Security of MD5 challenge and response: extension of APOP password recovery attack

Authors:
Yu Sasaki;Lei Wang;Kazuo Ohta;Noboru Kunihiro
Affiliations:
NTT Information Sharing Platform Laboratories, NTT Corporation, Musashino-shi, Tokyo, Japan;The University of Electro-Communications, Chofu-shi, Tokyo, Japan;The University of Electro-Communications, Chofu-shi, Tokyo, Japan;The University of Electro-Communications, Chofu-shi, Tokyo, Japan
Venue:
CT-RSA'08 Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology
Year:
2008

Citing 9
Cited 7

Collisions for the compression function of MD5

EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Improved Collision Attacks on MD4 and MD5

IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Improved collision attack on hash function MD5

Journal of Computer Science and Technology
On the security of two MAC algorithms

EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Forgery and partial key-recovery attacks on HMAC and NMAC using hash collisions

ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
On the possibility of constructing meaningful hash collisions for public keys

ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
A study of the MD5 attacks: insights and improvements

FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
How to break MD5 and other hash functions

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Message freedom in MD4 and MD5 collisions: application to APOP

FSE'07 Proceedings of the 14th international conference on Fast Software Encryption

Password recovery attack on authentication protocol MD4(Password||Challenge)

Proceedings of the 2008 ACM symposium on Information, computer and communications security
A New Type of 2-Block Collisions in MD5

INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
A Hardware Architecture for Integrated-Security Services

Transactions on Computational Science IV
Bit-Free Collision: Application to APOP Attack

IWSEC '09 Proceedings of the 4th International Workshop on Security: Advances in Information and Computer Security
Second-preimage analysis of reduced SHA-1

ACISP'10 Proceedings of the 15th Australasian conference on Information security and privacy
Collisions of MMO-MD5 and their impact on original MD5

AFRICACRYPT'11 Proceedings of the 4th international conference on Progress in cryptology in Africa
Fast password recovery attack: application to APOP

Journal of Intelligent Manufacturing

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we propose an extension of the APOP attack that recovers the first 31 characters of APOP password in practical time, and theoretically recovers 61 characters. We have implemented our attack, and have confirmed that 31 characters can be successfully recovered. Therefore, the security of APOP is completely broken. The core of our new technique is finding collisions for MD5 which are more suitable for the recovery of APOP passwords. These collisions are constructed by employing the collision attack of den Boer and Bosselares and by developing a new technique named "IV Bridge" which is an important step to satisfy the basic requirements of the collision finding phase. We show that the construction of this "IV Bridge" can be done efficiently as well.