Psta.psiras.ru/

The paper analyzes the vulnerabilities of the BotikKey network protocol, which is used in the telecommunications system "Botik", Pereslavl-Zalessky, to authenticate subscriber connections. The protocol was developed within the framework of the Botik-technologies approach, according to which all hardware and software of the Botik network is either freely distributed or developed by the provider's own efforts. A description of the purpose of the protocol and implementation details is given, and the vulnerabilities associated with using the MD5 hashing algorithm are listed. Possible ways of compromising the BotikKey protocol are listed, including the APOP attack, whose purpose is to select an access password. Recommendations are given to the provider of communication services of the telecommunications system "Botik" on the rejection of the BotikKey system, or the transition to more current means of subscriber authentication.