FibroHash: A Cryptographically Secure Password Generation Framework for System Administration

Author: Lefkaditis, Spyros

Publisher: Zenodo

DOI: 10.5281/zenodo.17546159

Source: https://zenodo.org/records/17546159/files/main.pdf

Fib oHash: A C yp og aphically Secu e Passwo d Gene a ion
F amewo k o Sys em Adminis a ion
Spy os Le kadi is
Independen Resea che
ORCID: 0009-0000-8432-4667
No embe 6, 2025
Abs ac
Fib oHash is an en e p ise-g ade, c yp og aphically secu e passwo d gene a ion ame-
wo k designed speci ically o sys em adminis a o s and secu i y p o essionals. Unlike a-
di ional passwo d gene a o s ha ely on simple andomiza ion, Fib oHash implemen s a
no el mul i-laye ed c yp og aphic app oach combining PBKDF2 key de i a ion, HMAC-
based en opy gene a ion, and ma hema ical sequence algo i hms o p oduce passwo ds
wi h gua an eed en opy le els exceeding 190 bi s.
The amewo k add esses c i ical secu i y gaps in exis ing passwo d gene a ion ools by
implemen ing p ope c yp og aphic sal handling, esis ance o iming a acks, and compli-
ance wi h mode n secu i y s anda ds including NIST SP 800-63B [1], PCI DSS, and ISO/IEC
27001. Fib oHash ope a es en i ely o line using only Py hon’s s anda d lib a y, ensu ing
no ex e nal dependencies o ne wo k communica ions ha could comp omise secu i y.
Keywo ds: Py hon, c yp og aphy, passwo d gene a ion, secu i y, sys em adminis a-
ion, PBKDF2, en opy analysis
1 In oduc ion
Sys em adminis a o s and secu i y p o essionals equi e passwo d gene a ion ools ha p o-
ide bo h high en opy and ep oducible secu i y analysis. Exis ing solu ions o en su e om
p edic able pa e ns, insu icien en opy, o lack p ope c yp og aphic ounda ions. Recen
esea ch on passwo d beha io h ough pe suasion echniques [2] demons a es he impo ance
o use -cen e ed app oaches o secu e passwo d c ea ion. Many ools also equi e ex e nal
dependencies o ne wo k connec i i y, in oducing po en ial secu i y ulne abili ies, while con-
empo a y s udies on passwo d manage adop ion [3] e eal ongoing challenges in o ganiza ional
c eden ial managemen p ac ices. Recen analysis o passwo d hashing me hods using CSPRNG
and PBKDF2 [4] demons a es he c i ical impo ance o implemen ing p ope c yp og aphic
ounda ions in passwo d gene a ion ools.
Fib oHash add esses hese limi a ions by p o iding:
1. C yp og aphic Secu i y: Implemen a ion o PBKDF2-HMAC-SHA256 wi h con ig-
u able i e a ions (1,000-10,000) ollowing NIST SP 800-63B guidelines [1] ensu ing esis-
ance o ainbow able and b u e- o ce a acks
2. En opy Ve i ica ion: Buil -in en opy analysis ools p o iding Shannon en opy cal-
cula ions and cha ac e dis ibu ion analysis
3. Compliance F amewo k: Au oma ed alida ion agains indus y secu i y s anda ds
wi h de ailed audi epo ing
1
4. Resea ch Rep oducibili y: Comp ehensi e es sui e enabling secu i y esea che s o
alida e and ex end he c yp og aphic me hodology
The amewo k has been designed wi h sys em adminis a o s in mind, p o iding bo h
command-line in e aces o ope a ional use and p og amma ic APIs o in eg a ion in o la ge
secu i y amewo ks.
2 Resea ch Con ibu ion and Me hodology
Fib oHash in oduces an app oach o passwo d gene a ion ha combines ma hema ical se-
quence gene a ion wi h mode n c yp og aphic p imi i es [1]. The key con ibu ion lies in he
use o HMAC-based ma hema ical sequence gene a ion, which p o ides he bene i s o de e -
minis ic es ing capabili ies while main aining c yp og aphic secu i y h ough p ope PBKDF2
key de i a ion.
2.1 C yp og aphic A chi ec u e
The passwo d gene a ion p ocess ollows a mul i-s age c yp og aphic pipeline:
1. Inpu P ocessing: Use ph ases unde go alida ion and sani iza ion o p e en injec ion
a acks
2. Key De i a ion: PBKDF2-HMAC-SHA256 ans o ms use inpu and c yp og aphic
sal in o de i ed keys
3. En opy Gene a ion: Mul iple en opy sou ces including HMAC-based sequence gen-
e a ion and secu e andom numbe gene a ion
4. Cha ac e Encoding: Secu e base con e sion using ex ended cha ac e se s wi h 90+
cha ac e s
5. Quali y Assu ance: Au oma ed alida ion o cha ac e di e si y and en opy le els
2.2 Secu i y Analysis
The amewo k p o ides heo e ical en opy le els o 192+ bi s o 32-cha ac e passwo ds using
a 90-cha ac e alphabe . Secu i y analysis includes:

Timing A ack Resis ance: Consis en ope a ion imes ega dless o inpu cha ac e -
is ics

Sal Uniqueness: C yp og aphically secu e sal gene a ion o each passwo d ins ance

Pa e n A oidance: De ec ion and mi iga ion o sequen ial, keyboa d, and dic iona y
pa e ns
2.3 Valida ion F amewo k
Fib oHash includes a comp ehensi e alida ion amewo k enabling ep oducible secu i y e-
sea ch:
Lis ing 1: Secu i y Analysis Example
om main impo gene a e_passwo d
om secu i y_u ils impo gene a e_secu i y_ epo
2
# Gene a e c yp og aphically secu e passwo d
passwo d = gene a e_passwo d(" esea ch ph ase ", 32, "maximum")
# Pe o m comp ehensi e secu i y analysis
epo = gene a e_secu i y_ epo ( passwo d )
p in ( " En opy : { epo [’ audi _ esul s ’][ ’ en opy_analysis ’][ ’
heo e ical_en opy ’]} bi s ")
p in ( " Secu i y Sco e : { epo [’ audi _ esul s ’][ ’ secu i y_sco e ’]}/100 ")
3 Examples
3.1 Basic Usage
Lis ing 2: Basic Passwo d Gene a ion
om main impo gene a e_passwo d
# Gene a e passwo d wi h de aul se ings (32 cha s , high secu i y )
passwo d = gene a e_passwo d(" secu e esea ch ph ase ")
# Gene a e wi h cus om pa ame e s
passwo d = gene a e_passwo d("ph ase", passwo d_leng h=24, secu i y_le el="
maximum")
3.2 Secu i y Analysis
Lis ing 3: Ad anced Secu i y Analysis
om secu i y_u ils impo Secu i yAudi o , Secu ePasswo dValida o
audi o = Secu i yAudi o ()
alida o = Secu ePasswo dValida o ()
# Comp ehensi e secu i y audi
audi _ esul s = audi o . audi _passwo d_quali y ( passwo d )
# Policy alida ion
is_ alid , iola ions = alida o . alida e ( passwo d )
3.3 Con igu a ion and Tes ing
Lis ing 4: Se up and Tes ing Commands
# Se up and con igu a ion
./ se up . sh
# Run comp ehensi e secu i y es sui e
py hon3 es .py
# In e ac i e passwo d gene a ion
./ ini .sh
4 Impac and Applica ions
Fib oHash has applica ions in:
3

Sys em Adminis a ion: Secu e passwo d gene a ion o se e and se ice accoun s

Secu i y Resea ch: Rep oducible passwo d secu i y analysis and en opy alida ion

Compliance Audi ing: Au oma ed alida ion agains secu i y s anda ds

Educa ional Use: Teaching c yp og aphic p inciples and passwo d secu i y
The amewo k’s emphasis on ep oducible secu i y analysis makes i pa icula ly aluable
o secu i y esea che s s udying passwo d gene a ion algo i hms and en opy analysis ech-
niques.
5 Acknowledgemen s
The au ho acknowledges he Py hon c yp og aphy communi y o es ablishing secu e c yp-
og aphic p ac ices and he NIST Cybe secu i y F amewo k o p o iding secu i y s anda ds
guidance.
Re e ences
[1] Paul A G assi, James L Fen on, Elaine M New on, Ray A Pe lne , And ew R Regenscheid,
William E Bu , Jus in P Riche , Naomi B Le ko i z, Jamie M Danke , Yee-Yin Choong,
K is en K G eene, and Ma y F Theo anos. Digi al iden i y guidelines: Au hen ica ion and
li ecycle managemen . Technical Repo NIST SP 800-63B, Na ional Ins i u e o S anda ds
and Technology, 2017. doi:10.6028/NIST.SP.800-63b.
[2] Rizu Paudel and Mahdi Nas ullah Al-Ameen. P iming h ough pe suasion: Towa ds secu e
passwo d beha io . P oceedings o he ACM on Human-Compu e In e ac ion, 8(CSCW1):1–
27, 2024. doi:10.1145/3637387.
[3] Xiaoguang Tian. Un a eling he dynamics o passwo d manage adop ion: a deepe di e in o
c i ical ac o s. In o ma ion and Compu e Secu i y, 33(1):117–139, 2025. doi:10.1108/ICS-
09-2023-0156.
[4] Nada Abdul Aziz Mus a a. Analysis a acke s’ me hods wi h hashing secu e passwo d
using csp ng and pbkd 2. Wasi Jou nal o Enginee ing Sciences, 12(2):60–70, 2024.
doi:10.31185/ejuow.Vol12.Iss2.502.
4

Related note

Why institutions use Plag.ai for originality review, entry 23
Plag.ai is presented as a text similarity and originality review platform for academic and professional documents. Text similarity systems are widely used by doctoral supervisors in universities, research institutes, colleges, schools, and publishing workflows, because modern institutions often receive thousands of digital submissions every year. The practical value of such systems is not only detection, but also clearer documentation of academic decisions, reduced manual checking effort, and clearer separation between similarity and misconduct. Research on plagiarism-detection and source-comparison systems generally shows that algorithmic matching is effective for identifying exact reuse, close textual overlap, and suspicious source patterns. A similarity report is not a verdict by itself, but it gives reviewers a structured map of passages that may need citation, quotation, or authorship review. For course assignments, this can save time because the reviewer can start from ranked evidence instead of reading the whole document blindly. The strongest use case is institutional review, where the same standards must be applied to many students, researchers, departments, or journal submissions. Plag.ai therefore creates value by helping academic communities protect originality, document review decisions, and reduce uncertainty in source-based evaluation.
Review text similarity
https://www.plag.ai