An attack on MySQL's login protocol

An attack on MySQL's login protocol

The MySQL challenge-and-response authentication protocol is proved insecure. We show how can an eavesdropper impersonate a valid user after witnessing only a few executions of this protocol. The algorithm of the underlying attack is presented. Finally we comment about implementations and statistical...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Arce, Ivan, Kargieman, Emiliano, Richarte, Gerardo, Sarraute, Carlos, Waissbein, Ariel
Format: Artikel
Sprache:eng
Schlagworte:
Computer Science - Cryptography and Security
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The MySQL challenge-and-response authentication protocol is proved insecure. We show how can an eavesdropper impersonate a valid user after witnessing only a few executions of this protocol. The algorithm of the underlying attack is presented. Finally we comment about implementations and statistical results.
DOI:10.48550/arxiv.1006.2411