Message authentication with one-way hash functions
ACM SIGCOMM Computer Communication Review
Password recovery attack on authentication protocol MD4(Password||Challenge)
Proceedings of the 2008 ACM symposium on Information, computer and communications security
On the Security of Digest Access Authentication
CSE '11 Proceedings of the 2011 14th IEEE International Conference on Computational Science and Engineering
A cryptanalytic time-memory trade-off
IEEE Transactions on Information Theory
On the security of PPPoE network
Security and Communication Networks
Fast password recovery attack: application to APOP
Journal of Intelligent Manufacturing
Hi-index | 0.00 |
We propose an efficient attack to recover the passwords, used to authenticate the peer by EAP-MD5, in the IEEE 802.1X network. First, we recover the length of the used password through a method called length recovery attack by on-line queries. Second, we crack the known length password using a rainbow table pre-computed with a fixed challenge, which can be done efficiently with great probability through off-line computations. This kind of attack can also be implemented successfully even if the underlying hash function MD5 is replaced with SHA-1 or even SHA-512.