Extended Password Recovery Attacks against APOP, SIP, and Digest Authentication

被引：0

作者：

Sasaki, Yu ^{[1
]}

Wang, Lei ^{[2
]}

Ohta, Kazuo ^{[2
]}

Kunihiro, Noboru ^{[2
]}

机构：

[1] NTT Corp, NTT Informat Sharing Platform Labs, Musashino, Tokyo 1808585, Japan

[2] Univ Electrocommun, Chofu, Tokyo 1828585, Japan

来源：

IEICE TRANSACTIONS ON FUNDAMENTALS OF ELECTRONICS COMMUNICATIONS AND COMPUTER SCIENCES | 2009年 / E92A卷 / 01期

关键词：

APOP; SIP; digest authentication; IV bridge; collision attack; hash function; MD5; COLLISION ATTACKS; HASH COLLISIONS; MD5;

D O I：

10.1587/transfun.E92.A.96

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

In this paper, we propose password recovery attacks against challenge-response authentication protocols. Our attacks use a message difference for a MD5 collision attack proposed in IEICE 2008. First, we show how to efficiently find a message pair that collides with the above message difference. Second, we show that a password used in authenticated post office protocol (APOP) can be recovered practically. We also show that the password recovery attack can be applied to a session initiation protocol (SIP) and digest authentication. Our attack can recover up to the first 31 password characters in a short time and up to the first 60 characters faster than the naive search method. We have implemented our attack and confirmed that 31 characters can be successfully recovered.

引用

页码：96 / 104

页数：9

共 25 条

[1]

[Anonymous], 1992, MD5 MESSAGE DIGEST A

[2]

[Anonymous], 1999, RFC 2617

[3]

Black J, 2006, LECT NOTES COMPUT SC, V4047, P262

[4]

CHANG D, 2008048 CRYPT EPRINT

[5]

Contini S, 2006, LECT NOTES COMPUT SC, V4284, P37

[6]

DAUM M, RUMP SESS EUR 05

[7]

DENBOER B, 1994, LNCS, V765, P293

[8]

DOBBERTIN H, 1996, RUMP SESS EYR 96

[9]

DOBBERTIN H, 1996, STATUS MD5 RECENT AT, V2

[10]

GEBHARDT M, 2006, LNI, V77, P333

← 1 2 3 →