Aplikasi Pengukuran Kekuatan dan Rekomendasi Password  Berdasarkan Input Pengguna dengan Metode Entropi

Bacilius Agung Suburdjati; Fransiska Nindita Iswari; Wilson Kenneth Jonathan

doi:10.57094/ji.v3i2.2519

Bacilius Agung Suburdjati Universitas Santo Borromeus
Fransiska Nindita Iswari Sekolah Menengah Atas Santa Angela Bandung
Wilson Kenneth Jonathan Sekolah Menengah Atas Santa Angela Bandung

DOI: https://doi.org/10.57094/ji.v3i2.2519

Keywords: Password, Entropy, True Random Number Generator, Pseudorandom Number Generator, NATO Phonetic Alphabet

Abstract

This study develops a Python-based application to evaluate password strength and provide more secure password recommendations using the NATO phonetic alphabet, True Random Number Generator (TRNG), and Pseudorandom Number Generator (PRNG). The application aims to enhance user security by generating passwords with high entropy. This entropy is influenced by character variation, password length, and the combination of symbols, numbers, and letters. The study shows that the more complex a password is, the longer it takes to be cracked. However, overly complex passwords are often difficult to remember, requiring a solution that maintains security without compromising usability. The developed application not only measures password strength but also provides stronger password recommendations through three methods. The first method replaces some password characters with the NATO phonetic alphabet, making them easier to remember. The second method adds random characters based on PRNG, while the third method combines TRNG and NATO to enhance password complexity. With this approach, the application offers a practical solution to improving digital security, helping users create stronger passwords that remain easy to use in daily life.

References

D. Xu and D. E. Tamir, “Pseudo-random number generators based on the Collatz conjecture,” Int. J. Inf. Technol., vol. 11, no. 3, pp. 453–459, 2019, doi: 10.1007/s41870-019-00307-9.

F. Al Maqbali and C. J. Mitchell, “AutoPass: An automatic password generator,” Proc. - Int. Carnahan Conf. Secur. Technol., vol. 2017-Octob, pp. 1–6, 2017, doi: 10.1109/CCST.2017.8167791.

J. Marquardson, “Password policy effects on entropy and recall: Research in progress,” 18th Am. Conf. Inf. Syst. 2012, AMCIS 2012, vol. 6, no. January, pp. 4824–4832, 2012.

R. K. Abdullah and R. O. Hoan, “Penerapan Enkripsi Hibrida AES-RSA untuk Meningkatkan Keamanan Layanan Sistem Informasi Distribusi Slip Gaji Implementing AES-RSA Hybrid Encryption to Enhance the Security of Salary Slip Distribution Information System,” vol. 7, pp. 33–40, 2025.

Azhar, Arkarni Wais, and Atthariq, “Sistem Keamanan Pada Halaman Login Menggunakan One Time Password,” J. Embed. Syst. Secur. Intell. Syst., vol. 01, no. 2, pp. 106–113, 2020.

J. Tan, L. Bauer, N. Christin, and L. F. Cranor, “Practical Recommendations for Stronger, More Usable Passwords Combining Minimum-strength, Minimum-length, and Blocklist Requirements,” Proc. ACM Conf. Comput. Commun. Secur., pp. 1407–1426, 2020, doi: 10.1145/3372297.3417882.

L. Bosnjak, J. Sres, and B. Brumen, “Brute-force and dictionary attack on hashed real-world passwords,” 2018 41st Int. Conv. Inf. Commun. Technol. Electron. Microelectron. MIPRO 2018 - Proc., no. May 2018, pp. 1161–1166, 2018, doi: 10.23919/MIPRO.2018.8400211.

M. S. Turan, E. Barker, W. Burr, and L. Chen, “Recommendation for password-based key derivation: part 1: storage applications,” NIST Spec. Publ., no. December, pp. 800–132, 2010, [Online]. Available: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf

P. Tasevski, “Password Attacks and Generation Strategies,” no. November, p. 2, 2019, doi: 10.13140/RG.2.1.1247.8807.

M. F. Sanner, “Python: A programming language for software integration and development,” J. Mol. Graph. Model., vol. 17, no. 1, pp. 57–61, 1999.

S. Oesch and S. Ruoti, “Open access to the Proceedings of the 29th USENIX Security Symposium is sponsored by USENIX. That Was Then, This Is Now: A Security Evaluation of Password Generation, Storage, and Autofill in Browser-Based Password Managers That Was Then, This Is Now: A S,” 2020, [Online]. Available: https://www.usenix.org/conference/usenixsecurity20/presentation/oesch

W. Y. Aditama, I. R. Hikmah, and D. F. Priambodo, “Analisis Komparatif Keamanan Aplikasi Pengelola Kata Sandi Berbayar Lastpass, 1Password, dan Keeper Berdasarkan ISO/IEC 25010,” J. Teknol. Inf. dan Ilmu Komput., vol. 10, no. 4, p. 857, 2023, doi: 10.25126/jtiik.20231036544.

M. M. Devillers. "Analyzing password strength." Radboud University Nijmegen, Tech. Rep, 2, 2010.

K. P. L. Vu, R. W. Proctor, A. Bhargav-Spantzel, B. L. (Belin) Tai, J. Cook, and E. Eugene Schultz, “Improving password security and memorability to protect personal and organizational information,” Int. J. Hum. Comput. Stud., vol. 65, no. 8, pp. 744–757, Aug. 2007, doi: 10.1016/j.ijhcs.2007.03.007.

W. Ma, J. Campbell, D. Tran, and D. Kleeman, “Password entropy and password quality,” in Proceedings - 2010 4th International Conference on Network and System Security, NSS 2010, 2010, pp. 583–587. doi: 10.1109/NSS.2010.18.

J. Abbott, D. Calarco, and L. J. Camp, “Factors Influencing Password Reuse: A Case Study.” [Online]. Available: https://ssrn.com/abstract=3142270.