Extended Password Recovery Attacks Against Apop, Sip, and Digest Authentication

Yu Sasaki,Lei Wang,Kazuo Ohta,Noboru Kunihiro
DOI: https://doi.org/10.1587/transfun.e92.a.96
2009-01-01
Abstract:In this paper, we propose password recovery attacks against challenge-response authentication protocols. Our attacks use a message difference for a MD5 collision attack proposed in IEICE 2008. First, we show how to efficiently find a message pair that collides with the above message difference. Second, we show that a password used in authenticated post office protocol (APOP) can be recovered practically. We also show that the password recovery attack can be applied to a session initiation protocol (SIP) and digest authentication. Our attack can recover up to the first 31 password characters in a short time and up to the first 60 characters faster than the naive search method. We have implemented our attack and confirmed that 31 characters can be successfully recovered.
What problem does this paper attempt to address?