Abstract
In Wang’s attack, message modifications allow to deterministically satisfy certain sufficient conditions to find collisions efficiently. Unfortunately, message modifications significantly change the messages and one has little control over the colliding blocks. In this paper, we show how to choose small parts of the colliding messages. Consequently, we break a security countermeasure proposed by Szydlo and Yin at CT-RSA ’06, where a fixed padding is added at the end of each block.
Furthermore, we also apply this technique to recover part of the passwords in the Authentication Protocol of the Post Office Protocol (POP). This shows that collision attacks can be used to attack real protocols, which means that finding collisions is a real threat.
Chapter PDF
Similar content being viewed by others
References
Biham, E., Chen, R.: Near-Collisions of SHA-0. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 290–305. Springer, Heidelberg (2004)
Black, J., Cochran, M., Highland, T.: A Study of the MD5 Attacks: Insights and Improvements. In: Robshaw, M. (ed.) FSE 2006. LNCS, vol. 4047, pp. 262–277. Springer, Heidelberg (2006)
Contini, S., Yin, Y.L.: Forgery and Partial Key-Recovery Attacks on HMAC and NMAC Using Hash Collisions. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, Springer, Heidelberg (2006)
Cramer, R.J.F. (ed.): EUROCRYPT 2005. LNCS, vol. 3494. Springer, Heidelberg (2005)
Daum, M.: Cryptanalysis of Hash Functions of the MD4-Family. PhD thesis, Ruhr-University of Bochum (2005)
Daum, M., Lucks, S.: Hash Collisions (The Poisoned Message Attack) “The Story of Alice and her Boss”. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, Springer, Heidelberg (2005), http://th.informatik.uni-mannheim.de/people/lucks/HashCollisions/
Dobbertin, H.: Cryptanalysis of MD4. J. Cryptology 11(4), 253–271 (1998)
Gebhardt, M., Illies, G., Schindler, W.: A Note on the Practical Value of Single Hash Collisions for Special File Formats.In: Dittmann, J. (ed.) Sicherheit, LNI, vol. 77, pp. 333–344. GI (2006)
Kim, J., Biryukov, A., Preneel, B., Hong, S.: On the Security of HMAC and NMAC Based on HAVAL, MD4, MD5, SHA-0 and SHA-1. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 242–256. Springer, Heidelberg (2006)
Klima, V.: Finding MD5 Collisions on a Notebook PC Using Multi-message Modifications. Cryptology ePrint Archive, Report 2005/102 (2005), http://eprint.iacr.org/
Klima, V.: Tunnels in Hash Functions: MD5 Collisions Within a Minute. Cryptology ePrint Archive, Report 2006/105 (2006), http://eprint.iacr.org/
Lenstra, A.K., Weger, B.d.: On the Possibility of Constructing Meaningful Hash Collisions for Public Keys.. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 267–279. Springer, Heidelberg (2005)
Myers, J., Rose, M.: Post Office Protocol - Version 3. RFC 1939 (Standard) (May 1996) Updated by RFCs 1957, 2449.
Naito, Y., Sasaki, Y., Kunihiro, N., Ohta, K.: Improved Collision Attack on MD4 with Probability Almost 1. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 129–145. Springer, Heidelberg (2006)
Preneel, B., van Oorschot, P.C.: On the Security of Two MAC Algorithms. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 19–32. Springer, Heidelberg (1996)
Sasaki, Y., Yamamoto, G., Aoki, K.: Practical password recovery on an md5 challenge and response. Cryptology ePrint Archive, Report 2007/101(2007), http://eprint.iacr.org/
Shoup, V. (ed.): CRYPTO 2005. LNCS, vol. 3621, pp. 14–18. Springer, Heidelberg (2005)
Stevens, M.: Fast Collision Attack on MD5. Cryptology ePrint Archive, Report 2006/104 (2006), http://eprint.iacr.org/
Stevens, M., Lenstra, A., de Weger, B.: Target Collisions for MD5 and Colliding X.509 Certificates for Different Identities. Cryptology ePrint Archive, Report 2006/360 (2006), http://eprint.iacr.org/
Szydlo, M., Yin, Y.L.: Collision-Resistant Usage of MD5 and SHA-1 Via Message Preprocessing. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 99–114. Springer, Heidelberg (2006)
Wang, X., Lai, X., Feng, D., Chen, H., Yu, X.: Cryptanalysis of the Hash Functions MD4 and RIPEMD. In: Cramer [4], pp. 1–18.
Wang, X., Yin, Y.L., Yu, H.: Finding Collisions in the Full SHA-1. In: Shoup [17], pp. 17–36 (2005)
Wang, X., Yu, H.: How to Break MD5 and Other Hash Functions. In: Cramer [4], pp. 19–35 (2005)
Wang, X., Yu, H., Yin, Y.L.: Efficient Collision Search Attacks on SHA-0. In: Shoup [17], pp. 1–16 (2005)
Yu, H., Wang, G., Zhang, G., Wang, X.: The Second-Preimage Attack on MD4. In: Desmedt, Y.G., Wang, H., Mu, Y., Li, Y. (eds.) CANS 2005. LNCS, vol. 3810, pp. 1–12. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Leurent, G. (2007). Message Freedom in MD4 and MD5 Collisions: Application to APOP. In: Biryukov, A. (eds) Fast Software Encryption. FSE 2007. Lecture Notes in Computer Science, vol 4593. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74619-5_20
Download citation
DOI: https://doi.org/10.1007/978-3-540-74619-5_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74617-1
Online ISBN: 978-3-540-74619-5
eBook Packages: Computer ScienceComputer Science (R0)