Research into the issue of BotikKey protocol resistance to the brute force attack

In this paper vulnerabilities of the BotikKey network protocol are described. The protocol is being used in the “Botik” telecommunication system of Pereslavl-Zalessky for secure subscriber authentication. Protocol was developed as part of Botik-technologies initiative, according to which all software and hardware is based on open source, or on the inhouse developments. We outline the purpose and implementation details of the protocol. It is pointed out that majority of protocol vulnerabilities arise from weaknesses of MD5 cryptographic hash function being used. BotikKey protocol can be compromised in several ways: brute force attack for recovering plain network password using specific software on high-performance computing devices and cloud services, password attack using rainbow tables for MD5 hash function, and the password theft. It is noted that “Botik” network service provider should use more contemporary cryptographic methods for subscriber authentication, or even avoid using the BotikKey system. (In Russian).