Re: Passphrases in or out

> Christopher Allen wrote:
> >f) Some cryptographers to speak up on the proposal.

I have a question for the cryptographers...

The "Shared Key Authentication for the TLS Protocol" paper

==> In fact, even a challenge-response protocol which never
==> reveals the password is vulnerable, if a poorly chosen, guessable
==> password is used; an attacker can obtain the (weakly protected)
==> transcript of the challenge-response protocol, then attempt to guess the
==> password, verifying each guess against the transcript.

Would not this same type of attack be possible against the current
proposal?  It seems to me that if your are not using asymmetric crypto, 
an eavesdropper would have all required info from the transcript of
the session to perform this type of an attack.  That is, it doesn't
matter if the transcript is "weakly protected" or "strongly protected" --
without asym crypto, the attacker has the same info about the session
as the valid participants.

Not being a cryptographer, I apologize if this question is misguided.

Steve Petri
Litronic Industries				(714)545-6649

Received on Monday, 5 August 1996 16:29:17 UTC