|
|
Please login using the form on menu list.
It is required to login for Full-Text PDF.
|
Extended Password Recovery Attacks against APOP, SIP, and Digest Authentication
Yu SASAKI
Lei WANG
Kazuo OHTA
Noboru KUNIHIRO
Publication
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences Vol.E92-A No.1 pp.96-104
Publication Date: 2009/01/01
Online ISSN: 1745-1337
Print ISSN: 0916-8508
Type of Manuscript: Special Section PAPER (Special Section on Cryptography and Information Security)
Category: Hash Function
Keyword:
APOP,
SIP,
digest authentication,
IV bridge,
collision attack,
hash function,
MD5,
Full Text: PDF(229.4KB)
Summary:
In this paper, we propose password recovery attacks against challenge-response authentication protocols. Our attacks use a message difference for a MD5 collision attack proposed in IEICE 2008. First, we show how to efficiently find a message pair that collides with the above message difference. Second, we show that a password used in authenticated post office protocol (APOP) can be recovered practically. We also show that the password recovery attack can be applied to a session initiation protocol (SIP) and digest authentication. Our attack can recover up to the first 31 password characters in a short time and up to the first 60 characters faster than the naive search method. We have implemented our attack and confirmed that 31 characters can be successfully recovered.
|
|
