Fast password recovery attack: application to APOP

Liu, Fanbao; Liu, Yi; Xie, Tao; Feng, Dan; Feng, Yunhe

doi:10.1007/s10845-012-0670-5

Cited by 5 publications

(4 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Second, with the efficient password cracking using probabilistic context‐free grammars, we further improve it to quickly crack the known‐length password. We confirm that it is unsuitable to further deploy PPPoE in commercial using until all of the proven weak authentication protocols are abolished and replaced with more secure Extensible Authentication Protocols (EAPs), and the security of MD5‐based network applications should be re‐evaluated .…”

Section: Introductionmentioning

confidence: 84%

On the security of PPPoE network

Liu

Xie

Feng

et al. 2012

Security Comm Networks

Self Cite

View full text Add to dashboard Cite

Point‐to‐Point Protocol over Ethernet (PPPoE) is a network protocol for encapsulating PPP frames inside Ethernet frames. It is widely used by commercial Internet service providers to provide Internet surfing for customers who pay bills. In this paper, we analyze the security of PPPoE network. We find that we can easily collect information about both the peers and the PPPoE authentication servers. We can use such information to recover the peer's authentication password by silently impersonating the server, which is undetectable in the network. We impersonate the server in the peers' LAN and get their passwords by hijacking the peers' PPPoE connections and negotiating for using the Password Authentication Protocol (PAP). We further propose an efficient password recovery attack against the Challenge‐Handshake Authentication Protocol (CHAP). We first recover the length of the used password through on‐line queries, based on the weakness of MD5 input pre‐processing. Then, we crack the known‐length password off‐line, using the probabilistic context‐free grammars. We point out that PPPoE cannot be used anymore until all of the weak authentication protocols including PAP, CHAP, and Microsoft CHAP are abolished right now and replaced with more secure Extensible Authentication Protocols. Copyright © 2012 John Wiley & Sons, Ltd.

show abstract

Section: Introductionmentioning

confidence: 84%

On the security of PPPoE network

Liu

Xie

Feng

et al. 2012

Security Comm Networks

Self Cite

View full text Add to dashboard Cite

show abstract

“…В настоящее время протокол APOP считается скомпрометирован-ным, так как его применение позволит злоумышленнику (который выдает себя за почтовый сервер) за разумное время восстановить до 43 символов (байт) пароля [7]. Опишем стратегию, применяемую для выполнения атаки на протокол APOP.…”

Section: Md5unclassified

On the cryptographic security of the “BotikKey” authentication protocol against attacks on MD5 hash function

Кuznetsov¹

2015

PSTA

View full text Add to dashboard Cite

Исследование криптостойкости протокола аутентификации BotikKey к компрометации уязвимостей алгоритма хеширования MD5Аннотация. В работе приведен анализ уязвимостей сетевого протокола BotikKey, который используется в системе телекоммуникаций «Ботик» г. Пе-реславля-Залесского для аутентификации абонентских подключений. Про-токол разработан в рамках подхода Ботик-технологий, согласно которому все программно-аппаратное обеспечение сети «Ботик» является либо сво-бодно-распространяемым, либо разработано собственными усилиями компа-нии-провайдера. Дано описание назначения протокола и деталей реализации, и перечислены уязвимости, связанные с использованием алгоритма хеши-рования MD5. Приведены возможные способы компрометации протокола BotikKey, в том числе APOP-атака, целью которой является подбор пароля доступа. Даны рекомендации провайдеру услуг связи системы телекомму-никаций «Ботик» по отказу от системы BotikKey, либо переходу на более актуальные средства аутентификации абонентов.Ключевые слова и фразы: протокол BotikKey, безопасная аутентификация, криптография, алгоритм MD5, APOP-атака.

show abstract

“…MD5 [11,17,7,8] is a typical Merkle-Damgård structure hash function, which takes a variable-length message M as input and outputs a 128-bit hash value. M is first padded to be multiples of 512 bits, a '1' added at the tail of M , followed by '0's until the bit length becomes 448 on modulo 512, finally, the length of the unpadded message M is inserted to the last 64 bits.…”

Section: Brief Description Of Md5mentioning

confidence: 99%

How to Break EAP-MD5

Liu

Xie

2012

Information Security Theory and Practice. Security, Privacy and Trust in Computing Systems and Ambient Intelligent Ecosystems

Self Cite

View full text Add to dashboard Cite

Abstract. We propose an efficient attack to recover the passwords, used to authenticate the peer by EAP-MD5, in the IEEE 802.1X network. First, we recover the length of the used password through a method called length recovery attack by on-line queries. Second, we crack the known length password using a rainbow table pre-computed with a fixed challenge, which can be done efficiently with great probability through off-line computations. This kind of attack can also be implemented successfully even if the underlying hash function MD5 is replaced with SHA-1 or even SHA-512.

show abstract

Fast password recovery attack: application to APOP

Cited by 5 publications

References 22 publications

On the security of PPPoE network

On the security of PPPoE network

On the cryptographic security of the “BotikKey” authentication protocol against attacks on MD5 hash function

How to Break EAP-MD5

Contact Info

Product

Resources

About