Abstract
In this paper, we propose an extension of the APOP attack that recovers the first 31 characters of APOP password in practical time, and theoretically recovers 61 characters. We have implemented our attack, and have confirmed that 31 characters can be successfully recovered. Therefore, the security of APOP is completely broken. The core of our new technique is finding collisions for MD5 which are more suitable for the recovery of APOP passwords. These collisions are constructed by employing the collision attack of den Boer and Bosselares and by developing a new technique named ”IV Bridge” which is an important step to satisfy the basic requirements of the collision finding phase. We show that the construction of this ”IV Bridge” can be done efficiently as well.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Black, J., Cochran, M., Highland, T.: A Study of the MD5 Attacks: Insights and Improvements. In: Robshaw, M.J.B. (ed.) FSE 2006. LNCS, vol. 4047, pp. 262–277. Springer, Heidelberg (2006)
den Boer, B., Bosselaers, A.: Collisions for the Compression Function of MD5. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 293–304. Springer, Heidelberg (1994)
Contini, S., Yin, Y.L.: Forgery and partial key-recovery attacks on HMAC and NMAC using hash collisions. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 37–53. Springer, Heidelberg (2006)
Daum, M., Lucks, S.: Hash Collisions (The Poisoned Message Attack) The Story of Alice and her Boss. In: Eurocrypt 2005 (2005), http://th.informatik.uni-mannheim.de/people/lucks/HashCollisions/
Dobbertin, H.: Cryptanalysis of MD5 compress. In: Eyrocrypt 1996 (1996)
Dobbertin, H.: The Status of MD5 After a Recent Attack. In: CryptoBytes The technical newsletter of RSA Laboratories, a division of RSA Data Security, Inc., SUMMER 1996, vol. 2(2) (1996)
Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., Leach, P., Luotonen, A., Stewart, L.: HTTP Authentication: Basic and Digest Access Authentication, RFC 2617, June 1999 (1999), http://www.ietf.org/rfc/rfc2617.txt
Gebhardt, M., Illies, G., Schindler, W.: A note on the practical value of single hash collisions for special file formats. In: Dittmann, J. (ed.) Sicherheit, GI. LNI, vol. 77, pp. 333–344 (2006)
Klima, V.: Tunnels in Hash Functions: MD5 Collisions Within a Minute. Cryptology ePrint Archive, Report, /105. (2006), http://eprint.iacr.org/2006/105.pdf
Lenstra, A.K., de Weger, B.: On the possibility of constructing meaningful hash collisions for public keys. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 267–279. Springer, Heidelberg (2005)
Leurent, G.: Message Freedom in MD4 and MD5 Collisions: Application to APOP. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 309–328. Springer, Heidelberg (2007)
Liang, J., Lai, X.: Improved Collision Attack on Hash Function MD5. Journal of Computer Science and Technology 22(1), 79–87 (2007)
Rivest, R.L.: The MD5 Message Digest Algorithm. RFC 1321 (April, 1992), http://www.ietf.org/rfc/rfc1321.txt
Myers, J., Rose, M.: Post Office Protocol - Version 3. RFC 1939 (Standard), May 1996. Updated by RFCs 1957, 2449, http://www.ietf.org/rfc/rfc1939.txt
Preneel, B., van Oorschot, P.C.: On the Security of Two MAC Algorithms. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 19–32. Springer, Heidelberg (1996)
Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: SIP: Session Initiation Protocol, RFC 3261, June 2002 (2002), http://www.ietf.org/rfc/rfc3261.txt
Sasaki, Y., Naito, Y., Kunihiro, N., Ohta, K.: Improved, collision attack on MD5. Cryptology ePrint Archive, Report 2005/400, http://eprint.iacr.org/2005/400
Sasaki, Y., Naito, Y., Kunihiro, N., Ohta, K.: Improved Collision Attacks on MD4 and MD5. IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences (Japan), E90-A(1), 36–47 (2007) (The initial result was announced as [17])
Sasaki, Y., Yamamoto, G., Aoki, K.: Practical Password Recovery on an MD5 Challenge and Response. Cryptology ePrint Archive, Report 2007/101
Stevens, M., Lenstra, A., der Weger, B.: Chosen-prefix Collisions for MD5 and Colliding X.509 Certificates for Different Identities. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 1–12. Springer, Heidelberg (2007)
Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sasaki, Y., Wang, L., Ohta, K., Kunihiro, N. (2008). Security of MD5 Challenge and Response: Extension of APOP Password Recovery Attack. In: Malkin, T. (eds) Topics in Cryptology – CT-RSA 2008. CT-RSA 2008. Lecture Notes in Computer Science, vol 4964. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-79263-5_1
Download citation
DOI: https://doi.org/10.1007/978-3-540-79263-5_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-79262-8
Online ISBN: 978-3-540-79263-5
eBook Packages: Computer ScienceComputer Science (R0)