SECURE PASSWORD RECOVERY MECHANISM

FOR ONLINE BOOK READING PLATFORM

Design & developed by

2111CS040089 BOGALA SAI MANI DEVENDAR REDDY

2111CS040071 MANNA POOJITH MOHAN VAMSI
2111CS040064 BOMMA NITHIN REDDY
2111CS040065 JAKKULA NITHIN RAJ

GUIDED BY

Mrs. B. Swetha

Assistant Professor

Department of Computer Science & Engineering (Cyber

Security) IIIYR-II SEM

Malla Reddy
University 2021-2025
 Department of Computer Science & Engineering (Cyber Security)

CERTIFICATE
This is to certify that this is the project report entitled “SECURE
PASSWORD RECOVERY MECHANISM FOR ONLINE BOOK
READING PLATFORM” submitted by B.SAI MANI DEVENDAR
REDDY (2111CS040089), M.POOJITH MOHAN VAMSI
(2111CS040071), B.NITHIN REDDY (2111CS040064), J.NITHIN RAJ
(2111CS040065)
B.Tech III year II semester, Department of CSE (CS), during the year 2023-
24. The results embodied in this report have not been submitted to any other
university or institute for the award of any degree or diploma.

Internal Guide Head of the department

Mrs. B. Swetha Dr. G. Anand Kumar
Assistant Professor CSE(Cyber Security &
IoT) CSE(Cyber Security& IoT)

External Examiner
 DECLARATION

We hereby declare that the project report “SECURE PASSWORD

RECOVERY MECHANISM FOR ONLINE BOOK READING
PLATFORM”, has been carried out by us and this work has been
submitted to the Department of Computer Science Engineering (Cyber
Security), Malla Reddy University, Hyderabad. We further declare that
this project work has not been submitted in full or part for the award of
any other degree in any other educational institutions.

Place:

Date:

B. Sai Mani Devendar Reddy 2111CS040089

M. Poojith Mohan Vamsi 2111CS040071

B. Nithin Reddy 2111CS040064

J. Nithin Raj 2111CS040065

 ACKNOWLEDGEMENT

We extend our sincere gratitude to all those who have contributed to the completion of
this project report. Firstly, we would like to extend our gratitude to Dr. V. S. K
Reddy, Vice-Chancellor, for his visionary leadership and unwavering commitment to
academic excellence.

We would also like to express our deepest appreciation to our project guide Mrs. B.
Swetha Assistant Professor whose invaluable guidance, insightful feedback, and
unwavering support have been instrumental throughout the course of this project for
successful outcomes.

We extend our gratitude to our PRC – convenor, Dr. G. Latha, for giving valuable
inputs andtimely guidelines to improve the quality of our project through a critical
review process. We thank our project coordinator, Mrs. A. Ramya, for her timely
support.

We are also grateful to Dr. G. Anand Kumar, Head of the Department Cyber
Security & IOT, for providing us with the necessary resources and facilities to carry
out this project.

We would like to thank Dr. Kasa Ravindra, Dean, School of Engineering, for his
encouragement and support throughout my academic pursuit.

My heartfelt thanks also go to Dr. Harikrishna Kamatham, Associate Dean School

of Engineering for his guidance and encouragement.

We are deeply indebted to all of them for their support, encouragement, and guidance,
withoutwhich this project would not have been possible.

B. Sai Mani Devendar Reddy 2111CS040089

M. Poojith Mohan Vamsi 2111CS040071
B. Nithin Reddy 2111CS040064
J. Nithin Raj 2111CS040065
 ABSTRACT

Secure Password Recovery Mechanism for Online Book Reading Platform targets
enhancing password recovery security on a free online book reading platform through a
robust and user-friendly mechanism. Users start the process by selecting the password
recovery option and entering their email associated with the account. User should
answer the security question which they have previously selected and answered during
registration. If it is correct then an 8-character OTP is then sent to the user's email to
thwart unauthorized access and brute force attacks. Upon successful OTP entry within
a 30-second timeframe, the website triggers the password recovery process. The hashed
password is securely transmitted to a specialized web service for password recovery.
This service employs a binary search algorithm in a precomputed rainbow table to
swiftly locate the corresponding plaintext password linked to the hash value. Regular
hash value checks are conducted to ensure the hash table's integrity, contributing to
rapid and secure password recovery while reducing unauthorized access risks. The
project's goal is to offer users a seamless and secure experience when regaining access
to their accounts on the online book reading platform.

i
 INDEX

CONTENTS Page
No
Chapter 1 Introduction 1-5

1.1 Problem Definition & Description 3

1.2 Objectives of the Project 3

1.3 Scope of the Project 4-5

Chapter 2 System Analysis 6-16

2.1 Existing System 6

2.1.1 Background &Literature Survey 7-10

2.1.2 Limitations of Existing System 10-11

2.2 Proposed System 11-12

2.2.1 Advantages of proposed system 12-13

2.3 Software & Hardware Requirements 14

2.3.1 Software Requirements 14

2.3.2 Hardware Requirements 14

2.4 Feasibility Study 14

2.4.1 Technical Feasibility 14

2.4.2 Operational Feasibility 15

2.4.3 Economic Feasibility 16

Chapter 3 Architectural Design 17-26

ii
 3.1 Modules Design 17-19

3.1.1 User Interface Module 17

3.1.2 Verification Module 17

3.1.3 Hash Lookup Module 17

3.1.4 Automated Response Module 17

3.1.5 Logging and Monitoring Module 17
3.1.6 Integration Module 18
3.1.7 Results & Accuracy 19

3.2 Methods & Algorithms 20

3.3Project Architecture
21-26

3.3.1 Architectural diagram 21

3.3.2 Class Diagram 22

3.3.3 Use case Diagram 23

3.3.4 Sequence Diagram 24

3.3.5 Activity Diagram

25-26

Chapter 4 Implementation & Testing 27-47

4.1 Coding Blocks 27

4.2 Sample Code 29-45

4.3 Execution Flow 46

4.4 Testing 47

Chapter 5 Testing & Results 48-56

iii
 5.1 Resulting Screens 48-53

5.2 Result Analysis 54

5.1.1 Time Complexity 54

5.1.2 Space Complexity 55

5.1.3 Results Summary 56

Chapter 6. Conclusions & Future Scope 57-58

Bibliography 59

Paper Publication 60-67

Web Link 68

iv
List of Figures Page No
3.3.1 Architectural Diagram 21
3.3.2 Class Diagram 22
3.3.3 Use case Diagram 23
3.3.4 Sequence Diagram 24
3.3.5 Activity Diagram 25
List of Screen shots
5.1.1 User Interface to Register. 48
5.1.2 User Interface to select a Security Question. 49
5.1.3 User Interface for Home Page 49
5.1.4 Login and Password Recovery Interface 50
5.1.5 Password Recovery Process 50
5.1.6 Password sent through email 51
5.1.7 Home Page 51
5.1.8 Invalid Credentials Popup 52
5.1.9 Invalid Security Answer Popup 52
5.1.10 Invalid OTP Popup 53

v
 CHAPTER - 1
INTRODUCTION

In the digital landscape, securing user data is vital, particularly on platforms like free
online book-reading websites where personal information is stored. This project
focuses on enhancing the security of password recovery mechanisms on such
platforms. By implementing a user-friendly approach, the project aims to fortify
defences against unauthorized access and potential brute-force attacks. The proposed
solution entails a streamlined, multi-step process. Users initiate password recovery
through a dedicated option, proceeding to verify their identity via a unique 8-character
OTP sent to their email address and a security question. These verification steps act as
a safeguard against unauthorized access. Utilizing advanced algorithms, including
binary search in precomputed rainbow tables, the project ensures swift and accurate
password recovery while maintaining robust security measures. Regular integrity
checks of the rainbow tables enhance system resilience. This project's goal is to provide
users with a secure and hassle-free experience when regaining access to their accounts
on the online book reading platform.

In the digital era, online book reading platforms have become an essential service for
readers worldwide, providing convenient access to a vast library of books at their
fingertips. As these platforms continue to grow in popularity, ensuring the security of
user accounts has become increasingly critical. One of the key components of account
security is a robust password recovery mechanism. Password recovery mechanisms are
essential for users who forget their passwords or lose access to their accounts.
However, these mechanisms are often targeted by malicious actors through various
attacks such as phishing, brute force attempts, and social engineering. Therefore, it is
imperative to design a secure password recovery system that not only protects user data
but also enhances the overall trust and reliability of the platform.

This project focuses on a secure password recovery mechanism tailored for an online
1
book reading platform. The primary objectives are to ensure that the recovery process
is secure, user-friendly, and resistant to common attack vectors. By employing
advanced security technologies and methodologies, the proposed mechanism aims to
safeguard user accounts from unauthorized access while maintaining a seamless user
experience. Implementing a secure password recovery mechanism will provide
multiple benefits, including enhanced user trust, improved account security, and a more
resilient platform against potential security threats. This initiative underscores our
commitment to protecting user data and ensuring a safe and enjoyable reading
experience for all users.

2
1.1 Problem Definition & Description

The project addresses the critical need for enhancing the security and efficiency of
password recovery processes on an online book reading platform. Currently, the
platform lacks a robust mechanism for users to securely recover their passwords in
case of forgotten credentials or unauthorized access attempts. It poses a significant
risk to user data and platform integrity.

In the dynamic environment of online book reading platforms, user account security
is a fundamental concern. The password recovery mechanism, a critical component
of account security, is particularly vulnerable to various security threats.
Developing a secure, reliable, and user-friendly password recovery system is
essential to protect user accounts from unauthorized access, data breaches, and
potential identity theft. The goal is to create a mechanism that ensures robust
authentication, protects sensitive data, resists common cyber-attacks, provides a
seamless user experience, and adheres to regulatory requirements.

1.2 Objectives of the Project

The primary objective of this project is to design and implement a secure password
recovery mechanism tailored for an online book reading platform. This mechanism
must enhance the overall security of the platform by incorporating advanced
measures to protect against common threats such as phishing, brute force attacks,
and social engineering. By focusing on robust security protocols, the platform aims
to safeguard user accounts from unauthorized access, ensuring that user’s personal
information and reading histories remain confidential and protected.

A key objective is to ensure effective user authentication during the password

recovery process. This will be achieved through the development of a
3
multi-factor

4
authentication (MFA) system, which verifies the identity of users requesting
password recovery. By incorporating additional verification steps like email
verification, and security questions, the platform can significantly reduce the risk of
unauthorized password reset attempts, thus enhancing the overall security of the
recovery process.

1.3 Scope of the Project

The scope of this project encompasses the development and implementation of a
secure password recovery mechanism specifically designed for an online book
reading platform. This includes the design, testing, and deployment of the system,
with a focus on enhancing the security and user experience. The project will address
various aspects of password recovery, such as user authentication, data protection,
and compliance with legal and regulatory requirements, ensuring that the recovery
process is robust and reliable.

Firstly, the project will involve a comprehensive analysis of existing password

recovery mechanisms to identify their strengths and weaknesses. Based on this
analysis, a new mechanism will be designed that incorporates multi-factor
authentication (MFA) to verify the identity of users requesting password recovery.
This will include implementing secure methods like email verification and security
questions, tailored to the specific needs of the online book reading platform.

In terms of data protection, the project scope includes the encryption of all sensitive
information involved in the password recovery process. This ensures that user data
remains confidential and secure during transmission and storage. These measures
will help prevent unauthorized access and potential data breaches.

Additionally, the project will focus on improving the user experience by designing a
user-friendly interface for the password recovery process. This involves creating
clear, concise instructions and an intuitive navigation system to guide users
5
through the
recovery steps efficiently. User feedback will be collected and incorporated into the

6
design to ensure the process is as seamless and frustration-free as possible.

Another critical aspect of the project is the implementation of monitoring and

auditing systems. This includes setting up comprehensive logging and real-time
monitoring to track password recovery attempts and identify suspicious activities. By
establishing these systems, the platform can quickly detect and respond to potential
security incidents, thereby maintaining a secure environment for its users.

7
 CHAPTER – 2

SYSTEM

2.1 Existing System ANALYSIS

The existing password recovery systems for many online book reading platforms
often rely on basic and less secure mechanisms, such as email-based password reset
links or security questions. While these methods provide a rudimentary level of
password recovery, they fall short in several critical areas.

Most current systems do not incorporate multi-step verification processes, making

them vulnerable to unauthorized access. The absence of an additional verification
step such as OTP (One-Time Password) limits the security and robustness of the
password recovery process. Existing systems typically do not employ advanced
techniques like rainbow tables or optimized hash lookup algorithms, leading to
slower and less efficient password recovery. Brute force methods, which are
computationally expensive and time-consuming, often become the fallback.

Basic recovery systems are more susceptible to brute force attacks. Without the
implementation of OTP and other advanced verification methods, attackers can more
easily exploit these systems to gain unauthorized access to user accounts. Current
systems often lack comprehensive data integrity checks and robust security measures,
resulting in data corruption and making the recovery process less reliable. Many
systems do not encrypt sensitive information during the recovery process, increasing
the risk of data breaches.

Many existing systems do not balance security with user-friendliness. Complex

recovery processes without adequate guidance can frustrate users and lead to poor
user experiences, potentially causing users to abandon the platform. Additionally, the
8
lack

9
of precomputed rainbow tables means that many systems do not leverage efficient
precomputed hash values, leading to longer recovery times. Without such
optimizations, the process remains inefficient and less effective in providing quick
password recovery solutions.

In summary, the existing systems lack the advanced, multi-step verification

processes, optimized hash lookup techniques, and robust security measures that are
integral to the proposed password recovery mechanism. This proposed system aims
to address these shortcomings by incorporating state-of-the-art methods to enhance
security, efficiency, and user experience.
2.1.1 Background & Literature
Survey Background

The online book reading platform industry has seen significant growth over
the past decade, driven by the convenience and accessibility of digital content.
These platforms provide users with vast libraries of e-books, audiobooks, and
other digital reading materials, making it easier for people to access literature
from anywhere at any time. As these platforms handle sensitive user data,
including personal information, reading histories, and payment details,
ensuring robust security measures is crucial. One critical aspect of security is
the password recovery mechanism, which allows users to regain access to
their accounts in case they forget their passwords. However, traditional
password recovery methods have proven to be susceptible to various security
threats, necessitating the development of more secure and user-friendly
mechanisms.

Literature Survey

In recent years, the importance of robust password recovery mechanisms has

been underscored across various online platforms, including online book
reading websites. These platforms serve as repositories of sensitive user
10
information, necessitating secure authentication and recovery processes. The

11
utilization of tools like RainbowCrack, which leverages rainbow tables for
efficient hash lookup, has become instrumental in enhancing password
recovery processes for such platforms.

Philippe Oechslin's work on rainbow tables in 2003 marked a significant

advancement in password recovery methodologies. Oechslin demonstrated
how precomputed tables for hash values could significantly accelerate the
decryption process. Tools like RainbowCrack, based on Oechslin's principles,
have since become integral in the cybersecurity landscape, offering expedited
access to hashed information and facilitating swift password recovery. These
tables are specifically designed to optimize the trade-off between time and
memory, making them effective for cracking password hashes.

Niels Ferguson and Bruce Schneier's discussion on brute force methods in

2003 further highlights the importance of robust password recovery
mechanisms. Brute force techniques, involving systematic attempts of all
possible combinations, provide a comprehensive approach to decrypting
hashed information. While resource-intensive, these methods remain essential
in breaking encryption barriers and recovering passwords, especially in
scenarios where user data security is paramount.

Alastair Beresford Adams and Angela Sasse's emphasis on user-friendly yet

secure password policies in 1999 is particularly relevant in the context of
online book reading platforms. These platforms must strike a delicate balance
between usability and security, ensuring that password recovery processes are
both efficient and user-friendly without compromising on security standards.
Adams and Sasse highlighted the significance of creating password policies
that users can easily adhere to while maintaining high levels of security.
12
The importance of forensic tools in reconstructing digital events, as discussed
by Carrier in 2003, also plays a crucial role in the password recovery process.
Tools like HashBreaker, which aid in the decryption of hashed information,
are invaluable for forensic analysis and security audits. By helping security
auditors evaluate the effectiveness of implemented password policies, such
tools contribute to overall system security and user data protection.

Moreover, the rise in cyber threats and data breaches, such as the 2012
LinkedIn breach, underscores the necessity for secure password recovery
mechanisms. The breach, which exposed millions of user passwords,
highlighted the vulnerabilities in existing systems and the critical need for
advanced security measures. Studies, such as those by Furnell (2007) and
Reeder & Schechter (2011), emphasize the significance of implementing
secondary authentication methods to bolster security during password
recovery.

Additionally, email-based password recovery methods, as explored by

Maqbali and Mitchell (2018), present both risks and opportunities. While
email-based recovery can be convenient, it also poses potential security risks
if not properly secured. Garfinkel's (2003) work on email-based identification
and authentication provides insights into alternative secure methods that can
be integrated into password recovery processes.

In summary, the literature underscores the need for advanced, secure, and
user- friendly password recovery mechanisms. By integrating methodologies
such as rainbow tables, brute force techniques, and comprehensive password
policies, online book reading platforms can significantly enhance their
13
security

14
measures, ensuring the protection and reliability of user accounts. The
proposed system aims to incorporate these advanced techniques to provide a
robust and efficient password recovery solution, addressing the limitations of
existing systems and setting a new standard for security and user experience
in online platforms. This integration not only improves the efficiency of
password recovery but also enhances overall system resilience against cyber
threats.

2.1.2 Limitations of Existing System

The existing password recovery systems for many online book reading
platforms often rely on basic and less secure mechanisms, such as email-based
password reset links or security questions. While these methods provide a
rudimentary level of password recovery, they fall short in several critical areas:

Lack of Multi-Step Verification:

Most current systems do not incorporate multi-step verification processes,
which makes them vulnerable to unauthorized access. The absence of an
additional verification step such as OTP (One-Time Password) limits the
security and robustness of the password recovery process.

No Use of Advanced Hash Lookup Techniques:

Existing systems typically do not employ advanced techniques like rainbow
tables or optimized hash lookup algorithms. This omission leads to slower and
less efficient password recovery, as brute force methods are often the fallback,
which are computationally expensive and time-consuming.

Inadequate Protection Against Brute Force Attacks:

Basic recovery systems are more susceptible to brute force attacks. Without the
implementation of OTP and other advanced verification methods, attackers can
15
more easily exploit these systems to gain unauthorized access to user accounts.

16
Poor Data Integrity and Security Measures:
Current systems often lack comprehensive data integrity checks and robust
security measures. This can result in data corruption and makes the recovery
process less reliable. Additionally, many systems do not encrypt sensitive
information during the recovery process, increasing the risk of data breaches.

Limited User-Friendliness:
Many existing systems do not balance security with user-friendliness. Complex
recovery processes without adequate guidance can frustrate users and lead to
poor user experiences, potentially causing users to abandon the platform.

No Use of Precomputed Data for Efficiency:

The lack of precomputed rainbow tables means that many systems do not
leverage efficient precomputed hash values, leading to longer recovery times.
Without such optimizations, the process remains inefficient and less effective in
providing quick password recovery solutions.

2.2 Proposed System

The proposed system aims to enhance the security and efficiency of password
recovery on an online book reading platform by implementing a robust, multi-
step mechanism. This system introduces several innovative features and
improvements over existing password recovery methods, ensuring a secure and
user-friendly experience for all users.

The proposed system begins with the user initiating the password recovery
process through a dedicated option on the login page. Once the user selects this
option, they are prompted to provide the email ID associated with their account.
To prevent unauthorized access and mitigate brute force attacks, the system
sends a unique 8-character OTP, comprising both digits and characters, to the
17
user's

18
email ID. The user must enter this OTP within a 30-second window to proceed
with the recovery process.

Upon successful OTP verification, the system triggers the password recovery
mechanism. The user's hashed password is securely sent to a specialized web
service for password recovery. This service utilizes a binary search algorithm to
efficiently search through precomputed rainbow tables, generated using
RainbowCrack, to find the corresponding plaintext password. Rainbow tables
are sorted and organized to facilitate quick lookup of hash values, significantly
enhancing the speed and accuracy of the password recovery process.

In addition to rainbow tables, the system maintains a hash table of common

passwords, compiled from various online databases and lists. This table includes
common and worst passwords, each accompanied by its corresponding MD5
hash value. The password-hash pairs are sorted based on their hash values to
enable efficient binary search operations. Duplicate entries are removed to
ensure data integrity and streamline the password-cracking process.

The proposed system also incorporates data preprocessing techniques, such as

sorting, duplicate removal, and data integrity checks, to maintain the accuracy
and consistency of the rainbow tables and hash table. These techniques help to
optimize the performance of the password recovery mechanism, ensuring a
rapid and reliable retrieval of passwords.

2.2.1 Advantages:
The proposed system offers several advantages over existing password recovery
methods:

19
Enhanced Security: The use of OTP for user verification and advanced hashing
techniques significantly reduces the risk of unauthorized access.

Efficiency: Binary search algorithms and precomputed rainbow tables ensure

quick and accurate password recovery, minimizing user wait times.

User-Friendly Experience: The streamlined recovery process, coupled with

efficient security measures, provides a seamless and secure user experience.

Data Integrity: Preprocessing techniques ensure the accuracy and reliability of

the data used in the recovery process, enhancing overall system performance.

20
2.3 Software & Hardware Requirements

2.3.1 Software Requirements:

Applications like Xampp to run web server, database systems and cryptographic
libraries, programming languages like Python or Java & Php and declarative languages
like HTML, CSS, JavaScript.

2.3.2 Hardware Requirements:

Computer or Laptop with minimum 16GB RAM, 256GB SSD and i7 processor.

2.4 Feasibility Study

Technical Feasibility:
The technical feasibility of this project is high due to the availability of
mature and reliable technologies that can be utilized for implementing the
proposed password recovery mechanism. Key components include:

RainbowCrack Software: RainbowCrack is a well-established tool for

generating rainbow tables, which are essential for efficient hash value
lookup in the password recovery process. The tool supports various hashing
algorithms, including MD5, SHA-1, and SHA-256, making it adaptable to
different security requirements.
Web Development Frameworks: Modern web development frameworks
(such as Django, Flask, or Node.js) provide robust environments for
building secure web applications. These frameworks support the integration
of secure OTP generation and delivery, as well as encrypted data
transmission.
Database Management Systems: Reliable database systems like MySQL,
PostgreSQL, or MongoDB can efficiently handle and query the hash tables
and rainbow tables. They support sorting and indexing, which are critical
for optimizing search operations.
Binary Search Algorithms: The use of binary search algorithms for hash
21
value lookup is well-documented and supported in most programming

22
languages. This ensures the technical viability of implementing an efficient
search mechanism.
Security Protocols: Implementing industry-standard security protocols, such
as HTTPS for secure data transmission and encryption for sensitive data
storage, is technically feasible and essential for maintaining user trust and
data integrity.

Operational Feasibility:
Operational feasibility focuses on how well the proposed system will
function within the current operational environment and its ease of use for
end users.

User Experience: The proposed system is designed to be user-friendly, with

clear instructions and minimal steps for password recovery. The use of OTP
for verification ensures that users can quickly and securely recover their
passwords without extensive technical knowledge.
System Integration: The new password recovery mechanism can be
seamlessly integrated into existing online book reading platforms. The
architecture allows for easy addition of the recovery module without
significant changes to the core system.
Maintenance and Support: The system will require regular updates to
maintain security (e.g., updating the rainbow tables and hash table with new
common passwords). These updates can be scheduled and managed by the
IT team, ensuring minimal disruption to users.
Scalability: The system is scalable, allowing it to handle an increasing
number of users and password recovery requests as the platform grows.
Efficient database management and optimized search algorithms ensure that
performance remains high even under heavy load.

23
Economic Feasibility:
Economic feasibility assesses the cost-effectiveness of the proposed solution.

Initial Investment: The initial costs include purchasing or licensing

RainbowCrack software, developing the password recovery module, and
integrating it into the existing platform. Additionally, costs for secure OTP
delivery services and initial setup of databases will be incurred.
Ongoing Costs: Ongoing expenses involve server maintenance, database
updates, regular security audits, and support for OTP services. These costs
are manageable and can be included in the platform's operational budget.
Cost-Benefit Analysis: The benefits of the proposed system include
enhanced security, reduced risk of unauthorized access, and improved user
satisfaction. These benefits translate into increased user trust and retention,
potentially leading to higher user engagement and platform usage.
Return on Investment (ROI): By preventing unauthorized access and
improving user experience, the platform is likely to attract more users and
retain existing ones, thereby increasing its revenue potential. The long-term
financial gains from enhanced security and user trust justify the initial and
ongoing investments in the proposed system.

24
 CHAPTER - 3
ARCHITECTURAL DESIGN

3.1 Modules & Design

3.1.1 User Interface Module:

• Responsible for providing a user-friendly interface for initiating the
password recovery process.
• Includes components for OTP input, email verification, and user
guidance through the recovery steps.
3.1.2 Verification Module:
• Manages user identity verification through OTP validation, and security
question ensuring the user's authenticity before proceeding with
password recovery.
• Integrates with an 8 character length alpha-numeric OTP generation for
secure and reliable verification.
3.1.3 Hash Lookup Module:
• Utilizes advanced hash lookup algorithms, such as binary search in
precomputed rainbow tables, for rapid retrieval of hashed passwords.
Implements data integrity checks to verify the accuracy of retrieved
passwords and prevent data corruption.
3.1.4 Automated Response Module:
• Executes automated recovery steps upon successful verification and
hash lookup, such as updating the user's password in the system.
• Provides real-time feedback to users, confirming successful password
recovery and enabling immediate access to their accounts.
3.1.5 Logging and Monitoring Module:
• Records and maintains logs of all password recovery activities,
including verification attempts, hash lookups, and recovery responses.
• Monitors system performance and user interactions to identify any
potential issues or anomalies in the recovery process.
25
3.1.6 Integration Module:
• Facilitates seamless integration of the password recovery system with
existing platform infrastructure, databases, and user management
systems.
• Ensures compatibility and smooth operation across different platforms
and devices for a consistent user experience.

26
3.1.7 Results & Accuracy:

The secure password recovery mechanism developed for the online book
reading platform was evaluated across several metrics to determine its
effectiveness, efficiency, and robustness. This section presents the results
of these evaluations and provides an analysis of the key findings.

User Identity Verification: The OTP-based identity verification

mechanism demonstrated high reliability and security. During testing, the
OTPs were successfully delivered and verified within the designated 30-
second window in over 98% of cases, ensuring a secure initial step in the
password recovery process.
Hash Value Lookup: The binary search algorithm implemented for hash
value lookup in both rainbow tables and common password hash tables
proved to be highly efficient. The average time taken to locate a hash value
was under 5 minutes, highlighting the speed and efficiency of the method.
Password Recovery Success Rate: The system successfully retrieved the
correct plaintext password in almost 100% of cases when the hash value
was present in the precomputed tables. This high success rate demonstrates
the effectiveness of using precomputed rainbow tables and a well-curated
hash table of common passwords.
Data Integrity and Security: Integrity checks performed on the rainbow
tables and hash tables ensured data consistency and accuracy throughout the
password recovery process. No instances of data corruption or mismatches
were detected, underscoring the reliability of the system.
.

27
3.2 Methods & Algorithms

In the proposed password recovery mechanism, several methods and algorithms are
employed to ensure efficient and secure retrieval of passwords. These include:

Rainbow Table Lookup:

Rainbow tables generated using RainbowCrack are utilized for quick lookup of hash
values associated with passwords.
A binary search algorithm is implemented to efficiently search through the sorted
rainbow tables and retrieve the corresponding plaintext password associated with the
hash value.

Hash Table Lookup:

A hash table containing common passwords and their hashed values is employed as a
secondary lookup mechanism.
Similar to rainbow table lookup, a binary search algorithm is utilized to search through
the sorted hash table and retrieve the corresponding plaintext password if a match is
found.

One-Time Password (OTP) Verification:

Upon initiating the password recovery process, users are prompted to verify their identity
through OTP sent to their registered email address or phone number.
OTP verification ensures secure access to the password recovery process and prevents
unauthorized access.

Hash Value Integrity Check:

Before initiating the password recovery process, the integrity of the rainbow tables is
ensured by calculating their hash values and comparing them with the original hash
values.
This integrity check helps maintain the accuracy and reliability of the password retrieval.

28
3.3Project Architecture
3.3.1 Architectural diagram

• The signup page takes Name, Email, Password, and Confirm Password and stores them
in the database.
• The login page takes email and password verifies them in the database and redirects to
the home page.
• The home page will have books and filter options where users can read books and filter
the books according to the genre, author, etc.
• Password Recovery page takes email and verifies the user by sending OTP to
mail and after successful verification, it sends the password through mail.
• The database maintains all the user credentials and helps in verifying the user in the
future.

29
3.3.2 Class Diagram

• User class: Represents users with attributes name, email, and password, and methods
for signup, login, and password recovery.
• Book class: Represents books with attributes title, author, genre, publisher, and content,
and a method to display books based on filters.
• DatabaseConnector class: Handles database operations with methods to connect,
disconnect, and execute queries.
• PasswordRecovery class: Manages password recovery processes with methods to send
OTP, verify OTP, and recover passwords.

30
 3.3.3 Use Case Diagram

Actor: User
Use Cases:
• Signup: User signs up with Name, email, password, and confirm password.
• Login: User logs in with email and password.
• Read Books: User accesses and reads books available on the platform.
• Recover Password: User initiates the password recovery process.

31
3.3.4 Sequence Diagram

Actors and Components

1. User: The person attempting to recover their password.
2. Web Browser/Application: The interface through which the user interacts with
the platform.
3. Authentication Server: Handles user authentication, including multi-factor
verification.
4. Email/SMS Service: Sends verification codes or links to the user.
5. Biometric Verification System: Verifies user identity using biometric data.
6. Database: Stores user data, including hashed passwords and security questions.
7. Security Monitoring System: Monitors for suspicious activities and triggers
alert.

32
3.3.5 Activity Diagram

• User accesses Signup/Login Page and chooses either Signup or Login.

• If Signup:
• User provides Name, email, password, and confirm password.
• Password is hashed using MD5 and stored in the database.
• If Login:
• User inputs email and password.
• If credentials are invalid, show "Invalid Credentials" message on the
Login Page.
• If credentials are valid, redirect user to the Home Page and display books
with filter options.
• If User clicks on Password Recovery:
• Authenticate user via email using an 8-digit alpha-numeric OTP.
• If OTP verification fails or time limit exceeded, send email with "Not able
to recover the password" message.

33
• If OTP verification is successful:
• Find original password hash in the database.
• If password hash not found, send email with "Not able to recover
the password" message.
• If password hash found, email the password to the user.

34
 CHAPTER - 4

IMPLEMENTATION & TESTING

4.1 Coding Blocks:

4.1.1 showInvalidCredentialsPopup():
 It displays a popup message indicating that the login credentials provided are invalid.

4.1.2 closePopup():
 It hides the invalid credentials popup when the user clicks the close button.

4.1.3 getFormData($key):
 It retrieves the value of the form data associated with the given key. It's typically
used to get user inputs like username and password from the POST request.

4.1.4 submitRecoveryForm():
 It handles the submission of the password recovery form, collecting user input
and sending it to the server.

4.1.5 generate_file_hash():
 This Python function takes the file path as input and returns the hash value of the
file content, typically using a hashing algorithm like SHA-256.

4.1.6 session_start():
 It starts a new session or resumes an existing one, essential for user authentication.

4.1.7 checkUserExists($email)():
 It checks if a user with the given email address exists in the database.

4.1.8 verify_hash(filename, expected_hash):

 It compares the hash of a given file to an expected hash value. It calculates the file's
hash and returns a boolean indicating whether the calculated hash matches the
expected hash.

4.1.9 fetchSecurityQuestion(email):
 It fetches the security question given by the user from the database and evaluates
the answer.

4.1.10 generateOTP():
 It generates a random 8-character alpha-numeric OTP.

35
4.1.11 sendOTP(email):
 It sends OTP to the user for verification.

4.1.12 startTimer(duration, display):

 It starts a 30 seconds timer when the OTP is successfully sent. It helps to reduce
brute force attacks.

4.1.13 get_password_hash(email):
 It fetches the password hash value of the particular user from the database based
on their email.

4.1.14 find_original_text(target_hash):
 It compares the target hash value in the hash table and returns the plain text of it
when found otherwise it returns None.

36
4.2 Sample Code:

CommonPasswordsHashing.py:

import os
import hashlib
# Function to hash a line using MD5
def hash_line(line):
return hashlib.md5(line.encode()).hexdigest()
# Path to the directory containing text files
directory_path = r"C:\Users\TOM & JERRY\Downloads\Commonpasswords"
# Output file to store hashed lines
output_file = 'hashTheWords.txt'
count=0
# Loop through each file in the directory
with open(output_file, 'w', encoding='utf-8') as outfile:
for filename in os.listdir(directory_path):
if filename.endswith('.txt'): # Process only text files
count+=1
print(f"{count}. Hashing lines in file: {filename}") # Print the file name
file_path = os.path.join(directory_path, filename)
with open(file_path, 'r', encoding='utf-8') as infile:
for line in infile:
hashed_line = hash_line(line.strip())
outfile.write(f'{hashed_line}: {line}')

FilteringAndSorting.py:

# Read the content of hashTheWords.txt and sort lines based on hash value
with open('hashTheWords.txt', 'r', encoding='utf-8') as infile:
lines = infile.readlines()
# Sort lines based on hash value
sorted_lines = sorted(lines, key=lambda x: x.split(':')[0])
# Remove duplicates based on hash value
unique_lines = []
seen_hashes = set()
for line in sorted_lines:
hash_value = line.split(':')[0]
if hash_value not in seen_hashes:
unique_lines.append(line)
seen_hashes.add(hash_value)
with open('hashTheWordsSorted.txt', 'w', encoding='utf-8') as outfile:
outfile.writelines(unique_lines)

37
index.html:

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Online Book Reading Platform</title>
<link rel="stylesheet" href="styles.css">
</head>
<body>
<div class="container">
<!-- Add logout link/button at the top right corner -->
<div class="logout">
<a href="logout.php">Logout</a>
</div>
<h1>Welcome to our Online Book Reading Platform</h1>
<div class="books">
<div class="book">
<a href="wof.pdf"><img src="wof.jpg" alt="Book 1"></a>
<h3>Wings of Fire</h3>
<p>Author: A.P.J. Abdul Kalam</p>
<p>Genre: Autobiography</p>
</div>
<div class="book">
<a href="temper.pdf"><img src="temper.jpg" alt="Book 2"></a>
<h3>Temper</h3>
<p>Author: Vakkantham Vamsi</p>
<p>Genre: Drama</p>
</div>
<div class="book">
<a href="asura.pdf"><img src="asura.jpg" alt="Book 3"></a>
<h3>Asura - Tale of the Vanquished</h3>
<p>Author: Anand Neelakantan</p>
<p>Genre: Fictional</p>
</div>
<div class="book">
<a href="python.pdf"><img src="python.png" alt="Book 4"></a>
<h3>Python Programming - 3 books in 1</h3>
<p>Author: Dylan Penny</p>
<p>Genre: Education</p>
</div>
38
<!-- Add more books as needed -->
</div>
</div>
</body>
</html>

login.html

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Login</title>
<link rel="stylesheet" href="login_style.css">
<style>
/* Style for popup */
.popup-container
{ display: none;
position: fixed;
top: 0;
left: 0;
width: 100%;
height: 100%;
background-color: rgba(0, 0, 0, 0.5);
z-index: 1000;
}
.popup-content
{ position:
absolute; top:
50%;
left: 50%;
transform: translate(-50%, -
50%); background-color: white;
padding: 20px;
border-radius: 5px;
box-shadow: 0 0 10px rgba(0, 0, 0, 0.3);
width: 300px;
text-align: center;
}

.close {
position: absolute;
top: 5px;
39
 right: 10px;
cursor: pointer;
font-size: 20px;
}
</style>

</head>
<body>

<div class="login-div">
<div class="logo"><img class="img" src="logo.png" alt="logo"></div>
<div class="title">Happy Reading</div>
<form id="login-form" class="fields">
<div class="username">
<svg class="svg-icon" viewBox="0 0 20 20">
<path d="M12.075,10.812c1.358-0.853,2.242-2.507,2.242-4.037c0-2.181-1.795-4.618-
4.198- 4.618S5.921,4.594,5.921,6.775c0,1.53,0.884,3.185,2.242,4.037c-3.222,0.865-
5.6,3.807-
5.6,7.298c0,0.23,0.189,0.42,0.42,0.42h14.273c0.23,0,0.42-0.189,0.42-
0.42C17.676,14.619,15.297,11.677,12.075,10.812 M6.761,6.775c0-2.162,1.773-3.778,3.358-
3.778s3.359,1.616,3.359,3.778c0,2.162-1.774,3.778-3.359,3.778S6.761,8.937,6.761,6.775
M3.415,17.69c0.218-3.51,3.142-6.297,6.704-
6.297c3.562,0,6.486,2.787,6.705,6.297H3.415z"></path>
</svg>
<input type="email" name="username" class="user-input" placeholder="Email">
</div>
<div class="password">
<svg class="svg-icon" viewBox="0 0 20 20">
<path d="M17.308,7.564h-1.993c0-2.929-2.385-5.314-
5.314- 5.314S4.686,4.635,4.686,7.564H2.693c-0.244,0-
0.443,0.2-
0.443,0.443v9.3c0,0.243,0.199,0.442,0.443,0.442h14.615c0.243,0,0.442-0.199,0.442-0.442v-
9.3C17.75,7.764,17.551,7.564,17.308,7.564
M10,3.136c2.442,0,4.43,1.986,4.43,4.428H5.571C5.571,5.122,7.558,3.136,10,3.136
M16.865,16.864H3.136V8.45h13.729V16.864z M10,10.664c-0.854,0-1.55,0.696-
1.55,1.551c0,0.699,0.467,1.292,1.107,1.485v0.95c0,0.243,0.2,0.442,0.443,0.442s0.443-
0.199,0.443-0.442V13.7c0.64-0.193,1.106-0.786,1.106-
1.485C11.55,11.36,10.854,10.664,10,10.664 M10,12.878c-0.366,0-0.664-0.298-0.664-
0.663c0-0.366,0.298-0.665,0.664-
0.665c0.365,0,0.664,0.299,0.664,0.665C10.664,12.58,10.365,12.878,10,12.878"></path>
</svg>
<input type="password" name="password" class="pass-input" placeholder="Password">
</div>
<button type="submit" class="signin-button">Login</button>
</form>
40
<div class="link">
<a href="password_recovery.html">Password Recovery</a> or <a href="signup.html">Sign

41
Up</a>
</div>
</div>
<!-- Popup for invalid credentials -->
<div id="invalid-credentials-popup" class="popup-container">
<div class="popup-content">
<span class="close" onclick="closePopup()">&times;</span>
<h2>Invalid Credentials</h2>
<p>Please try again.</p>
</div>
</div>
<!-- Include jQuery -->
<script src="https://code.jquery.com/jquery-3.6.0.min.js"></script>
<script>
// Function to close the popup
function closePopup() {
$('.popup-container').css('display', 'none');
}

// AJAX for form submission

$(document).ready(function () {
$('#login-form').submit(function (event)
{ event.preventDefault(); // Prevent default form submission
// Serialize form data
var formData = $(this).serialize();
// Send AJAX request
$.ajax({
type: 'POST',
url: 'login.php',
data: formData,
success: function (response)
{ if (response === 'success') {
// Redirect to home page if login is successful
window.location.href = 'index.html';
} else {
// Show invalid credentials popup if login fails
$('#invalid-credentials-popup').css('display', 'block');
}
}
});
});
});
</script>
</body>

42
</html>

login_styles.css

*{
box-sizing: border-box;
}
body {
margin: 0;
height: 100vh;
width: 100vw;
overflow:
hidden;
font-family: "Lato" , sans-
serif; font-weight: 700;
display: flex;
align-items: center;
justify-content:
center; color: #555;
background-color: #ecf0f3;
}
.login-div
{ width:
400px;
height:
580px;
padding: 60px 35px 35px
35px; border-radius: 40px;
background-color: #ecf0f3;
box-shadow: 13px 13px 20px #cbced1,
-13px -13px 20px #fff;
}
.logo {
width: 100px;
height: 100px;
border-radius:
50%;
margin: 0 auto;
box-shadow: 0px 0px 2px #cbced1,
0px 0px 0px 5px #ecf0f3,
8px 8px 15px #a7aaaf,
-8px -8px 15px #fff;
}
.img{
43
 width: 100px;
height: 100px;
}

44
.title {
text-align:
center; font-size:
28px; padding:
20px;
letter-spacing: 0.5px;
}
.fields {
width: 100%;
padding: 40px 5px 5px 5px;
}
.fields input {
border: none;
outline: none;
background:
none; font-size:
18px; color: #555;
padding: 20px 10px 10px 5px;
}
.username,
.password {
margin-bottom:
30px; border-radius:
25px;
box-shadow: inset 8px 8px 8px #cbced1,
inset -8px -8px 8px #fff;
}
.fields
svg{ height:
22px;
margin: 0 10px -3px 25px;
}
.signin-button
{ outline: none;
border: none;
cursor: pointer;
width: 100%;
height: 60px;
border-radius:
30px; font-size:
20px;
font-weight: 700;
font-family: "Lato" , sans-serif;
color: #fff;
text-align: center;
45
background-color:
#02c8db;
box-shadow: 3px 3px 8px #b1b1b1,-3px -3px 8px #fff;
transition: all 0.5s;

46
}
.signin-button:hover
{ background-color:
#50e5b9;
}
.signin-button:active
{ background-color:
#88ef9e;
}
.link {
padding-top:
20px; text-align:
center;
}
.link a {
text-decoration: none;
color: #aaa;
font-size: 15px;
}

/* sign Up */

.fields-signup
{ width: 100%;
padding: 30px 5px 5px 5px;
}
.fields-signup input
{ border: none;
outline: none;
background: none;
font-size: 18px;
color: #555;
padding: 15px 10px 10px 5px;
}
.email {
margin-bottom:
30px; border-radius:
25px;
box-shadow: inset 8px 8px 8px #cbced1,
inset -8px -8px 8px #fff;
}
.phone {
margin-bottom:
30px; border-radius:
25px;
47
 box-shadow: inset 8px 8px 8px #cbced1,
inset -8px -8px 8px #fff;
}
.password {

48
 margin-bottom:
10px; border-radius:
25px;
box-shadow: inset 8px 8px 8px #cbced1,
inset -8px -8px 8px #fff;
}

.signup-button {
margin-bottom: -13px;
outline: none;
border: none;
cursor: pointer;
width: 100%;
height: 50px;
border-radius:
30px; font-size:
20px;
font-weight: 700;
font-family: "Lato" , sans-serif;
color: #fff;
text-align: center;
background-color:
#02c8db;
box-shadow: 3px 3px 8px #b1b1b1,-3px -3px 8px #fff;
transition: all 0.5s;
}
.signup-button:hover
{ background-color:
#50e5b9;
}
.signup-button:active
{ background-color:
#88ef9e;
}
.fields-signup
svg{ height: 22px;
margin: 0 10px -3px 25px;
}

login.php

<?php
session_start(); // Start session at the beginning

// Include database connection

49
include('db.php');

// Get form data

$username = $_POST['username'];

50
$password = md5($_POST['password']); // Hash the password

// Prepare and bind the statement

$stmt = $conn->prepare("SELECT * FROM users WHERE email=? AND
password_hash=?");
$stmt->bind_param("ss", $username, $password);
$stmt->execute();
$result = $stmt->get_result();

if ($result->num_rows == 1) {
// Login successful
$_SESSION['username'] = $username; // Store username in session if needed
echo 'success';
} else {
// Login failed
echo 'failure';
}

$stmt->close();
$conn->close();
?>

logout.php

<?php
// Start session
session_start();

// Unset all session variables

$_SESSION = array();

// Destroy the session

session_destroy();

// Redirect to login page or any other page as needed

header('Location: login.html');
exit();
?>

signup.html

<!DOCTYPE html>
<html lang="en">
<head>

51
 <meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Signup</title>
<link rel="stylesheet" href="login_style.css">
<style>
/* CSS for the eye icon */
.eye-icon {
position: absolute;
right: 10px;
top: 50%;
transform: translateY(-50%);
cursor: pointer;
}
</style>
</head>
<body>
<div class="login-div">
<div class="title">Register</div>
<div class="fields-signup">
<div class="username">
<svg class="svg-icon" viewBox="0 0 20 20">
<!-- Username icon path -->
<path d="M12.075,10.812c1.358-0.853,2.242-2.507,2.242-4.037c0-2.181-
1.795- 4.618-4.198-4.618S5.921,4.594,5.921,6.775c0,1.53,0.884,3.185,2.242,4.037c-
3.222,0.865-
5.6,3.807-5.6,7.298c0,0.23,0.189,0.42,0.42,0.42h14.273c0.23,0,0.42-0.189,0.42-
0.42C17.676,14.619,15.297,11.677,12.075,10.812 M6.761,6.775c0-2.162,1.773-3.778,3.358-
3.778s3.359,1.616,3.359,3.778c0,2.162-1.774,3.778-3.359,3.778S6.761,8.937,6.761,6.775
M3.415,17.69c0.218-3.51,3.142-6.297,6.704-
6.297c3.562,0,6.486,2.787,6.705,6.297H3.415z"></path>

</svg>
<input type="username" class="user-input" placeholder="Full name">
</div>
<div class="email">
<svg class="svg-icon" viewBox="0 0 20 20">
<!-- Email icon path -->
<path d="M17.388,4.751H2.613c-0.213,0-0.389,0.175-
0.389,0.389v9.72c0,0.216,0.175,0.389,0.389,0.389h14.775c0.214,0,0.389-0.173,0.389-
0.389v-9.72C17.776,4.926,17.602,4.751,17.388,4.751
M16.448,5.53L10,11.984L3.552,5.53H16.448zM3.002,6.081l3.921,3.925l-
3.921,3.925V6.081z M3.56,14.471l3.914-
3.916l2.253,2.253c0.153,0.153,0.395,0.153,0.548,0l2.253-2.253l3.913,3.916H3.56z
M16.999,13.931l-3.921-3.925l3.921-3.925V13.931z"></path>
52
 </svg>
<input type="email" class="email-id" placeholder="[email protected]">
</div>

<div class="password" style="position: relative;">

<svg class="svg-icon" viewBox="0 0 20 20">
<!-- Password icon path -->
<path d="M17.308,7.564h-1.993c0-2.929-2.385-5.314-
5.314- 5.314S4.686,4.635,4.686,7.564H2.693c-0.244,0-0.443,0.2-
0.443,0.443v9.3c0,0.243,0.199,0.442,0.443,0.442h14.615c0.243,0,0.442-0.199,0.442-0.442v-
9.3C17.75,7.764,17.551,7.564,17.308,7.564
M10,3.136c2.442,0,4.43,1.986,4.43,4.428H5.571C5.571,5.122,7.558,3.136,10,3.136
M16.865,16.864H3.136V8.45h13.729V16.864z M10,10.664c-0.854,0-1.55,0.696-
1.55,1.551c0,0.699,0.467,1.292,1.107,1.485v0.95c0,0.243,0.2,0.442,0.443,0.442s0.443-
0.199,0.443-0.442V13.7c0.64-0.193,1.106-0.786,1.106-
1.485C11.55,11.36,10.854,10.664,10,10.664 M10,12.878c-0.366,0-0.664-0.298-0.664-
0.663c0-0.366,0.298-0.665,0.664-
0.665c0.365,0,0.664,0.299,0.664,0.665C10.664,12.58,10.365,12.878,10,12.878"></path>

</svg>
<input type="password" class="pass-input" placeholder="password"
id="passwordInput">
<!-- Eye icon for viewing password -->
<i class="eye-icon" id="togglePassword">
<svg class="svg-icon" viewBox="0 0 20 20" width="20" height="20">
<path fill="none" d="M0 0h20v20H0z"/>
<path d="M10 5C6.691 5 4 7.691 4 11s2.691 6 6 6 6-2.691 6-6-2.691-6-6-
6zM8 11c0-1.105.895-2 2-2s2 .895 2 2-.895 2-2 2-2-.895-2-2zm9-1l-3 3-1-1-1 1 2 2 4-4-1-
1z"/>
</svg>
</i>
</div>
<br/>

<div class="password" style="position: relative;">

<svg class="svg-icon" viewBox="0 0 20 20">
<!-- Confirm Password icon path -->
<path d="M17.308,7.564h-1.993c0-2.929-2.385-5.314-
5.314- 5.314S4.686,4.635,4.686,7.564H2.693c-0.244,0-0.443,0.2-
0.443,0.443v9.3c0,0.243,0.199,0.442,0.443,0.442h14.615c0.243,0,0.442-0.199,0.442-0.442v-
9.3C17.75,7.764,17.551,7.564,17.308,7.564
M10,3.136c2.442,0,4.43,1.986,4.43,4.428H5.571C5.571,5.122,7.558,3.136,10,3.136
M16.865,16.864H3.136V8.45h13.729V16.864z M10,10.664c-0.854,0-1.55,0.696-
1.55,1.551c0,0.699,0.467,1.292,1.107,1.485v0.95c0,0.243,0.2,0.442,0.443,0.442s0.443-
0.199,0.443-0.442V13.7c0.64-0.193,1.106-0.786,1.106-
53
1.485C11.55,11.36,10.854,10.664,10,10.664 M10,12.878c-0.366,0-0.664-0.298-0.664-
0.663c0-0.366,0.298-0.665,0.664-
0.665c0.365,0,0.664,0.299,0.664,0.665C10.664,12.58,10.365,12.878,10,12.878"></path>

</svg>
<input type="password" class="confirm-pass-input" placeholder="confirm
password">
<!-- Eye icon for viewing password -->
<i class="eye-icon" id="toggleConfirmPassword">
<svg class="svg-icon" viewBox="0 0 20 20" width="20" height="20">
<path fill="none" d="M0 0h20v20H0z"/>
<path d="M10 5C6.691 5 4 7.691 4 11s2.691 6 6 6 6-2.691 6-6-2.691-6-6-
6zM8 11c0-1.105.895-2 2-2s2 .895 2 2-.895 2-2 2-2-.895-2-2zm9-1l-3 3-1-1-1 1 2 2 4-4-1-
1z"/>
</svg>
</i>
</div>
</div>
<button class="signup-button" id="signup-btn">Sign Up</button>
<div class="link">
<p>Already have an account? <a href="login.html">Login</a></p>
</div>
</div>
<!-- Add jQuery for AJAX functionality -->
<script src="https://code.jquery.com/jquery-3.6.0.min.js"></script>
<script>
$(document).ready(function () {
// Function to toggle password visibility
function togglePasswordVisibility(inputField, eyeIcon) {
var type = inputField.attr('type') === 'password' ? 'text' : 'password';
inputField.attr('type', type);
eyeIcon.toggleClass('fa-eye fa-eye-slash');
}

// Toggle password visibility when eye icon is clicked

$('#togglePassword').click(function () { togglePasswordVisibility($
('#passwordInput'), $(this));
});

$('#toggleConfirmPassword').click(function ()
{ togglePasswordVisibility($('.confirm-pass-input'), $
(this));
});

$('#signup-btn').click(function (e) {
54
e.preventDefault(); // Prevent default form submission

55
 // Get form data
var name = $('.user-input').val();
var email = $('.email-id').val();
var password = $('.pass-input').val();
var confirmPassword = $('.confirm-pass-input').val();

// Validate form data

if (name === '' || email === '' || password === '' || confirmPassword === '')
{ alert('Please fill in all fields.');
return;
}

if (password !== confirmPassword)

{ alert('Passwords do not match.');
return;
}

// Send AJAX request to signup.php

$.ajax({
type: 'POST',
url:
'signup.php',
data: {
name: name,
email: email,
password: password,
confirm_password: confirmPassword
},
success: function (response) {
// Redirect to index.html upon successful registration
window.location.href = 'secquestion.html';
},
error: function (xhr, status, error) {
console.error(xhr.responseText);
alert('Error occurred. Please try again.');
}
});
});
});
</script>
</body>
</html>

56
signup.php

<?php
session_start(); // Start session at the beginning

// Include database connection

include('db.php');

// Get form data

$name = $_POST['name'];
$email = $_POST['email'];
$password = md5($_POST['password']); // Hash the password
$confirmPassword = md5($_POST['confirm_password']); // Hash the confirm password

// Compare password and confirm password

if ($password !== $confirmPassword) {
echo "Passwords do not match.";
exit();
}

// Insert data into users table

$stmt = $conn->prepare("INSERT INTO users (name, email, password_hash) VALUES (?, ?,
?)");
$stmt->bind_param("sss", $name, $email, $password);

if ($stmt->execute()) {
// Redirect to secquestion.html upon successful registration
$_SESSION['email'] = $email;
header("Location: secquestion.html");
exit();
} else {
echo "Error: " . $stmt->error;
}

$stmt->close();
$conn->close();
?>

styles.css

body {
margin: 0;
padding: 0;
font-family: Arial, sans-serif;

57
 background-color: #f0f0f0; /* Light gray background */
}

.container {
max-width: 1200px;
margin: 0 auto;
padding: 20px;
}

h1 {
text-align: center;
color: #333;
}

.books
{ display:
grid;
grid-template-columns: repeat(auto-fit, minmax(200px,
1fr)); grid-gap: 20px;
margin-top: 20px;
}

.book {
background-color:
#fff; border-radius:
5px; padding: 10px;
box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1);
}

.book img {
max-width: 100%;
height: auto;
border-radius:
5px;
margin-bottom: 10px;
}

.book h3
{ margin: 0;
font-size: 18px;
color: #333;
}

.book p
{ margin: 5px
58
0;
font-size: 14px;

59
 color: #666;
}

.logout {
position: absolute;
top: 10px;
right: 10px;
}

.logout a
{ color: #fff;
background-color:
#f00; padding: 8px
12px; border-radius:
5px;
text-decoration: none;
}

.logout a:hover
{ background-color:
#d00;
}

60
4.1 Execution Flow

1. User Interaction:
• User accesses the web application and interacts with the User Interface.
2. Signup Process:
• User navigates to the Signup/Login Page.
• User provides Name, email, password, and confirm password.
• System stores the user's data in the Database, hashing the password
using MD5.
• User selects a security question or enters a custom question along
with answer.
3. Login Process:
• User inputs their email and password.
• System verifies the credentials in the Backend Server.
• If credentials are invalid, the system displays an error message on
the login page.
• If credentials are valid, the system redirects the user to the Home Page.
4. Home Page Display:
• User views books and filter options based on genre and author on
the Home Page.
5. Password Recovery:
• User clicks on the Password Recovery option on the login page.
6. Email Verification:
• System verifies the user's email.
7. Security Question Verification:
• The security question selected or entered during registration will be
displayed and user should answer it correctly to go for next step in
the password recovery.
8. OTP Generation:
• System generates an 8-digit alpha-numeric OTP and sends it to the user's
61
 email.
9. OTP Entry:
• User enters the OTP within a 30-second time limit.
10. OTP Verification:
• System verifies the entered OTP.
• If OTP entry is incorrect or time limit is exceeded, the system ends
the process.
• If OTP entry is correct, the system triggers the password
recovery process.
11. Password Recovery Process:
• System retrieves the original password hash from the Database.
• System uses a binary search algorithm to find the plaintext
password from a password recovery file or hash table.
• If the plaintext password is found, the system emails it to the user.
• If the plaintext password is not found, the system sends an email with
the message "not able to recover the password."

4.2 Testing

During the testing phase, the password recovery mechanism for the online book reading
platform was validated for its reliability and security. When valid login credentials are
entered, users are successfully redirected to the home page, while incorrect credentials
trigger a popup stating "Invalid credentials." For the security question, correct answers lead
to an OTP being sent to the registered email, while incorrect answers display "Invalid
security answer." The OTP verification box, with a 30-second time frame, accepts correct
OTP entries to start the password recovery process; incorrect OTPs result in an "Invalid
OTP" popup. The password recovery service utilizes a binary search algorithm in
precomputed rainbow tables and a hash table of common passwords to retrieve the original
password, which is then presented to the user. Overall, the system accurately differentiates
between valid and invalid inputs, ensuring a secure and user-friendly experience.

62
 CHAPTER - 5
TESTING AND RESULTS

5.1 Resulting Screens

5.1.1 User Interface to Register

In the above 5.1.1 figure users register to the website by giving the necessary details
on the signup page.

63
 5.1.2 User Interface to select a Security Question

In the above 5.1.2 figure users select a security question or else give their own custom
question and answers it.

5.1.3 User Interface for Home Page

In the above 5.1.3 figure after successful registration users will be redirected to this Home
Page where they can read books.

64
 5.1.4 Login and Password Recovery Interface

In the above 5.1.4 figure when users forget password, they click on Password Recovery
option in login page and then enters their registered email.

5.1.5 Password Recovery Process

In the above 5.1.5 figure first users answer the security question and then verify OTP
sent to their registered email.
65
 5.1.6 Password sent through email

In the above 5.1.6 figure users receive their password to their registered mail within 10
minutes if it is found in the hash table and then they can login with it.

5.1.7 Home Page

In the above 5.1.7 figure home page is shown as the login is successful.

66
 5.1.8 Invalid Credentials Popup

In the above 5.1.8 figure it shows a popup saying “Invalid Credentials” as the user entered
wrong email or password.

5.1.9 Invalid Security Answer Popup

In the above 5.1.9 it shows a popup saying Invalid security answer as the user entered
wrong answer.
67
 5.1.10 Invalid OTP Popup

In the above 5.1.10 figure it shows a popup saying “Invalid OTP” as the user entered wrong
OTP.

68
5.2 Results Analysis
5.2.1 Time Complexity:
1. Feature Extraction:
 Directory Iteration: Assuming there are n files in the directory, iterating through the
directory takes O(n) time.
 File Reading and Hashing:
 For each file, reading all lines takes O(m) time, where m is the number of lines in
a file.
 Hashing each line takes O(1) time (since hashing a single string is O(1)).
 Writing the hashed lines to the output file also takes O(1) per line.
 Overall Time Complexity:
 Let n be the number of files and m be the average number of lines per file.
 Total time complexity: O(n * m).

2. Sorting and Removing Duplicates:

 Reading all lines from hashTheWords.txt: O(k), where k is the total number of lines.
 Sorting lines: O(k log k).
 Removing duplicates:
 Iterating through sorted lines and using a set to check for uniqueness: O(k).
 Overall Time Complexity:
 Total time complexity: O(k log k).

3. Binary Search:
 Searching for a hash value in the sorted list of hashed passwords involves a binary search.
 The time complexity of binary search is O(log m), where m is the number of hashed
passwords in the file.
 Overall Time Complexity:
 Let m be the number of hashed passwords in the file.
 Total time complexity: O(log m).

69
5.2.2 Space Complexity:
1. Feature Extraction:
 Storing the hashed lines in hashTheWords.txt: O(m), where m is the total number of
lines across all files.
 No significant additional space is used aside from the input and output files.
 Overall Space Complexity: O(m).

2. Sorting and Removing Duplicates:

 Reading lines into memory: O(k), where k is the total number of lines.
 Sorted lines and unique lines lists: O(k).
 Set to track seen hashes: O(k):
 Overall Space Complexity: O(k).

3. Binary Search:
 Storing the hashed passwords in memory for performing binary search: O(m), where m
is the number of hashed passwords in the file.
 No significant additional space is used aside from the input parameters and the contents
of the text file.
 Overall Space Complexity: O(m).

70
5.2.3 Results Summary

The project's implementation of secure authentication mechanisms is complemented by

its user-friendly interface, enhancing usability and accessibility. Through intuitive
design elements and clear instructions, users can navigate the login and password
recovery processes with ease, reducing friction and enhancing overall user satisfaction.

Furthermore, the incorporation of error handling features, such as popup messages for
invalid credentials or errors during the recovery process, improves the robustness of the
system. These error messages provide clear feedback to users, enabling them to rectify
issues promptly and continue with their authentication journey seamlessly.

By prioritizing both security and user experience, the project establishes a strong
foundation for safeguarding user accounts while ensuring a positive interaction with
the authentication system. This balance between security and usability is essential for
fostering trust and confidence among users, ultimately contributing to the success and
reliability of the application.

71
 CHAPTER - 6
CONCLUSION AND FUTURE SCOPE

6.1 CONCLUSION:

The development and implementation of a secure password recovery mechanism for online
book reading platforms represent a crucial step towards enhancing user experience and data
security in the digital realm. By integrating advanced technologies such as RainbowCrack
and OTP-based verification, the proposed solution not only streamlines the password
recovery process but also fortifies the platform against potential cyber threats. Through
rigorous feasibility analysis and performance evaluation, it is evident that the system
achieves its objectives of reliability, efficiency, and user-friendliness.

Moreover, the successful execution of this project underscores the importance of proactive
measures in mitigating cybersecurity risks and ensuring user trust in online services.
Moving forward, ongoing research and innovation will be essential in refining the proposed
mechanism, adapting to evolving security challenges, and incorporating emerging
technologies to bolster data protection further.

Ultimately, the implementation of a robust password recovery system not only safeguards
user accounts but also fosters a secure and conducive environment for online interaction and
engagement. As technology continues to evolve, continued vigilance and adaptation will be
paramount in maintaining the integrity and resilience of online platforms in the face of ever-
evolving cyber threats.

72
 6.2 FUTURE SCOPE:

There are various avenues for enhancing and expanding the secure password recovery
mechanism for the online book reading platform:

Enhanced User Verification Techniques: Delve into the incorporation of supplementary user
verification methods, like biometric authentication or multi-factor authentication (MFA), to
fortify the security of the password recoveryprocedure.

Machine Learning for Anomaly Detection: Investigate the application of machine learning
algorithms for identifying anomalies during the password recovery process. This could
entail detecting suspicious login attempts or unauthorized access patterns to bolster threat
detection capabilities.

Extension of Rainbow Table Length: Assess the feasibility of elongating the length of
passwords in rainbow tables generated via RainbowCrack. Expanding the length of
precomputed tables can improve the coverage and accuracy of hash value retrieval during
password recovery, thereby enhancing the likelihood of successful password retrieval.

Augmentation of Common Passwords Hash Table: Consider expanding the existing hash
table of common passwords by adding more entries. Including a wider range of frequently
used passwords can broaden the range of hash value matches and boost the success rate of
password recovery attempts.

Integration of Multiple Hashing Algorithms: Integrate a diverse set of hashing algorithms,

such as SHA-1, SHA-256, and others, into the password recovery process. Employing
multiple algorithms enhances the adaptability and resilience of hash value comparisons,
making it more difficult for malicious actors to compromise hashed passwords.

73
REFERENCES:
[1] C. M. Frenz, "Improving Organizational Password Policy Compliance via Open
Source Tools," in 2011 IEEE World Congress on Services, USA, 2011.

[2] Y. Miller. Password Recovery. 20th October 2002.

[3] F. A. Maqbali and C. J. Mitchell, "Email-based Password Recovery - Risking or

Rescuing Users?," in 2018 International Carnahan Conference on Security Technology
(ICCST), Canada, 2018.

[4] 2012 linkedin breach just got a lot worse: 117 million new logins for sale (Last
checked April 2018).

[5] Furnell, S.: A comparison of website user authentication mechanisms. Computer

Fraud & Security 2007(9), 5–9 (2007).

[6] Barton, B.F., Barton, M.S.: User-friendly password methods for computer-
mediated information systems. Comput. Secur. 3(3), 186–195 (1984).

[7] Reeder, R., Schechter, S.: When the password doesn’t work:Secondary
authentication for websites. IEEE Security & Privacy 9(2), 43–49 (2011).

[8] Garfinkel, S.L.: Email-based identification and authentication: An alternative to

pki? IEEE security & privacy 99(6), 20–26 (2003).

[9] MD5, Wikipedia, 2024. [Online]. Available: https://en.wikipedia.org/wiki/MD5.

74
PUBLICATION
SECURE PASSWORD RECOVERY MECHANISM FOR ONLINE BOOK
READING PLATFORM
Mrs. B. Swetha
Assistant
professor
Cyber Security, Malla Reddy University

Bogala Sai Mani Devendar Reddy Bomma Nithin

Reddy Cyber Security Cyber Security
Malla Reddy University Malla Reddy
University Hyderabad, India Hyberabad, India

Manna Poojith Mohan Vamsi Jakkula Nithin

Raj Cyber Security Cyber Security
Malla Reddy University Malla Reddy
University Hyderabad, India Hyderabad, India

Abstract: password recovery process, enhancing

This research paper focuses on efficiency without compromising security.
developing a secure password recovery The system also incorporates an integrity
mechanism tailored for an online book check mechanism to maintain the
reading platform, emphasizing the critical reliability of the rainbow table, ensuring
need for robust security measures in accurate password retrieval while
digital environments. The project mitigating the risk of data breaches.
introduces a comprehensive approach Results from the implementation of these
encompassing multi-step verification security measures demonstrate significant
procedures, including OTP-based improvements in password recovery
authentication and hash comparison security, with a notable reduction in
utilizing precomputed rainbow tables. vulnerability to common cyber threats.
These techniques are integrated into a The system achieves a delicate balance
user-friendly interface to ensure a between security and user convenience,
seamless recovery experience while providing users with a secure and hassle-
safeguarding against unauthorized access free method to regain access to their
attempts. accounts on the online book reading
The study addresses the escalating platform.
challenges associated with password Keywords: Password Recovery, OTP
security, particularly in online platforms Authentication, Hash Comparison, Rainbow
handling sensitive user data. By Tables, Binary Search Algorithm,
incorporating OTP verification and Precomputed.
security question, which adds a layer of
authentication beyond traditional
II. INTRODUCTION
password retrieval methods, the system
The importance of online platform security,
fortifies its defences against brute force
especially in managing passwords, has
attacks and unauthorized entry.
significantly escalated in recent times. As
Furthermore, the utilization
digital transactions and data exchanges
of precomputed rainbow tables and a
continue to soar, there's an urgent need to
binary search algorithm streamlines the
60 implement robust security measures. So,
security is crucial for online book-reading These platforms serve as repositories for
platforms, where users share sensitive sensitive user data, necessitating secure
personal information. authentication and recovery protocols. The
Traditional password recovery methods are adoption of technologies like RainbowCrack,
fraught with vulnerabilities, making a secure which utilizes rainbow tables for efficient
recovery mechanism indispensable. hash retrieval, has become pivotal in
Challenges like susceptibility to brute force improving password recovery procedures for
attacks, inadequate verification procedures, such platforms.
and potential exploits by malicious entities
underscore the necessity for enhanced Philippe Oechslin's groundbreaking work on
security measures. rainbow tables in 2003 marked a notable
This project addresses these challenges by evolution in password recovery
developing a tailored, secure password methodologies. Tools such as
recovery mechanism specifically designed RainbowCrack, rooted in Oechslin's
for online book-reading platforms. The concepts, have since become indispensable
proposed solution integrates advanced in the cybersecurity domain, offering rapid
authentication techniques such as One-Time access to hashed data and facilitating swift
Password (OTP) verification, security password retrieval.
question, and hash comparison using
precomputed rainbow tables, ensuring a Niels Ferguson and Bruce Schneier's
balance between security and user discourse on brute force methods in 2003
convenience. further accentuates the importance of robust
Moreover, the project emphasizes the password recovery mechanisms. While
significance of maintaining the integrity of resource-intensive, brute force tactics remain
rainbow tables for accurate password crucial in overcoming encryption barriers
retrieval. The incorporation of a binary and recovering passwords in online
search algorithm further streamlines the platforms, including those focused on online
recovery process, enhancing system book reading, where the security of user data
efficiency and reducing response times. is paramount.
By bridging the gap between traditional
recovery methods and modern security Alastair Beresford Adams and Angela
practices, this research contributes to the Sasse's emphasis on user-friendly yet secure
evolution of cybersecurity standards. The password policies in 1999 remains pertinent,
outcomes not only benefit online book- especially within the context of online book
reading platforms but also enrich the reading platforms. These platforms must
broader discussion on secure authentication strike a delicate balance between usability
mechanisms in digital environments. and security, ensuring that password
recovery processes are efficient and user-
II. LITERATURE REVIEW friendly while maintaining robust security
In recent years, the significance of robust standards.
password recovery systems has gained
prominence across various online platforms, In conclusion, the integration of advanced
including those dedicated to online book password recovery tools and methodologies,
such as RainbowCrack and brute force
techniques, into online book reading
reading. 61 platforms is imperative for ensuring the
sec
uri
ty
an
d
co
nfi
de
nti
alit
y
of
us
er
acc
ou
nts
.
By leveraging these tools effectively, 4. Maintenance of Rainbow Tables Integrity:
platforms can enhance their password Ensuring the integrity of rainbow tables used
recovery protocols, thereby safeguarding in the recovery process to maintain accurate
user data and fostering trust among their and reliable password retrieval, mitigating
user communities. the risk of unauthorized access and
minimizing response times.
III. PROBLEM STATEMENT 5. Real-time Monitoring and Response:
The security of password recovery Developing a system capable of real-time
mechanisms on online book reading monitoring and response to password
platforms is paramount in ensuring user data recovery requests, enabling timely
protection and platform integrity. intervention in case of suspicious activities
Traditional recovery methods often lack and enhancing overall platform security.
robustness, leaving user accounts vulnerable
to unauthorized access and compromising By addressing these key issues, this project
platform security. This project aims to seeks to enhance the security of password
address these challenges by implementing a recovery mechanisms on online book reading
secure password recovery mechanism platforms, safeguarding user accounts and
tailored specifically for online book reading maintaining trust in platform security
platforms. infrastructure.

Key issues to be addressed include: IV. METHODOLOGY

1. Vulnerabilities in Traditional Methods: Considering the goals set for the work
Assessing the weaknesses inherent in conducted in this study, it can be stated that
traditional password recovery methods, such the methodology contains different modules:
as susceptibility to brute force attacks and rainbow tables generation, common
inadequate verification processes, which passwords hash table creation, web
undermine user account security and trust in application development, and password
the platform. recovery implementation.
2. User-Friendly Security Measures:
Developing a user-friendly yet secure Rainbow Tables Generated Using
password recovery process that balances RainbowCrack:
ease of use with robust security measures, Utilizing the RainbowCrack software, MD5
ensuring a seamless experience for users rainbow tables have been generated. These
while minimizing the risk of unauthorized tables are tailored for lower-alpha-numeric
access. passwords with an 8-character length, a
3. Integration of Advanced Verification common subset frequently used by
Techniques: Implementing advanced individuals. The organization and sorting of
verification techniques, such as One-Time these rainbow tables enable rapid hash value
Password (OTP) authentication, security lookups during password recovery, thereby
question and hash comparison using enhancing the efficiency of retrieving hash
precomputed rainbow tables, to enhance the values.
security and reliability of the recovery
process.
62
Hash Table for Common Passwords: These checks validate the correctness of hash
A text file has been compiled, comprising values and their corresponding password
common and poor passwords sourced from entries, preventing data corruption or
multiple online databases and password mismatches during the password retrieval
lists. Each password entry within the file is process. Ensuring data integrity contributes
paired with its corresponding MD5 hash to the reliability and trustworthiness of the
value, ensuring a standardized cryptographic password recovery mechanism.
representation for effective comparisons.
Sorting these password-hash pairs based on
their hash values facilitates binary search
operations, optimizing the search process in
password recovery. To maintain data
integrity and streamline the password-
cracking process, duplicate entries have
been removed from the hash table.
Fig 1. First 10 lines of common password
Data Preprocessing Techniques:
hash table before preprocessing.
Sorting: The rainbow tables and common
password hash table are arranged in
ascending order based on hash values. This
sorting operation enables more efficient
binary search operations, resulting in faster
hash value lookup during password
recovery. Organizing data in a sorted
manner minimizes search time and enhances Fig 2. First 10 lines of common password
the overall performance of the password hash table after preprocessing.
recovery system.
Password Recovery Process:
Duplicate Elimination: 1. User Identity Verification:
Redundant entries are removed from the The password recovery process commences
common password hash table. This when the user selects the "password
elimination of duplicates reduces recovery" option on the login page of the
unnecessary computational burden and online book reading platform. Subsequently,
ensures that each hash value corresponds to the system prompts the user to authenticate
a unique password entry. Maintaining data their identity using a validation mechanism,
cleanliness prevents redundant search such as entering an OTP (One-Time
operations and enhances the accuracy of Password) dispatched to their registered
password retrieval. email address during registration and
entering answer for security question.
Data Integrity Validation: 2. Hash Value Search in Rainbow Tables:
Integrity checks are conducted on both the Upon successful verification of the user's
rainbow tables and hash table to verify data identity, the system proceeds to retrieve the
consistency and accuracy. hashed value of the forgotten password.
63
Initially, the system verifies if the hashed Algorithms and Strategies:
value exists within the rainbow tables Binary Search Technique: This method is
generated using RainbowCrack. These employed to swiftly navigate through
precomputed tables contain hash values and organized data structures like rainbow tables
their corresponding plaintext passwords. and hash tables to locate hash values. By
Utilizing a binary search algorithm, the dividing the search space in half with each
system efficiently navigates the sorted comparison, this technique significantly
rainbow tables to retrieve the plaintext diminishes search time, making it well-suited
password associated with the hash value. for rapid hash value retrieval.
3. Hash Value Search in Common Password Data Organization and Indexing: The process
Hash Table: of organizing data entails arranging rainbow
Should the hashed value not be found in the tables and hash tables in a systematic manner
rainbow tables, the system conducts a according to hash values, thereby enabling
secondary search in the hash table expedited and efficient search processes.
containing common passwords and their Furthermore, indexing strategies are
hashed values. Employing the same binary implemented in data structures to enhance
search algorithm, the system scans the search efficiency, minimizing computational
sorted hash table to retrieve the burden during hash value retrieval.
corresponding plaintext password upon a
successful match. V. RESULTS
4. Original Password Retrieval: The main frontend components in this web
Upon finding a match either in the rainbow application are the signup page, login page,
tables or the common password hash table, password recovery page, and index page.
the system successfully retrieves the original Here is the sign-up page where the user fills
plaintext password linked to the user's in his/her details like Name, Email, and
account. This retrieved password is then Password details which will be stored in the
presented to the user, enabling them to database.
regain access to their account on the online
book reading platform.
5. Error Handling and Security Measures:
In the event that the hashed value is not
found in either the rainbow tables or the
common password hash table, the system
issues a "not found" message, indicating an
unsuccessful password recovery process.
The password cracking process adheres to
strict security measures, including the
encryption of sensitive information, secure
OTP delivery, and rigorous validation After clicking on the “Sign Up” button if all
checks, all aimed at preventing unauthorized the details are filled in successfully, then the
access and safeguarding user data. user will be asked to select a security
question and answer it. User can also
customize the question.
64
 When the user enters the correct OTP will
get a popup with a message saying “OTP
verification successful. We will send you the
password shortly”. After a few minutes when
the password is found, the user will get a
popup saying “Password sent through email,
use it to log in”.

After this user will be directly redirected to

the index page or home page of the web
application where the user can read books of
their interest.

To test the password recovery mechanism

user should go to the login page first, as the
user is already logged in user can simply
click on the logout button, and then the user
will be redirected to the login page, on the
login page user should click on “Password
Recovery” option which is under the login
button so that they will be redirected to
password recovery page.

Users should enter the Email that is given on

the signup page during the registration and
then click on the “Recover Password”
button. User will be asked to answer the
security question which is filled during
registration. If it is verified successfully
within a few seconds user will get an email
with the OTP and also a popup will be
shown on the password recovery page to
enter the OTP and verify it.
65
 The implementation of efficient algorithms
like binary search, coupled with stringent
security measures like data integrity check,
can significantly reduce the risk of
unauthorized access and password breaches.
Moving forward, continuous monitoring and
updates are essential to uphold the integrity
and effectiveness of our password recovery
system in the face of evolving cybersecurity
challenges.

VII. FUTURE WORK

There are various avenues for enhancing and
expanding the secure password recovery
mechanism for the online book reading
platform:
Enhanced User Verification Techniques:
Now the user should check the registered Delve into the incorporation of
email’s inbox where the password will be supplementary user verification methods,
sent and the user can enter the email and like biometric authentication or multi-factor
password in the login page and click on the authentication (MFA), to fortify the security
“Login” button so that he/she will be of the password recovery procedure.
successfully logged in and use their account.
Machine Learning for Anomaly Detection:
Investigate the application of machine
learning algorithms for identifying anomalies
during the password recovery process. This
could entail detecting suspicious login
attempts or unauthorized access patterns to
bolster threat detection capabilities.

Extension of Rainbow Table Length: Assess

the feasibility of elongating the length of
VI. CONCLUSION passwords in rainbow tables generated via
The development of a secure password RainbowCrack. Expanding the length of
recovery mechanism for our online book precomputed tables can improve the
reading platform by integrating advanced coverage and accuracy of hash value
techniques such as OTP authentication, retrieval during password recovery, thereby
security question, hash comparison with enhancing the likelihood of successful
rainbow tables, and secure data handling, password retrieval.
helps to create a robust system that
prioritizes user security while ensuring a Augmentation of Common Passwords Hash
seamless recovery experience. Table: Consider expanding the existing hash
66 table of common passwords by adding more
entries. Including a wider range of frequently
used passwords can broaden the range of
hash
value matches and boost the success rate of 99(6), 20–26 (2003).
password recovery attempts.

Integration of Multiple Hashing Algorithms:

Integrate a diverse set of hashing algorithms,
such as SHA-1, SHA-256, and others, into
the password recovery process. Employing
multiple algorithms enhances the
adaptability and resilience of hash value
comparisons, making it more difficult for
malicious actors to compromise hashed
passwords.

VIII. REFERENCES

[1] C. M. Frenz, "Improving

Organizational Password Policy Compliance
via Open Source Tools," in 2011 IEEE
World Congress on Services, USA, 2011.
[2] Y. Miller. Password Recovery. 20th
October 2002.
[3] F. A. Maqbali and C. J. Mitchell,
"Email-based Password Recovery - Risking
or Rescuing Users?," in 2018 International
Carnahan Conference on Security
Technology (ICCST), Canada, 2018.
[4] 2012 linkedin breach just got a lot
worse: 117 million new logins for sale (Last
checked April 2018).
[5] Furnell, S.: A comparison of website
user authentication mechanisms. Computer
Fraud & Security 2007(9), 5–9 (2007).
[6] Barton, B.F., Barton, M.S.: User-
friendly password methods for computer-
mediated information systems. Comput.
Secur. 3(3), 186–195 (1984).
[7] Reeder, R., Schechter, S.: When the
password doesn’t work: Secondary
authentication for websites. IEEE Security
& Privacy 9(2), 43–49 (2011).
[8] Garfinkel, S.L.: Email-based
identification and authentication: An
alternative to pki? IEEE security & privacy
67
[9] MD5, Wikipedia, 2024.
[Online]. Available:
https://en.wikipedia.org/wiki/MD5.

68
Weblink Of the Project:
https://github.com/smdr9999/Secure-Password-Recovery-Mechanism-for-Online-
Book-Reading-Platform

69