Cryptology ePrint Archive: Report 2007/101

Practical Password Recovery on an MD5 Challenge and Response

Yu Sasaki and Go Yamamoto and Kazumaro Aoki

Abstract: This paper shows an attack against APOP protocol which is a challenge-and-response protocol. We utilize the Wang's attack to make collisions in MD5, and apply it to APOP protocol. We confirmed that the first 3 octets of secret key can be recovered by several hundred queries under the man-in-the-middle environment.

Category / Keywords: cryptographic protocols / APOP, MD5, collision

Date: received 20 Mar 2007

Contact author: maro at isl ntt co jp

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20070322:142745 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]