Hashing Algorithm for Protecting Credential Information Against Channel Interception and Server-Side Data Leakage

This research proposes a novel algorithm for password hashing, called the Sandwich Hashing algorithm, designed to protect credential information from channel interception as well as server-side data leakage. The algorithm comprises three main steps: credential information enrollment, credential information hashing at the client side, and credential information checking at the server side. Sandwich Hashing employs slow
but secure hash functions like bcrypt or Argon2, combined with PBKDF2, to provide robust security against rainbowtable and brute-force attacks. By using unique, random salts and timestamp buffers for each credential check, the algorithm enhances the protection of credential information from channel interception and server-side data leakage. Furthermore, hash values are partially stored on the server to resist such attacks. However, it is acknowledged that the algorithm remains vulnerable to parallel attacks involving simultaneous channel interception and server data leakage. This study details the algorithm’s implementation, parameter settings, security capabilities, and limitations, demonstrating its superiority over traditional serverside and client-side hashing methods.