Again Guideline of IPA Again Guideline of IPA We respect the IPAs - - PowerPoint PPT Presentation

again guideline of ipa again guideline of ipa
SMART_READER_LITE
LIVE PREVIEW

Again Guideline of IPA Again Guideline of IPA We respect the IPAs - - PowerPoint PPT Presentation

Jun 06, 2023 47 likes •122 views

Extended APOP Password Extended APOP Password Recovery Attack Recovery Attack Yu Sasaki, Lei Wang, Kazuo Ohta and Noboru Kunihiro (The University of Electro-Communications) 31 characters can be recovered. Remark: This research was done only

slide-1
SLIDE 1

Yu Sasaki, Lei Wang, Kazuo Ohta and Noboru Kunihiro

(The University of Electro-Communications)

Extended APOP Password Extended APOP Password Recovery Attack Recovery Attack

Remark: This research was done only by UEC.

31 characters can be recovered.

slide-2
SLIDE 2

Again Guideline of IPA Again Guideline of IPA

We respect the IPA’s policy so that we reported the discovery of the new attack to IPA.

IPA Conference Research lab Report wait for a while

2

We are sorry for not explaining all the details. We will explain the concept.

slide-3
SLIDE 3

Properties for Extending the Attack Properties for Extending the Attack

Need to construct a new MD5 collision attack. Need to construct a new MD5 collision attack. Our Approach Our Approach: : Use Boer

Use Boer’ ’s attack ( s attack (‘ ‘93) 93)

3

  • 1. ⊿M exists only in early part.
  • 2. Many collisions are computed fast.

Necessary Properties

password C2 C1 password

⊿M

password

Can hold long password!!

password

If initial value (IV) can have specific differences, MD5(IV1,M)=MD5(IV2, M) can be generated fast. The same M, no difference. Satisfy both properties!!

slide-4
SLIDE 4

Our New Attack Our New Attack

password password

Collision Boer’s attack MD5 IV

IV Bridge

C1 C2

Boer’s ⊿ IV

Boer’s attack needs ⊿IV, doesn’t work for MD5 IV. We constructed IV Bridge IV Bridge that connects MD5 IV and Boer’s ⊿IV.

Problems of Boer Problems of Boer’ ’s attack s attack Results Results

  • Experimentally confirmed 31

31 chars were recovered.

  • This attack efficiently recovers up to 61 characters.

4

slide-5
SLIDE 5

Differential Path Differential Path of Our Attack

  • f Our Attack

Sorry, we can’t show it now.

slide-6
SLIDE 6

Conclusion and Conclusion and Countermeasures Countermeasures

  • We found Boer’s attack would efficiently work for

APOP attack.

  • We experimentally confirmed that 31 characters
  • f APOP passwords were recovered.
  • Set strict restrictions on acceptable challenge string.

Countermeasures Countermeasures

6

  • We constructed IV Bridge that connects MD5 IV

and Boer’s ⊿IV. (printable chars only, less than 512 bits, etc. )

(By Leurent’s assumption, it takes 31 hours.)

  • Stop using MD5. Stop using prefix approach.
slide-7
SLIDE 7

Thank you for your attention !! Thank you for your attention !! Enough to say “vulnerability” ?