Password Recovery Attack to Authentication Post Office Protocol

In this paper,we propose a new password recovery attack to Authentication Post Office Protocol(APOP),which can recover more password characters and faster.First,based on tunnel and advanced message modification technologies,we propose a "Group Satisfaction Scheme"to satisfy determinately all conditions of the first three successive steps of the last tunnel,to further improve Message Digest Algorithm 5(MD5) collision searching efficiency.Second,we propose some new tunnels to generate more meaningful characters during MD5 collision searching;for example,we can construct an MD5 collision pair with as many as 352 fixed bits.Combining with these technologies,we can improve the efficiency of MD5 collision searching with high number of chosen bits,hence,we can recover APOP passwords with 31 characters extremely fast,and can also recover passwords as long as 43 characters in practical time.