An attack on MySQL's login protocol
نویسندگان
چکیده
TheMySQL challenge–and–response authentication protocol is proved insecure. We show how can an eavesdropper impersonate a valid user after witnessing only a few executions of this protocol. The algorithm of the underlying attack is presented. Finally we comment about implementations and statistical results.
منابع مشابه
The Distributed Authentication Login Scheme
In distributed system environment, security of system is an important issue whose basis is authentication protocol. Authentication protocol requires a authentication server which will decide login of users, and the server will be the main target of attacks. In this paper, we present a distributed authentication protocol model, whose goals are to avoid one point of attack and to increase availab...
متن کاملA Secure Identification and Key agreement protocol with user Anonymity (SIKA)
Anonymity is a desirable security feature in addition to providing user identification and key agreement during a user’s login process. Recently, Yang et al., proposed an efficient user identification and key distribution protocol while preserving user anonymity. Their protocol addresses a weakness in the protocol proposed by Wu and Hsu. Unfortunately, Yang’s protocol poses a vulnerability that...
متن کاملImplementation of Password Guessing Resistant Protocol (PGRP) to Prevent Online Attacks
The inadequacy of login protocols designed to address large scale online dictionary attacks (e.g., from a botnet of hundreds of thousands of nodes). Brute force and dictionary attacks on password-only remote login services are now widespread and emerging technique. Convenient login for legitimate users while preventing such attacks is a difficult problem. Automated Turing Tests (ATTs) continue ...
متن کاملAn Optimal Strong Password Authentication Protocol with USB Sticks
Authentication is the process for identify the correct user or not. The identities enclose mainly the username and passwords for verifying the two entities. The authentication information’s are stored in the form of encryption in a device which is properly registered in the server. At the time of authentication process performs between user and server the intruder can eves-dropping the communic...
متن کاملAn Anonymous User Authentication and Key Agreement Scheme Based on a Symmetric Cryptosystem in Wireless Sensor Networks
In wireless sensor networks (WSNs), a registered user can login to the network and use a user authentication protocol to access data collected from the sensor nodes. Since WSNs are typically deployed in unattended environments and sensor nodes have limited resources, many researchers have made considerable efforts to design a secure and efficient user authentication process. Recently, Chen et a...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- CoRR
دوره abs/1006.2411 شماره
صفحات -
تاریخ انتشار 2010