Master - Lab - Analysis of default authentication (hashing + 2FA) in CMS and web application frameworks
Supervisor: Eva (gerlitz@cs.uni-bonn.de)
Ntantogian et al. analyzed the default hashing schemes of commonly used and popular CMS and web application frameworks in 2018. They found that many use deprecate hash functions.
Your task
- Replication of their analysis: What default hashing functions are used in 2022?
- What are the default user facing password policies?
- Expansion of the analysis by including 2FA/MFA (+ deciding on properties to evaluate the implementation)
- How is it implemented? Are libraries used or is it self-written?
Literature to start with
Ntantogian, Christoforos, Stefanos Malliaros, and Christos Xenakis. “Evaluation of password hashing schemes in open source web platforms.” Computers & Security 84 (2019): 206-224.