AN OFFLINE PASSWORD MANAGEMENT SYSTEM WITH PERFORMANCE AND SECURITY ANALYSIS ON AES ENCRYPTION AND PBKDF2
Loading...
Date
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
UNIVERSITI MALAYSIA SARAWAK
Abstract
Description
With the rise of online accounts, users increasingly face challenges in managing secure passwords, often resorting to weak, reused, or already compromised credentials—exposing them to data breaches and credential-stuffing attacks. Most password managers rely on a single master password, creating a critical single point of failure if it is lost or compromised. Additionally, users are typically provided with vague password strength indicators that lack insight into how passwords would perform under real-world attack conditions such as plaintext brute-force, AES brute-force, dictionary, and rainbow table attacks. This project aims to enhance password security, reduce reliance on single-point authentication, and offer transparent password strength evaluation through an offline password management system. The system uses AES encryption and PBKDF2 hashing to secure the vault and strengthen key derivation. It integrates a built-in password generator and a breach check feature powered by the Pwned Passwords API to help users create strong, unique passwords and detect compromised ones. To mitigate the risks of master password dependency, the system includes multi-factor authentication (MFA) and recovery keys for secure access and recovery. A standout feature is the password strength tester, which simulates various attack methods—including plaintext brute-force, AES brute-force, dictionary, and rainbow table attacks—to evaluate each password's resilience, presenting both estimated and actual time to crack. The system was developed using the Waterfall model, a structured, phase-by-phase methodology that guided the process from requirement analysis through design, implementation, testing, and evaluation across various user scenarios, with a focus on encryption performance and attack simulations. Results demonstrate that the system successfully achieves its objectives: it improves password quality through generation and breach detection, reduces vulnerability through MFA and recovery mechanisms, and enhances user awareness by providing meaningful feedback on password strength under realistic attack models. The real-time simulation and performance analysis enable users to understand their password security level and adjust accordingly. By bridging the gap between usability and cybersecurity, this system not only secures password storage but also educates users on best practices and threat resilience.