Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Practical key-recovery attack against APOP, an MD5-based challenge-response authentication

Practical key-recovery attack against APOP, an MD5-based challenge-response authentication Hash functions are used in many cryptographic constructions under various assumptions, and the practical impact of collision attacks is often unclear. In this paper, we show how collisions can be used to recover part of the password used in the APOP authentication protocol. Since we actually need a little more than mere collisions, we look into the details of MD5 collisions. In Wang's attack, message modifications allow to deterministically satisfy certain sufficient conditions to find collisions efficiently. Unfortunately, message modifications significantly change the messages and one has little control over the colliding blocks. In this paper, we show how to choose small parts of the colliding messages, which will allow to build the APOP attack. This shows that collision attacks can be used to attack real protocols, which means that finding collisions is a real threat. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png International Journal of Applied Cryptography Inderscience Publishers

Practical key-recovery attack against APOP, an MD5-based challenge-response authentication

Loading next page...
 
/lp/inderscience-publishers/practical-key-recovery-attack-against-apop-an-md5-based-challenge-FWS0pCd9vR

References (34)

Publisher
Inderscience Publishers
Copyright
Copyright © Inderscience Enterprises Ltd. All rights reserved
ISSN
1753-0563
eISSN
1753-0571
DOI
10.1504/IJACT.2008.017049
Publisher site
See Article on Publisher Site

Abstract

Hash functions are used in many cryptographic constructions under various assumptions, and the practical impact of collision attacks is often unclear. In this paper, we show how collisions can be used to recover part of the password used in the APOP authentication protocol. Since we actually need a little more than mere collisions, we look into the details of MD5 collisions. In Wang's attack, message modifications allow to deterministically satisfy certain sufficient conditions to find collisions efficiently. Unfortunately, message modifications significantly change the messages and one has little control over the colliding blocks. In this paper, we show how to choose small parts of the colliding messages, which will allow to build the APOP attack. This shows that collision attacks can be used to attack real protocols, which means that finding collisions is a real threat.

Journal

International Journal of Applied CryptographyInderscience Publishers

Published: Jan 1, 2008

There are no references for this article.