The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Dans cet article, nous présentons des attaques pratiques de récupération de mot de passe contre deux protocoles d'authentification par défi et réponse utilisant MD4. Pour les attaques sur les protocoles, le nombre de requêtes est l'un des facteurs les plus importants car la possibilité pour un attaquant de poser des requêtes est très limitée dans les protocoles réels. Lorsque les réponses sont calculées sous la forme MD4(Password||Challenge), ce qui est appelé approche par préfixe, les travaux précédents doivent demander 237 requêtes pour récupérer un mot de passe. Demander 237 les requêtes dans les protocoles réels sont presque impossibles. Dans notre attaque, pour récupérer jusqu'à 8 mots de passe de 1 octets, nous n'avons besoin que d'une fois le nombre d'écoutes clandestines, de 17 requêtes et de 234 Calculs hors ligne MD4. Pour récupérer des mots de passe jusqu'à 12 octets, nous n'en avons besoin que de 210 fois le nombre d'écoutes clandestines, 210 requêtes, et 241 calculs MD4 hors ligne. Lorsque les réponses sont calculées sous la forme MD4(Password||Challenge||Password), ce qui est appelé approche hybride, les travaux précédents doivent demander 263 requêtes, alors que dans notre attaque, des mots de passe jusqu'à 8 octets sont pratiquement récupérés en 28 fois le nombre d'écoutes clandestines, 28 requêtes, et 239 calculs MD4 hors ligne. Notre idée est de deviner une partie des mots de passe afin de pouvoir simuler les valeurs des variables de chaînage intermédiaires à partir des valeurs de hachage observées. Cela nous permet d'utiliser une courte collision locale qui se produit avec une très forte probabilité, et ainsi le nombre de requêtes devient pratique.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copier
Yu SASAKI, Lei WANG, Kazuo OHTA, Kazumaro AOKI, Noboru KUNIHIRO, "Practical Password Recovery Attacks on MD4 Based Prefix and Hybrid Authentication Protocols" in IEICE TRANSACTIONS on Fundamentals,
vol. E93-A, no. 1, pp. 84-92, January 2010, doi: 10.1587/transfun.E93.A.84.
Abstract: In this paper, we present practical password recovery attacks against two challenge and response authentication protocols using MD4. For attacks on protocols, the number of queries is one of the most important factors because the opportunity where an attacker can ask queries is very limited in real protocols. When responses are computed as MD4(Password||Challenge), which is called prefix approach, previous work needs to ask 237 queries to recover a password. Asking 237 queries in real protocols is almost impossible. In our attack, to recover up to 8-octet passwords, we only need 1 time the amount of eavesdropping, 17 queries, and 234 MD4 off-line computations. To recover up to 12-octet passwords, we only need 210 times the amount of eavesdropping, 210 queries, and 241 off-line MD4 computations. When responses are computed as MD4(Password||Challenge||Password), which is called hybrid approach, previous work needs to ask 263 queries, while in our attack, up to 8-octet passwords are practically recovered by 28 times the amount of eavesdropping, 28 queries, and 239 off-line MD4 computations. Our idea is guessing a part of passwords so that we can simulate values of intermediate chaining variables from observed hash values. This enables us to use a short local collision that occurs with a very high probability, and thus the number of queries becomes practical.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.E93.A.84/_p
Copier
@ARTICLE{e93-a_1_84,
author={Yu SASAKI, Lei WANG, Kazuo OHTA, Kazumaro AOKI, Noboru KUNIHIRO, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Practical Password Recovery Attacks on MD4 Based Prefix and Hybrid Authentication Protocols},
year={2010},
volume={E93-A},
number={1},
pages={84-92},
abstract={In this paper, we present practical password recovery attacks against two challenge and response authentication protocols using MD4. For attacks on protocols, the number of queries is one of the most important factors because the opportunity where an attacker can ask queries is very limited in real protocols. When responses are computed as MD4(Password||Challenge), which is called prefix approach, previous work needs to ask 237 queries to recover a password. Asking 237 queries in real protocols is almost impossible. In our attack, to recover up to 8-octet passwords, we only need 1 time the amount of eavesdropping, 17 queries, and 234 MD4 off-line computations. To recover up to 12-octet passwords, we only need 210 times the amount of eavesdropping, 210 queries, and 241 off-line MD4 computations. When responses are computed as MD4(Password||Challenge||Password), which is called hybrid approach, previous work needs to ask 263 queries, while in our attack, up to 8-octet passwords are practically recovered by 28 times the amount of eavesdropping, 28 queries, and 239 off-line MD4 computations. Our idea is guessing a part of passwords so that we can simulate values of intermediate chaining variables from observed hash values. This enables us to use a short local collision that occurs with a very high probability, and thus the number of queries becomes practical.},
keywords={},
doi={10.1587/transfun.E93.A.84},
ISSN={1745-1337},
month={January},}
Copier
TY - JOUR
TI - Practical Password Recovery Attacks on MD4 Based Prefix and Hybrid Authentication Protocols
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 84
EP - 92
AU - Yu SASAKI
AU - Lei WANG
AU - Kazuo OHTA
AU - Kazumaro AOKI
AU - Noboru KUNIHIRO
PY - 2010
DO - 10.1587/transfun.E93.A.84
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E93-A
IS - 1
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - January 2010
AB - In this paper, we present practical password recovery attacks against two challenge and response authentication protocols using MD4. For attacks on protocols, the number of queries is one of the most important factors because the opportunity where an attacker can ask queries is very limited in real protocols. When responses are computed as MD4(Password||Challenge), which is called prefix approach, previous work needs to ask 237 queries to recover a password. Asking 237 queries in real protocols is almost impossible. In our attack, to recover up to 8-octet passwords, we only need 1 time the amount of eavesdropping, 17 queries, and 234 MD4 off-line computations. To recover up to 12-octet passwords, we only need 210 times the amount of eavesdropping, 210 queries, and 241 off-line MD4 computations. When responses are computed as MD4(Password||Challenge||Password), which is called hybrid approach, previous work needs to ask 263 queries, while in our attack, up to 8-octet passwords are practically recovered by 28 times the amount of eavesdropping, 28 queries, and 239 off-line MD4 computations. Our idea is guessing a part of passwords so that we can simulate values of intermediate chaining variables from observed hash values. This enables us to use a short local collision that occurs with a very high probability, and thus the number of queries becomes practical.
ER -