On the security of two MAC algorithms
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Security of MD5 challenge and response: extension of APOP password recovery attack
CT-RSA'08 Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology
Forgery and partial key-recovery attacks on HMAC and NMAC using hash collisions
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Efficient collision search attacks on SHA-0
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Cryptanalysis of the hash functions MD4 and RIPEMD
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
How to break MD5 and other hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Message freedom in MD4 and MD5 collisions: application to APOP
FSE'07 Proceedings of the 14th international conference on Fast Software Encryption
New message difference for MD4
FSE'07 Proceedings of the 14th international conference on Fast Software Encryption
Password recovery on challenge and response: impossible differential attack on hash function
AFRICACRYPT'08 Proceedings of the Cryptology in Africa 1st international conference on Progress in cryptology
WISTP'12 Proceedings of the 6th IFIP WG 11.2 international conference on Information Security Theory and Practice: security, privacy and trust in computing systems and ambient intelligent ecosystems
On the security of PPPoE network
Security and Communication Networks
Hi-index | 0.00 |
Several widely used hash functions such as MD4 and MD5 have been proven to be insecure. As a result, it was announced that the security of APOP, which is a hash based challenge and response authentication protocol, is totally broken. Several candidates of strengthened APOP are considered. This paper deals with one of these candidates, which is described as Hash(Password||Challenge) whereas previous APOP is done as Hash(Challenge||Password). Actually, Hash(P||C) is already used in other protocols such as CHAP. The main contribution of this paper is the proposal of a password recovery attack on MD4(P||C). Let l be the length of password. If l ≤ 16, the whole password will be recovered with 237 online queries and 221 offline MD4 computations. If 16 l ≤ 36, after 237 online queries, offline complexity will be reduced into 28xl--107 from 28xl in exhaustive search case. Generally speaking, the complexity is reduced by 2107 MD4 computations. Our attack utilizes a new pseudo collision of MD4 (called second round pseudo collision) which reveals that collision resistance of hash function is not sufficient to guarantee the security of Hash(P||C). This is the first approach to attack authentication protocol Hash(P||C).