Practical Password Recovery on an MD5 Challenge and Response
Summary:
After the Wang’s breakthrough [14] to find collision in hash functions, the security of hash functions has much attention. Since how to derive the Wang’s attack seems unclear, many studies are conducting to clarify this topic, for example [2].
On the other hand, people started to consider the influences of tractable collision against real applications of hash function. We know that tractable collision is undesirable property for a hash function, but we are not sure how to influence the property to applications of hash function such as digital signature, message authentication, and challenge-and-response protocols. For example, [5] shows how to alter a PostScript document to be signed, and [1] shows the security of NMAC and HMAC can be proven without collision-resistance property. However, no result is known for challenge-and-response protocols.
This paper shows an attack against APOP protocol which is based on MD5
[11] message authentication. Our attack utilizes the collision tractable property in MD5, and successfully recovers the first three octets of password under manin- the-middle environment. Moreover, the paper is an answer of the problem written in [6]:
Because of the message extension attack on the prefix approach, the
“suffix” approach, MD5(m¢ k), would seem to be preferred. But another
problem arises: the key may be vulnerable to cryptanalysis, depending
on the properties of the compression function.
The following sections organize as follows. Section 2 introduces the notation
and the previous results.
Format:
Pages : 11
Size: 189 kb
Author: Seokhee Lee, Antonio Savoldi, Sangjin Lee and Jongin Lim
Download:
Practical Password Recovery on an MD5 Challenge and Response