INTERNATIONAL JOURNAL OF SCIENTIFIC & TECHNOLOGY RESEARCH VOLUME 9, ISSUE 02, FEBRUARY 2020 ISSN 2277-8616 4629 IJSTR©2020 www.ijstr.org Xtings -160: A Strong Diffusion Property Novel Hashing Algorithm Christine Charmaine G. San Jose Abstract: This paper proposed for a novel hash algorithm called XTINGS - 160 Hash. Existing hash algorithm that is commonly used such as MD5 and SHA-1 are no longer safe to use and is vulnerable to brute force attacks. The proposed novel hash algorithm produces a 160-bit message digest having six rounds of calculation on the right half 64 bit of plaintext. The paper also illustrates how the final design of algorithm was achieved. The first two designs produce an 80 bit message digest and had contributed into attaining the XTINGS Hash algorithm which is the final design. Findings revealed that the Novel Hash Algorithm was able to meet the avalanche effect minimum expected rate of 50% in just six rounds. The novel hash algorithm is showing significant result that displays the characteristic of cryptographic property of diffusion with a robust hash function. Index Terms: Avalanche Effect, Cryptography, Diffusion, Hash Algorithm, Message Digest, Padding, Parsing . ——————————  —————————— 1 INTRODUCTION rom the advent of internet and e-commerce usage, reports on breaching of security had continuously increased. Identity theft is a crime from which attackers may obtain important information of someone such as social security, driver’s license and others that eventually lead to impersonate and gain access to someone’s account. Statistics shows that there are about an increase of 12% cases for Identity theft in US in 2009 and an increase of 12.5% on annual fraud amounting to $54 Billion [1]. At present, username and password are commonly used by many as a log-in process on protected application such as logging into accounts, accessing applications web sites and many others. In information security, password is a critical component; it is for this reason that a password standard was created. This standard identifies the characteristics of strong and weak passwords [2]. Previous studies have shown [3] that most respondents supply password consist of only alphabetic characteristics and password derived from personal details, use of short password and is seldom changed. It was also stated [2] that the following characteristics falls on a weak or poor password: a password that contains eight characters or less, it contains personal information such as birthdays, address, phone numbers or names and others, a password that contains number patterns such as ―aaabbb‖, ―qwerty‖, ―zyxwvuts‖, ―123321‖, ―welcome123‖, ―password123‖ among others. These characteristics of password are weak and are prone from possible attacks. Moreover, the characteristic of a strong password should consist of at least fifteen alphanumeric value, contains both uppercase and lowercase characters, contains numbers and symbols, and is not based on personal information. The standard set in supplying strong password is very challenging because human memory is limited. It was observed that strong password such as "Xa&2#iCj1%s" can be very difficult and affects the password memorability. On the study of [1], it analyses ID-password usage and new log-in vulnerability measures. It was found out that those vulnerability credentials of internet users were explained using cybernetic theory and cognitive psychology theory. In the cognitive psychology theory implies that people may be able to remember a few unique identification and password without difficulty but has a great trouble in remembering them when the number of combinations increases. Moreover, attackers crack password using password-cracking software [4]. For seven characters, the software can try alphanumeric in 5.5 hours, every alphanumeric password with common symbols in 45 hours and every possible keyboard password in 480 hours. The storing of password in plain text or in readable form allows attacker to easily break-in into any account. To solve this issue, a security strategy can be adopted with the use of cryptographic hash function on stored password. Cryptography was defined as the study of mathematical techniques into the aspects of Information Security [5]. Cryptography used hash function as a technology which can be implemented to solve increasing security issues [6]. Hash Function has a one-way property making it difficult for a ciphertext to invert. It involves mathematical calculation that takes any plaintext or message as input, performs several processes such padding, bits calculation (xoring, adding and multiplying) several permutations, concatenation, bits shifting and many others, and produces fixed size alphanumeric value. Hash algorithm is being applied into many applications such as digital signature, message authentication, data integrity and key derivation [6, 7] Hashing algorithms such as MD5 (Message Digest 5) by Ronald Rivest of Massachusetts Institute of Technology (MIT) in 1991 and SHA1 (Secure Hash Algorithm 1) of National Institute of Standard and Technology (NIST) in 1993 are the commonly used cryptographic protocols and Internet communications. In the past years, studies have shown that these hashing algorithm were no longer safe and is vulnerable to brute force attack [5, 8]. The continued modification, improvement and even creation of new cryptographic hash function has been advised by information security professionals that is resilient to the number of attacks [8]. This paper is geared towards proposing a new hash algorithm called XTINGS Hash algorithm, simulate its mathematical calculation, compare and evaluate to famous hash algorithm in terms of cryptographic security property. 2 RELATED LITERATURE There were several hash algorithms that was developed: Series of Message Digest (MD2, MD4, MD5, MD6), Series of Secure Hash Algorithms (SHA0, SHA1, SHA2, SHA3), Des- Like Message Digest Computation (DMDC), and Keyed- hashing Message Authentication Code (HMAC) [6]. The famous among these hash algorithms are MD5 and SHA1. The MD5 Operation produced a 128 bit which is computed as follows: 1) Padding of message into 152 bit, 2) Initialization of MD Buffer, 3) Calculation of Four Auxiliary Function (F,G,H and I) and 4) Calculation of FF,GG,HH and II. To obtain the value of a, the following calculation is performed: The value of initialized MD buffer for b,c and d is calculated using formula F