Skip to main content
SpringerLink
Log in

Password Recovery on Challenge and Response: Impossible Differential Attack on Hash Function

  • Conference paper
Progress in Cryptology – AFRICACRYPT 2008 (AFRICACRYPT 2008)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5023))

Included in the following conference series:

Abstract

We propose practical password recovery attacks against two challenge-response authentication protocols using MD4. When a res- ponse is computed as MD4(Password||Challenge), passwords up to 12 characters are practically recovered. To recover up to 8 characters, we need 16 times the amount of eavesdropping and 16 times the number of queries, and the off-line complexity is less than 235 MD4 computations. To recover up to 12 characters, we need 210 times the amount of eavesdropping and 210 times the number of queries, and the off-line complexity is less than 240 MD4 computations. When a response is computed as MD4(Password||Challenge||Password), passwords up to 8 characters are practically recovered by 28 times the amount of eavesdropping and 28 times the number of queries, and the off-line complexity is less than 239 MD4 computations. Our approach is similar to the “Impossible differential attack”, which was originally proposed for recovering the block cipher key. Good impossible differentials for hash functions are achieved by using local collision. This indicates that the presence of one practical local collision can damage the security of protocols.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Biham, E., Biryukov, A., Dunkelman, O., Richardson, E., Shamir, A.: Initial Observations on Skipjack: Cryptanalysis of Skipjack-3XOR. In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol. 1556, pp. 362–376. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  2. Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of Skipjack Reduced to 31 Rounds using Impossible Differentials, Technical Report CS0947, Technion - Computer Science Department (1998), http://www.cs.technion.ac.il/~biham/Reports/SkipJack.txt

  3. Contini, S., Yin, Y.L.: Forgery and partial key-recovery attacks on HMAC and NMAC using hash collisions. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 37–53. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  4. Fouque, P.-A., Leurent, G., Nguyen, P.: Full Key-Recovery Attacks on HMAC/NMAC-MD4 and NMAC-MD5. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 15–30. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  5. Kaliski Jr., B.S., Robshaw, M.J.B.: Message authentication with MD5. CryptoBytes 1(1), 5–8 (1995)

    Google Scholar 

  6. Leurent, G.: Message Freedom in MD4 and MD5 Collisions: Application to APOP. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 309–328. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  7. Rivest, R.L.: The MD4 Message-Digest Algorithm, RFC 1320 (April 1992), http://www.ietf.org/rfc/rfc1320.txt

  8. Rivest, R.L.: The MD4 Message Digest Algorithm. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 303–311. Springer, Heidelberg (1991)

    Google Scholar 

  9. Myers, J., Rose, M.: Post Office Protocol - Version 3, RFC 1939, (Standard). Updated by RFCs 1957, 2449. (May 1996), http://www.ietf.org/rfc/rfc1939.txt

  10. Preneel, B., van Oorschot, P.C.: On the Security of Two MAC Algorithms. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 19–32. Springer, Heidelberg (1996)

    Google Scholar 

  11. Rechberger, C., Rijmen, V.: On Authentication with HMAC and Non-Random Properties, Cryptology ePrint Archive, Report 2006/290, http://eprint.iacr.org/2006/290.pdf

  12. Sasaki, Y., Yamamoto, G., Aoki, K.: Practical Password Recovery on an MD5 Challenge and Response. Cryptology ePrint Archive, Report 2007/101, http://eprint.iacr.org/2007/101.pdf

  13. Simpson, W.: PPP Challenge Handshake Authentication Protocol (CHAP), RFC 1994, Updated by RFC 2484, (August 1996), http://www.ietf.org/rfc/rfc1994.txt

  14. Tsudik, G.: Message Authentication with One-Way Hash Functions. ACM Computer Communication Review 22(5), 29–38 (1992)

    Article  Google Scholar 

  15. Wang, L., Ohta, K., Kunihiro, N.: Password Recovery Attack on Authentication Protocol MD4(Password||Challenge). In: ASIACCS 2008 (to appear, 2008)

    Google Scholar 

  16. Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis of the Hash Functions MD4 and RIPEMD. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1–18. Springer, Heidelberg (2005)

    Google Scholar 

  17. Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–25. Springer, Heidelberg (2005)

    Google Scholar 

  18. Wang, X., Yu, H., Yin, Y.L.: Efficient Collision Search Attacks on SHA-0. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 1–16. Springer, Heidelberg (2005)

    Google Scholar 

  19. Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. NTT Information Sharing Platform Laboratories, NTT Corporation, 3-9-11 Midorichou, Musashino-shi, Tokyo, 180-8585, Japan

    Yu Sasaki

  2. The University of Electro-Communications, 1-5-1 Chofugaoka, Chofu-shi, Tokyo, 182-8585, Japan

    Lei Wang, Kazuo Ohta & Noboru Kunihiro

Authors
  1. Yu Sasaki
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lei Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kazuo Ohta
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Noboru Kunihiro
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Serge Vaudenay

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sasaki, Y., Wang, L., Ohta, K., Kunihiro, N. (2008). Password Recovery on Challenge and Response: Impossible Differential Attack on Hash Function. In: Vaudenay, S. (eds) Progress in Cryptology – AFRICACRYPT 2008. AFRICACRYPT 2008. Lecture Notes in Computer Science, vol 5023. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-68164-9_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-68164-9_20

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-68159-5

  • Online ISBN: 978-3-540-68164-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation