• Complex
  • Title
  • Keyword
  • Abstract
  • Scholars
  • Journal
  • ISSN
  • Conference
搜索

Author:

Liu, Fanbao (Liu, Fanbao.)

Indexed by:

EI Scopus

Abstract:

Digest Access Authentication was originally proposed to provide peer authentication and data encryption in HTTP protocols. It has been widely employed along with the deployment of SASL. In this paper, we implement a password recovery attack to Digest Access Authentication that can recover passwords as long as 48 characters in overall off-line computation about 2 35 MD5 compressions and 8084 on-line queries. This confirms that the security of Digest Access Authentication is totally broken, and all applications based on that must be re-evaluated seriously. Further, we prove that the security of the hashing scheme H(CP), where H is a hash function, C is a challenge and P is a shared password, is totally dependent on the collision resistance of H, instead of the pre-image resistance. Such scheme can't be used in challenge and response protocols to protect the shared password. Finally, we prove that some hashing schemes like H(H(CP)) provide no more security than H(CP), in the aspect of collision resistance. © 2011 IEEE.

Keyword:

Hash functions Ubiquitous computing Authentication Recovery Computer system recovery

Author Community:

  • [ 1 ] [Liu, Fanbao]School of Computer, National University of Defense Technology, Changsha, 410073, Hunan, China
  • [ 2 ] [Liu, Fanbao]School of Computer, Beijing University of Technology, 100124, Beijing, China

Reprint Author's Address:

Show more details

Related Keywords:

Related Article:

Source :

Year: 2011

Page: 427-434

Language: English

Cited Count:

WoS CC Cited Count: 0

SCOPUS Cited Count: 10

ESI Highly Cited Papers on the List: 0 Unfold All

WanFang Cited Count:

Chinese Cited Count:

30 Days PV: 2

Online/Total:930/10657678
Address:BJUT Library(100 Pingleyuan,Chaoyang District,Beijing 100124, China Post Code:100124) Contact Us:010-67392185
Copyright:BJUT Library Technical Support:Beijing Aegean Software Co., Ltd.