Abstract
We propose practical password recovery attacks against two challenge-response authentication protocols using MD4. When a res- ponse is computed as MD4(Password||Challenge), passwords up to 12 characters are practically recovered. To recover up to 8 characters, we need 16 times the amount of eavesdropping and 16 times the number of queries, and the off-line complexity is less than 235 MD4 computations. To recover up to 12 characters, we need 210 times the amount of eavesdropping and 210 times the number of queries, and the off-line complexity is less than 240 MD4 computations. When a response is computed as MD4(Password||Challenge||Password), passwords up to 8 characters are practically recovered by 28 times the amount of eavesdropping and 28 times the number of queries, and the off-line complexity is less than 239 MD4 computations. Our approach is similar to the “Impossible differential attack”, which was originally proposed for recovering the block cipher key. Good impossible differentials for hash functions are achieved by using local collision. This indicates that the presence of one practical local collision can damage the security of protocols.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Biham, E., Biryukov, A., Dunkelman, O., Richardson, E., Shamir, A.: Initial Observations on Skipjack: Cryptanalysis of Skipjack-3XOR. In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol. 1556, pp. 362–376. Springer, Heidelberg (1999)
Biham, E., Biryukov, A., Shamir, A.: Cryptanalysis of Skipjack Reduced to 31 Rounds using Impossible Differentials, Technical Report CS0947, Technion - Computer Science Department (1998), http://www.cs.technion.ac.il/~biham/Reports/SkipJack.txt
Contini, S., Yin, Y.L.: Forgery and partial key-recovery attacks on HMAC and NMAC using hash collisions. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 37–53. Springer, Heidelberg (2006)
Fouque, P.-A., Leurent, G., Nguyen, P.: Full Key-Recovery Attacks on HMAC/NMAC-MD4 and NMAC-MD5. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 15–30. Springer, Heidelberg (2007)
Kaliski Jr., B.S., Robshaw, M.J.B.: Message authentication with MD5. CryptoBytes 1(1), 5–8 (1995)
Leurent, G.: Message Freedom in MD4 and MD5 Collisions: Application to APOP. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 309–328. Springer, Heidelberg (2007)
Rivest, R.L.: The MD4 Message-Digest Algorithm, RFC 1320 (April 1992), http://www.ietf.org/rfc/rfc1320.txt
Rivest, R.L.: The MD4 Message Digest Algorithm. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 303–311. Springer, Heidelberg (1991)
Myers, J., Rose, M.: Post Office Protocol - Version 3, RFC 1939, (Standard). Updated by RFCs 1957, 2449. (May 1996), http://www.ietf.org/rfc/rfc1939.txt
Preneel, B., van Oorschot, P.C.: On the Security of Two MAC Algorithms. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 19–32. Springer, Heidelberg (1996)
Rechberger, C., Rijmen, V.: On Authentication with HMAC and Non-Random Properties, Cryptology ePrint Archive, Report 2006/290, http://eprint.iacr.org/2006/290.pdf
Sasaki, Y., Yamamoto, G., Aoki, K.: Practical Password Recovery on an MD5 Challenge and Response. Cryptology ePrint Archive, Report 2007/101, http://eprint.iacr.org/2007/101.pdf
Simpson, W.: PPP Challenge Handshake Authentication Protocol (CHAP), RFC 1994, Updated by RFC 2484, (August 1996), http://www.ietf.org/rfc/rfc1994.txt
Tsudik, G.: Message Authentication with One-Way Hash Functions. ACM Computer Communication Review 22(5), 29–38 (1992)
Wang, L., Ohta, K., Kunihiro, N.: Password Recovery Attack on Authentication Protocol MD4(Password||Challenge). In: ASIACCS 2008 (to appear, 2008)
Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis of the Hash Functions MD4 and RIPEMD. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1–18. Springer, Heidelberg (2005)
Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–25. Springer, Heidelberg (2005)
Wang, X., Yu, H., Yin, Y.L.: Efficient Collision Search Attacks on SHA-0. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 1–16. Springer, Heidelberg (2005)
Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sasaki, Y., Wang, L., Ohta, K., Kunihiro, N. (2008). Password Recovery on Challenge and Response: Impossible Differential Attack on Hash Function. In: Vaudenay, S. (eds) Progress in Cryptology – AFRICACRYPT 2008. AFRICACRYPT 2008. Lecture Notes in Computer Science, vol 5023. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-68164-9_20
Download citation
DOI: https://doi.org/10.1007/978-3-540-68164-9_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-68159-5
Online ISBN: 978-3-540-68164-9
eBook Packages: Computer ScienceComputer Science (R0)