Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Security

IWSEC 2009: Advances in Information and Computer Security pp 3–21Cite as

Bit-Free Collision: Application to APOP Attack

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5824))

Abstract

This paper proposes a new variant of collisions on hash functions named bit-free collision, which can be applied to reduce the number of chosen challenges in password recovery attacks on hash-based challenge and response protocols, such as APOP (Authentication Post Office Protocol). In all previous APOP attacks, the attacker needs to impersonate the server and to send poisoned chosen challenges to the user. Impersonating the server takes a risk that the user may find out he is being attacked. Hence, it is important for the attacker to reduce the number of impersonation in order to lower the probability that the attack will be detected. To achieve this, reducing the number of chosen challenges is necessary. This paper is the first approach to improve previous APOP attacks based on this observation to our best knowledge. With t-bit-free collisions presented in this paper, the number of chosen challenges to recover each password character can be reduced by approximately a factor of 2t. Though our attack utilizing t-bit-free collisions needs higher offline complexity than previous attacks, the offline computation can be finished in practical time if the attacker can obtain reasonable computation power. In this research, we generate 1-bit-free collisions on MD5 practically. As a result, the number of challenges for password recovery attacks on real APOP is approximately half reduced. Of independent interest, we apply the bit-free-collision attack on a simpler hash function MD4, and show that 3-bit-free collisions can be generated practically.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Biham, E., Chen, R.: Near-collisions of SHA-0. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 290–305. Springer, Heidelberg (2004)

    Google Scholar 

  2. den Boer, B., Bosselaers, A.: Collisions for the Compression Function of MD-5. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 293–304. Springer, Heidelberg (1994)

    Chapter  Google Scholar 

  3. Damgård, I.: A design principle for hash functions. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 416–427. Springer, Heidelberg (1990)

    Google Scholar 

  4. Joux, A.: Multicollisions in iterated hash functions. Application to cascaded constructions. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 306–316. Springer, Heidelberg (2004)

    Google Scholar 

  5. Klima, V.: Tunnels in Hash Functions: MD5 Collisions Within a Minute. Cryptology ePrint Archive, Report 2006 /105, http://eprint.iacr.org/2006/105.pdf

  6. Leurent, G.: Message freedom in MD4 and MD5 collisions: Application to APOP. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 309–328. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  7. Merkle, R.C.: One Way Hash Functions and DES. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 428–446. Springer, Heidelberg (1990)

    Google Scholar 

  8. Myers, J., Rose, M.: Post Office Protocol - Version 3. RFC 1939 (Standard), Updated by RFCs 1957, 2449 (May 1996), ftp://ftp.isi.edu/in-notes/rfc1939.txt

  9. Rivest, R.L.: The MD4 Message Digest Algorithm. Request for Comments (RFC 1320), Network Working Group (1992)

    Google Scholar 

  10. Rivest, R.L.: The MD5 Message Digest Algorithm. Request for Comments (RFC 1321), Network Working Group (1992)

    Google Scholar 

  11. Sasaki, Y., Yamamoto, G., Aoki, K.: Practical Password Recovery on an MD5 Challenge and Response. Cryptology ePrint Archive, Report 2007/101

    Google Scholar 

  12. Sasaki, Y., Wang, L., Ohta, K., Kunihiro, N.: Security of MD5 challenge and response: Extension of APOP password recovery attack. In: Malkin, T.G. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 1–18. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  13. Sasaki, Y., Wang, L., Ohta, K., Kunihiro, N.: New message difference for MD4. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 329–348. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  14. Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis of the hash functions MD4 and RIPEMD. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 1–18. Springer, Heidelberg (2005)

    Google Scholar 

  15. Wang, X., Yu, H.: How to break MD5 and other hash functions. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 19–35. Springer, Heidelberg (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. The University of Electro-Communications, 1-5-1 Chofugaoka, Chofu-shi, Tokyo, 182-8585, Japan

    Lei Wang, Yu Sasaki, Kazuo Sakiyama & Kazuo Ohta

  2. NTT Information Sharing Platform Laboratories, NTT Corporation,  

    Yu Sasaki

Authors
  1. Lei Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yu Sasaki
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kazuo Sakiyama
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Kazuo Ohta
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Systems Information Science, Future University-Hakodate, 116-2 Kamedanakano-cho, Hakodate Hokkaido, Japan

    Tsuyoshi Takagi

  2. Graduate School of Systems and Information Engineering, University of Tsukuba, 305-8573, Tsukuba, Japan

    Masahiro Mambo

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wang, L., Sasaki, Y., Sakiyama, K., Ohta, K. (2009). Bit-Free Collision: Application to APOP Attack. In: Takagi, T., Mambo, M. (eds) Advances in Information and Computer Security. IWSEC 2009. Lecture Notes in Computer Science, vol 5824. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04846-3_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04846-3_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04845-6

  • Online ISBN: 978-3-642-04846-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation