Differential cryptanalysis of the data encryption standard
Differential cryptanalysis of the data encryption standard
Collisions for the compression function of MD5
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Short Chosen-Prefix Collisions for MD5 and the Creation of a Rogue CA Certificate
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Bit-Free Collision: Application to APOP Attack
IWSEC '09 Proceedings of the 4th International Workshop on Security: Advances in Information and Computer Security
On the security of two MAC algorithms
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Security of MD5 challenge and response: extension of APOP password recovery attack
CT-RSA'08 Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology
New role-based access control in ubiquitous e-business environment
Journal of Intelligent Manufacturing
What is still wrong with the World-Wide Web? An update after a decade
Journal of Intelligent Manufacturing
An artificial neural network based heuristic for flow shop scheduling problems
Journal of Intelligent Manufacturing
On the Security of Digest Access Authentication
CSE '11 Proceedings of the 2011 14th IEEE International Conference on Computational Science and Engineering
Improved collision search for SHA-0
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Efficient collision search attacks on SHA-0
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Finding collisions in the full SHA-1
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Cryptanalysis of the hash functions MD4 and RIPEMD
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
How to break MD5 and other hash functions
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
WISTP'12 Proceedings of the 6th IFIP WG 11.2 international conference on Information Security Theory and Practice: security, privacy and trust in computing systems and ambient intelligent ecosystems
On the security of PPPoE network
Security and Communication Networks
Message freedom in MD4 and MD5 collisions: application to APOP
FSE'07 Proceedings of the 14th international conference on Fast Software Encryption
| Hi-index | 0.00 |
In this paper, we improve the password recovery attack to Authentication Post Office Protocol (APOP) from two aspects. First, we propose new tunnels to control more fixed bits of MD5 collision, hence, we can recover passwords with more characters, for example, as long as 43 characters can be recovered practically. Second, we propose a group satisfaction scheme, apply divide-and-conquer strategy and a new suitable MD5 collision attack, to greatly reduce the computational complexity in collision searching with high number of chosen bits. We propose a fast password recovery attack to application APOP in local that can recover a password with 11 characters in 1 min, recover a password with 31 characters extremely fast, about 6 min, and for 43 characters in practical time. These attacks truly simulate the practical password recovery attacks launched by malware in real life, and further confirm that the security of APOP is totally broken.