Bit-Free Collision: Application to APOP Attack

Thus paper proposes a new variant of collisions oil hash functions named bit-free collision, which can be applied to reduce the number of chosen challenges ill password recovery attacks oil hash-based challenge and response protocols, such as APOP (Authentication Post Office Protocol). Ill all previous APOP attacks, the attacker needs to impersonate the server and to send poisoned chosen challenges to the user. Impersonating the Server takes a risk that the user may find out lie is being attacked Hence, it is important for the attacker to reduce the number of impersonation ill order to lower the probability that the attack will be detected. To achieve this, reducing the number of chosen challenges is necessary This paper is the first approach to improve previous APOP attacks based oil this observation to our best knowledge With t-bit-free collisions presented in this paper, the number of chosen challenges to recover each password character Call be reduced by approximately a factor of 2(t). Though our attack utilizing t-bit-free collisions needs higher offline complexity than previous attacks, the offline computation call be finished ill practical time, if the attacker call obtain reasonable computation power Ill this research, we generate I.-bit-free collisions oil MD5 practically As a result, the number of challenges for password recovery attacks oil real APOP is approximately half reduced. Of independent interest, we apply the bit-free-collision attack oil a simpler hash function MD4, and show that 3-bit-free collisions call be generated practically.