 2FA/MFA (+ deciding on properties to evaluate the implementation)
  • How is it implemented? Are libraries used or is it self-written?

Literature to start with

Ntantogian, Christoforos, Stefanos Malliaros, and Christos Xenakis. “Evaluation of password hashing schemes in open source web platforms.” Computers & Security 84 (2019): 206-224.