Psta.psiras.ru/

In this paper, the study of the resistance to various attacks of the BotikKey network protocol, which is used in the telecommunications system "Botik" in Pereslavl-Zalessky for authentication of subscriber connections, is given. The protocol was developed within the framework of the Botik-technologies approach, according to which all hardware and software of the Botik network is either freely distributed or developed by the provider's own efforts. The paper presents the purpose of the protocol, the concept of the password, the access key, the access region, and the scheme for executing network exchanges between the client and the BotikKey server. The vulnerabilities of the BotikKey protocol are listed: the choice of the access key by the method of direct enumeration on parallel computing systems, or on cloud services, the selection of the BotikKey password using rainbow tables for the MD5 hash function, the SSL attack on the protocol users in order to select the password for accessing the Internet , a description of the consequences of stealing the password from the file system. Recommendations are given to the provider of communication services of the telecommunications system "Botik" on the rejection of the BotikKey system, or to the transition to more actual means of authenticating subscriber connections.