Extended Password Recovery Attacks against APOP, SIP, and Digest Authentication

Yu SASAKI; Lei WANG; Kazuo OHTA; Noboru KUNIHIRO

首页> 外文期刊>IEICE Transactions on fundamentals of electronics, communications & computer sciences >Extended Password Recovery Attacks against APOP, SIP, and Digest Authentication

【24h】

Extended Password Recovery Attacks against APOP, SIP, and Digest Authentication

机译：针对APOP，SIP和摘要式身份验证的扩展密码恢复攻击

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

In this paper, we propose password recovery attacks against challenge-response authentication protocols. Our attacks use a message difference for a MD5 collision attack proposed in IEICE 2008. First, we show how to efficiently find a message pair that collides with the above message difference. Second, we show that a password used in authenticated post office protocol (APOP) can be recovered practically. We also show that the password recovery attack can be applied to a session initiation protocol (SIP) and digest authentication. Our attack can recover up to the first 31 password characters in a short time and up to the first 60 characters faster than the naive search method. We have implemented our attack and confirmed that 31 characters can be successfully recovered.

机译：在本文中，我们提出了针对挑战响应身份验证协议的密码恢复攻击。我们的攻击针对IEICE 2008中提出的MD5冲突攻击使用了消息差异。首先，我们展示如何有效地找到与上述消息差异相冲突的消息对。其次，我们证明了可以实际恢复在经过身份验证的邮局协议（APOP）中使用的密码。我们还表明，密码恢复攻击可以应用于会话发起协议（SIP）和摘要身份验证。我们的攻击可以在很短的时间内恢复多达前31个密码字符，并且比朴素的搜索方法快达第60个字符。我们已经实施了攻击，并确认可以成功恢复31个字符。

著录项

来源
《IEICE Transactions on fundamentals of electronics, communications & computer sciences》 |2009年第1期|96-104|共9页
作者
Yu SASAKI; Lei WANG; Kazuo OHTA; Noboru KUNIHIRO;
展开▼
作者单位

NTT Information Sharing Platform Laboratories, NTT Corporation, Musashino-shi, 180-8585 Japan;

The University of Electro-Communications, Chofu-shi, 182-8585 Japan;

The University of Electro-Communications, Chofu-shi, 182-8585 Japan;

The University of Electro-Communications, Chofu-shi, 182-8585 Japan University of Tokyo;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类
关键词
APOP; SIP; digest authentication; IV bridge; collision attack; hash function; MD5;

机译：APOP;啜;摘要认证;IV桥;碰撞攻击;哈希函数;MD5;

相似文献

外文文献
中文文献
专利

1. Extended Password Recovery Attacks against APOP，SIP，and Digest Authentication [J] . 電子情報通信学会誌 . 2010,第7期

机译：针对APOP，SIP和摘要式身份验证的扩展密码恢复攻击
2. Fast password recovery attack: application to APOP [J] . Fanbao Liu, Yi Liu, Tao Xie, Journal of Intelligent Manufacturing . 2014,第2期

机译：快速密码恢复攻击：应用到APOP
3. Practical key-recovery attack against APOP, an MD5-based challenge-response authentication [J] . Gaeetan Leurent International journal of applied cryptography . 2008,第1期

机译：针对APOP（基于MD5的质询-响应身份验证）的实用密钥恢复攻击
4. Security of MD5 Challenge and Response: Extension of APOP Password Recovery Attack [C] . Yu Sasaki, Lei Wang, Kazuo Ohta, Cryptographers' Track at the RSA Conference . 2008

机译：MD5挑战和响应的安全性：扩展APOP密码恢复攻击
5. Password security and usability: From password checkers to a new framework for user authentication [D] . Aljaffan, Nouf Mohammed D. 2017

机译：密码安全性和可用性：从密码检查程序到新的用户身份验证框架
6. Password-Only Authenticated Three-Party Key Exchange Proven Secure against Insider Dictionary Attacks [O] . Junghyun Nam, Kim-Kwang Raymond Choo, Juryon Paik, -1

机译：经验证的仅密码验证的三方密钥交换可抵御内幕字典攻击
7. Fast Password Recovery Attack: Application to APOP [O] . Fanbao Liu, Yi Liu, Tao Xie, 2014

机译：快速密码恢复攻击：应用于APOP

Extended Password Recovery Attacks against APOP, SIP, and Digest Authentication

摘要

著录项

相似文献

相关主题

期刊订阅