Implementation of One-Time Password and SHA-3 Algorithm on the Lab Inventory Website of the Department of Informatics and Computer Engineering

Abstract

This study evaluates the effectiveness of the One-Time Password (OTP) system on the Inventory Lab website of the Department of Informatics and Computer Engineering, focusing on OTP and user password security against Brute Force attacks. The objectives include testing OTP validation, analyzing OTP vulnerabilities to Brute Force attacks, and examining the resilience of user passwords under similar attacks. The study contributes to cyber security research by offering insights into implementing OTP and SHA-3 encryption algorithms on websites. Its findings aim to enhance the security measures of the Inventory Lab website. Results indicate that OTP delivery on the website is both successful and secure, with codes encrypted using SHA-3, rendering them unreadable in the database. OTP validation effectively distinguished correct and incorrect codes, including those that expired due to time limits. However, Brute Force trials on OTPs succeeded in some cases due to extended expiration times. Reducing the expiration period to one minute significantly minimized this risk. Similarly, trials on user passwords showed that passwords with complex character combinations resisted attacks more effectively than simpler ones. In summary, the OTP system and SHA-3 encrypted passwords demonstrate robust security but require adjustments to OTP expiration settings and stronger password policies to mitigate the risks of brute-force attacks. These improvements will further safeguard the website’s security infrastructure.