How to Break EAP-MD5

Abstract : We propose an efficient attack to recover the passwords, used to authenticate the peer by EAP-MD5, in the IEEE 802.1X network. First, we recover the length of the used password through a method called length recovery attack by on-line queries. Second, we crack the known length password using a rainbow table pre-computed with a fixed challenge, which can be done efficiently with great probability through off-line computations. This kind of attack can also be implemented successfully even if the underlying hash function MD5 is replaced with SHA-1 or even SHA-512.
Type de document :
Communication dans un congrès
Ioannis Askoxylakis; Henrich C. Pöhls; Joachim Posegga. 6th International Workshop on Information Security Theory and Practice (WISTP), Jun 2012, Egham, United Kingdom. Springer, Lecture Notes in Computer Science, LNCS-7322, pp.49-57, 2012, Information Security Theory and Practice. Security, Privacy and Trust in Computing Systems and Ambient Intelligent Ecosystems. 〈10.1007/978-3-642-30955-7_6〉
Liste complète des métadonnées

Littérature citée [11 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01534313
Contributeur : Hal Ifip <>
Soumis le : mercredi 7 juin 2017 - 15:03:45
Dernière modification le : mercredi 7 juin 2017 - 15:05:24
Document(s) archivé(s) le : vendredi 8 septembre 2017 - 12:53:57

Fichier

978-3-642-30955-7_6_Chapter.pd...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Fanbao Liu, Tao Xie. How to Break EAP-MD5. Ioannis Askoxylakis; Henrich C. Pöhls; Joachim Posegga. 6th International Workshop on Information Security Theory and Practice (WISTP), Jun 2012, Egham, United Kingdom. Springer, Lecture Notes in Computer Science, LNCS-7322, pp.49-57, 2012, Information Security Theory and Practice. Security, Privacy and Trust in Computing Systems and Ambient Intelligent Ecosystems. 〈10.1007/978-3-642-30955-7_6〉. 〈hal-01534313〉

Partager

Métriques

Consultations de la notice

33

Téléchargements de fichiers

58