Extended Password Recovery Attacks against APOP, SIP, and Digest Authentication
スポンサーリンク
概要
- 論文の詳細を見る
In this paper, we propose password recovery attacks against challenge-response authentication protocols. Our attacks use a message difference for a MD5 collision attack proposed in IEICE 2008. First, we show how to efficiently find a message pair that collides with the above message difference. Second, we show that a password used in authenticated post office protocol (APOP) can be recovered practically. We also show that the password recovery attack can be applied to a session initiation protocol (SIP) and digest authentication. Our attack can recover up to the first 31 password characters in a short time and up to the first 60 characters faster than the naive search method. We have implemented our attack and confirmed that 31 characters can be successfully recovered.
著者
-
WANG Lei
University of Electro-Communications
-
OHTA Kazuo
University of Electro-Communications
-
SASAKI Yu
NTT Information Sharing Platform Laboratories, NTT Corporation
-
KUNIHIRO Noboru
University of Electro-Communica-tions
関連論文
- Cryptanalysis of Two MD5-Based Authentication Protocols: APOP and NMAC
- Extended Password Recovery Attacks against APOP, SIP, and Digest Authentication
- Toward the Fair Anonymous Signatures : Deniable Ring Signatures(Signatures,Cryptography and Information Security)
- Security of Cryptosystems Using Merkle-Damgård in the Random Oracle Model
- Preimage Attack on 23-Step Tiger
- Cryptanalyses of Double-Mix Merkle-Damgård Mode in the Original Version of AURORA-512
- Extension of Secret Handshake Protocols with Multiple Groups in Monotone Condition
- Standard Deviation and Intra Prediction Mode Based Adaptive Spatial Error Concealment (SEC) in H.264/AVC
- Variable Block Size Motion Vector Retrieval Schemes for H.264 Inter Frame Error Concealment
- Cryptanalysis of Two MD5-Based Authentication Protocols : APOP and NMAC
- Practical Password Recovery Attacks on MD4 Based Prefix and Hybrid Authentication Protocols
- Extended Password Recovery Attacks against APOP, SIP, and Digest Authentication
- A Strict Evaluation on the Number of Conditions for SHA-1 Collision Search
- New Message Differences for Collision Attacks on MD4 and MD5
- Improved Collision Attacks on MD4 and MD5(Hash Functions,Cryptography and Information Security)
- Universally composable client-to-client general authenticated key exchange (特集:情報システムを支えるコンピュータセキュリティ技術の再考)
- Deterministic Polynomial Time Equivalence between Factoring and Key-Recovery Attack on Takagi's RSA
- Universally Composable Hierarchical Hybrid Authenticated Key Exchange(Protocols,Cryptography and Information Security)
- Improved Collision Search for Hash Functions : New Advanced Message Modification
- OAEP-ES : Methodology of Universal Padding Technique (Asymmetric Cipher) (Cryptography and Information Security)
- Solutions to Security Problems of Rivest and Shamir's Pay Word Scheme(Application)(Cryptography and Information Security)
- Provably Secure Multisignatures in Formal Security Model and Their Optimality
- Taxonomical Security Consideration of OAEP Variants(Discrete Mathematics and Its Applications)
- Small Secret CRT-Exponent Attacks on Takagi's RSA
- Preimage Attack on 23-Step Tiger
- Power Analysis against a DPA-Resistant S-Box Implementation Based on the Fourier Transform
- Near-Collision Attacks on MD4 : Applied to MD4-Based Protocols
- Exact Analyses of Computational Time for Factoring in Quantum Computers(Public Key Cryptography)(Cryptography and Information Security)
- Security of Cryptosystems Using Merkle-Damgard in the Random Oracle Model
- Visual Secret Sharing Schemes for Multiple Secret Images Allowing the Rotation of Shares(Discrete Mathematics and Its Applications)
- Ring signatures: universally composable definitions and constructions (特集:情報システムを支えるコンピュータセキュリティ技術の再考)
- Leaky Random Oracle
- FOREWORD
- Solving Generalized Small Inverse Problems
- Universally Composable NBAC-Based Fair Voucher Exchange for Mobile Environments
- How to Shorten a Ciphertext of Reproducible Key Encapsulation Mechanisms in the Random Oracle Model
- De-embedding of On-Chip Inductor at Millimeter-Wave Range
- Meet-in-the-Middle (Second) Preimage Attacks on Two Double-Branch Hash Functions RIPEMD and RIPEMD-128
- Toward Effective Countermeasures against an Improved Fault Sensitivity Analysis
- Proxiable Designated Verifier Signature
- A New Type of Fault-Based Attack: Fault Behavior Analysis