Security

Fast Password Recovery Attack: Application to APOP

Free registration required

Executive Summary

In this paper, the authors propose a fast password recovery attack to APOP application in local which can recover a password with 11 characters in less than one minute, recover a password with 31 characters extremely fast, about 4 minutes, and for 43 characters in practical time. These attacks truly simulate the practical password recovery attacks launched by malware in real life, and further confirm that the security of APOP is totally broken. To achieve these dramatical improvements, they propose a group satisfaction scheme; apply the divide-and-conquer strategy and a new suitable MD5 collision attack to greatly reduce the computational complexity in collision searching with high number of chosen bits.

  • Format: PDF
  • Size: 307.5 KB