2008 | OriginalPaper | Buchkapitel
Security of MD5 Challenge and Response: Extension of APOP Password Recovery Attack
verfasst von : Yu Sasaki, Lei Wang, Kazuo Ohta, Noboru Kunihiro
Erschienen in: Topics in Cryptology – CT-RSA 2008
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
In this paper, we propose an extension of the APOP attack that recovers the first 31 characters of APOP password in practical time, and theoretically recovers 61 characters. We have implemented our attack, and have confirmed that 31 characters can be successfully recovered. Therefore, the security of APOP is completely broken. The core of our new technique is finding collisions for MD5 which are more suitable for the recovery of APOP passwords. These collisions are constructed by employing the collision attack of den Boer and Bosselares and by developing a new technique named ”IV Bridge” which is an important step to satisfy the basic requirements of the collision finding phase. We show that the construction of this ”IV Bridge” can be done efficiently as well.