again guideline of ipa again guideline of ipa
play

Again Guideline of IPA Again Guideline of IPA We respect the IPAs - PowerPoint PPT Presentation

Jun 06, 2023 •47 likes •117 views

Extended APOP Password Extended APOP Password Recovery Attack Recovery Attack Yu Sasaki, Lei Wang, Kazuo Ohta and Noboru Kunihiro (The University of Electro-Communications) 31 characters can be recovered. Remark: This research was done only

  1. Extended APOP Password Extended APOP Password Recovery Attack Recovery Attack Yu Sasaki, Lei Wang, Kazuo Ohta and Noboru Kunihiro (The University of Electro-Communications) 31 characters can be recovered. Remark: This research was done only by UEC.

  2. Again Guideline of IPA Again Guideline of IPA We respect the IPA’s policy so that we reported the discovery of the new attack to IPA. IPA Report wait for a while Conference Research lab We are sorry for not explaining all the details. We will explain the concept. 2

  3. Properties for Extending the Attack Properties for Extending the Attack Need to construct a new MD5 collision attack. Need to construct a new MD5 collision attack. Necessary Properties 1. ⊿ M exists only in early part. 2. Many collisions are computed fast. C1 password password password C2 password Can hold long password!! ⊿ M Our Approach : : Use Boer Our Approach Use Boer’ ’s attack ( s attack (‘ ‘93) 93) If initial value (IV) can have specific differences, MD5( IV1,M )=MD5( IV2 , M ) can be generated fast. The same M , no difference. Satisfy both properties!! 3

  4. Our New Attack Our New Attack Problems of Boer’ ’s attack s attack Problems of Boer Boer’s attack needs ⊿ IV , doesn’t work for MD5 IV . We constructed IV Bridge IV Bridge that connects MD5 IV and Boer’s ⊿ IV . Collision password C1 Boer’s MD5 ⊿ IV IV C2 password IV Bridge Boer’s attack Results Results 31 chars were recovered. • Experimentally confirmed 31 • This attack efficiently recovers up to 61 characters. 4

  5. Differential Path of Our Attack of Our Attack Differential Path Sorry, we can’t show it now.

  6. Conclusion and Conclusion and Countermeasures Countermeasures • We found Boer’s attack would efficiently work for APOP attack. • We constructed IV Bridge that connects MD5 IV and Boer’s ⊿ IV . • We experimentally confirmed that 31 characters of APOP passwords were recovered. (By Leurent’s assumption, it takes 31 hours.) Countermeasures Countermeasures • Set strict restrictions on acceptable challenge string. (printable chars only, less than 512 bits, etc . ) • Stop using MD5. Stop using prefix approach. 6

  7. Enough to say “vulnerability” ? Thank you for your attention !! Thank you for your attention !!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

guideline recommendations Instructions for guideline translators Recommendations form the core of

guideline recommendations Instructions for guideline translators Recommendations form the core of

How to identify and interpret ERBP guideline recommendations Instructions for guideline translators Recommendations form the core of any clinical practice guideline, and therefore require special attention during the process of translation.

523 views • 14 slides
8 October 2012 1 PGx for PK in ( early) drug developm ent PG-PK Guideline Guideline on the use

8 October 2012 1 PGx for PK in ( early) drug developm ent PG-PK Guideline Guideline on the use

8 October 2012 1 PGx for PK in ( early) drug developm ent PG-PK Guideline Guideline on the use of Pharmacogenetic Methodologies in the Pharmacokinetic Evaluation of Medicinal Products Marc Maliepaard PhD Senior Clinical assessor CBG-MEB

401 views • 27 slides
Health Community-Based Health Initiative Planning Guideline Health Priorities Guideline Community

Health Community-Based Health Initiative Planning Guideline Health Priorities Guideline Community

DoN: An Opportunity to Advance Health Community-Based Health Initiative Planning Guideline Health Priorities Guideline Community Engagement Guideline January 11, 2017 Retooling DoN for Todays Health Care Market Development of Revised CHI

627 views • 25 slides
Guideline Document ID: MNC-GUI-0098-20 Title: Guideline for Presentations & Publications

Guideline Document ID: MNC-GUI-0098-20 Title: Guideline for Presentations & Publications

Guideline Document ID: MNC-GUI-0098-20 Title: Guideline for Presentations & Publications (External) Site where document is utilised: MNCLHD Description: Guideline for approval process of external presentations and publications Keywords:

320 views • 5 slides
Guideline No. 20b December 2006 THE MANAGEMENT OF BREECH PRESENTATION This is the third edition

Guideline No. 20b December 2006 THE MANAGEMENT OF BREECH PRESENTATION This is the third edition

Guideline No. 20b December 2006 THE MANAGEMENT OF BREECH PRESENTATION This is the third edition of the guideline originally published in 1999 and revised in 2001 under the same title. 1. Purpose and scope The aim of this guideline is to

302 views • 13 slides
Joint EMEA (NRG)/EFPIA Workshop 11 September 2006 in London Guideline on acceptability of

Joint EMEA (NRG)/EFPIA Workshop 11 September 2006 in London Guideline on acceptability of

Joint EMEA (NRG)/EFPIA Workshop 11 September 2006 in London Guideline on acceptability of invented names Hanne Brokopp (MSD) 2 Guideline Guideline states The use of short qualifiers which do not carry established and relevant meaning in

341 views • 7 slides
Robin Thorpe & Meenu Wadhwa Revised Guideline: Differences from original Condensed; much

Robin Thorpe & Meenu Wadhwa Revised Guideline: Differences from original Condensed; much

Revised Immunogenicity Guideline: Assays and methods- Presentation of the draft guideline and introduction of the topics for discussion Robin Thorpe & Meenu Wadhwa Revised Guideline: Differences from original Condensed; much

588 views • 17 slides
Sites Objective of Guideline Objective: provide guidance to address inconsistent accounting

Sites Objective of Guideline Objective: provide guidance to address inconsistent accounting

Accounting for Landfill Sites Objective of Guideline Objective: provide guidance to address inconsistent accounting practices Improve comparability Provide necessary information to users Format: Guideline Scope of Guideline

617 views • 26 slides
Distribution Ring-fencing Guideline Update Stakeholder workshop 28 & 29 August 2019

Distribution Ring-fencing Guideline Update Stakeholder workshop 28 & 29 August 2019

Distribution Ring-fencing Guideline Update Stakeholder workshop 28 & 29 August 2019 aer.gov.au 1 Introduction Ring-fencing guideline p rogress so far guideline observations. Purpose of this consultation: review of

562 views • 31 slides
ST7 General Paediatrics RHSC Edinburgh Guideline overview What are we auditing?

ST7 General Paediatrics RHSC Edinburgh Guideline overview What are we auditing?

David Beattie ST7 General Paediatrics RHSC Edinburgh Guideline overview What are we auditing? Results What can we take from this? Questions/ discussion Dr Lizzie Bayman proposed guideline to be used locally To

382 views • 17 slides
Clinical Practice Guideline The Management of Breech Presentation NATIONAL CLINICAL GUIDELINE

Clinical Practice Guideline The Management of Breech Presentation NATIONAL CLINICAL GUIDELINE

Clinical Practice Guideline The Management of Breech Presentation NATIONAL CLINICAL GUIDELINE The Management of Breech Presentation Institute of Obstetricians and Gynaecologists, Royal College of Physicians of Ireland and the Clinical

504 views • 26 slides
Revision n of the state aid guideline nes in n the cont ntext of the EU ETS: discussion n on

Revision n of the state aid guideline nes in n the cont ntext of the EU ETS: discussion n on

ERCST Revision n of the state aid guideline nes in n the cont ntext of the EU ETS: discussion n on n the draft guideline nes Andrei Marcu , Director, ERCST Domien Vangenechten , ERCST Brussels January 16th, 2020 1 Agenda

502 views • 24 slides
2012 Addendum to the EU Guideline on Antibacterial Agents EMA Workshop on development of new

2012 Addendum to the EU Guideline on Antibacterial Agents EMA Workshop on development of new

2012 Addendum to the EU Guideline on Antibacterial Agents EMA Workshop on development of new antibacterial medicines October 2012 Presented by: Mair Powell Rapporteur An agency of the European Union Current guidance Guideline on

460 views • 43 slides
RFID Interoperability Best Practice Guideline ITS Canada Annual Conference & General Meeting

RFID Interoperability Best Practice Guideline ITS Canada Annual Conference & General Meeting

RFID Interoperability Best Practice Guideline ITS Canada Annual Conference & General Meeting Toronto 2013 May 26 to 29 IBI GROUP RFID INTEROPERABILITY BEST PRACTICE GUIDELINE Who is the Guideline for? You should be interested in this document

387 views • 26 slides
Rate of Return Guideline Review AER Board Meeting Discussion 17 May 2018 Overview Have

Rate of Return Guideline Review AER Board Meeting Discussion 17 May 2018 Overview Have

Rate of Return Guideline Review AER Board Meeting Discussion 17 May 2018 Overview Have advocated an objective of setting a guideline that is capable of being accepted and applied by stakeholders. To support this we have: Sought to

466 views • 10 slides
guideline concordance

guideline concordance

Using population bases staging data to inform cancer resource allocation cancer screening and treatment guideline concordance

382 views • 22 slides
iNET Seminar A Framework for Nation-Centric Classification and Observation of the Internet

iNET Seminar A Framework for Nation-Centric Classification and Observation of the Internet

iNET Seminar A Framework for Nation-Centric Classification and Observation of the Internet Sebastian Meiling Outline Introduction Methods Results Summary & Outlook 02/11/10 HAW Hamburg - iNET - Sebastian Meiling 2

468 views • 19 slides
CS615 - Aspects of System Administration Networking I Department of Computer Science Stevens

CS615 - Aspects of System Administration Networking I Department of Computer Science Stevens

CS615 - Aspects of System Administration Slide 1 CS615 - Aspects of System Administration Networking I Department of Computer Science Stevens Institute of Technology Jan Schaumann jschauma@stevens.edu https://stevens.netmeister.org/615/

818 views • 80 slides
Lecture 8: Internetworking, Naming CSE 123: Computer Networks Chris Kanich Project 1 due 11:59pm

Lecture 8: Internetworking, Naming CSE 123: Computer Networks Chris Kanich Project 1 due 11:59pm

Lecture 8: Internetworking, Naming CSE 123: Computer Networks Chris Kanich Project 1 due 11:59pm tonight Lecture 8 Overview Finish up IP Fragmentation, Route Aggregation CIDR Packet forwarding example User-friendly names (DNS)

760 views • 16 slides
CS615 - Aspects of System Administration Networking I Department of Computer Science Stevens

CS615 - Aspects of System Administration Networking I Department of Computer Science Stevens

CS615 - Aspects of System Administration Slide 1 CS615 - Aspects of System Administration Networking I Department of Computer Science Stevens Institute of Technology Jan Schaumann jschauma@stevens.edu

1.19k views • 62 slides
CS 528 Mobile and Ubiquitous Computing Lecture 3a: Android Components, Saving State &

CS 528 Mobile and Ubiquitous Computing Lecture 3a: Android Components, Saving State &

CS 528 Mobile and Ubiquitous Computing Lecture 3a: Android Components, Saving State & Rotation Emmanuel Agu Android App Components Android App Components Typical Java program starts from main( ) Android app: No need to write a main

752 views • 46 slides
CS 528 Mobile and Ubiquitous Computing Lecture 3: Android UI, WebView, Android Activity Lifecycle

CS 528 Mobile and Ubiquitous Computing Lecture 3: Android UI, WebView, Android Activity Lifecycle

CS 528 Mobile and Ubiquitous Computing Lecture 3: Android UI, WebView, Android Activity Lifecycle Emmanuel Agu Android UI Design Example GeoQuiz App Reference: Android Nerd Ranch, pgs 1 32 App presents questions to test users knowledge

1k views • 96 slides
FAMIS and App Tree Mobile Device Work Order Utilization Mark Kujawa / Martin Bentivengo Fire

FAMIS and App Tree Mobile Device Work Order Utilization Mark Kujawa / Martin Bentivengo Fire

FERMILAB-SLIDES-19-032-FESS FAMIS and App Tree Mobile Device Work Order Utilization Mark Kujawa / Martin Bentivengo Fire Tech Specialist / Building and Support Systems Manager Facilities Maintenance May 2019 This manuscript has been authored

407 views • 28 slides
Using Data from Breaches What is Users Level of Comfort? Sowmya Karunakaran, Google Let's start

Using Data from Breaches What is Users Level of Comfort? Sowmya Karunakaran, Google Let's start

SOUPS 2018 Using Data from Breaches What is Users Level of Comfort? Sowmya Karunakaran, Google Let's start with a pop quiz... Roughly, how many online accounts have been compromised through data breaches? 5,371,008,023 SOURCE:

1.03k views • 18 slides

More recommend