Sciweavers

IJACT
2008

Practical key-recovery attack against APOP, an MD5-based challenge-response authentication

14 years 14 days ago
Practical key-recovery attack against APOP, an MD5-based challenge-response authentication
Abstract: Hash functions are used in many cryptographic constructions under various assumptions, and the practical impact of collision attacks is often unclear. In this paper, we show how collisions can be used to recover part of the password used in the APOP authentication protocol. Since we actually need a little more than mere collisions, we look into the details of MD5 collisions. In Wang's attack, message modifications allow to deterministically satisfy certain sufficient conditions to find collisions efficiently. Unfortunately, message modifications significantly change the messages and one has little control over the colliding blocks. In this paper, we show how to choose small parts of the colliding messages, which will allow to build the APOP attack. This shows that collision attacks can be used to attack real protocols, which means that finding collisions is a real threat.
Gaëtan Leurent
Added 12 Dec 2010
Updated 12 Dec 2010
Type Journal
Year 2008
Where IJACT
Authors Gaëtan Leurent
Comments (0)