- From: Steve Petri <petri@litronic.com>
- Date: Mon, 05 Aug 1996 13:28:41 -0700
- To: ietf-tls@w3.org
> > Christopher Allen wrote: > > >f) Some cryptographers to speak up on the proposal. > I have a question for the cryptographers... The "Shared Key Authentication for the TLS Protocol" paper states: ==> In fact, even a challenge-response protocol which never ==> reveals the password is vulnerable, if a poorly chosen, guessable ==> password is used; an attacker can obtain the (weakly protected) ==> transcript of the challenge-response protocol, then attempt to guess the ==> password, verifying each guess against the transcript. Would not this same type of attack be possible against the current proposal? It seems to me that if your are not using asymmetric crypto, an eavesdropper would have all required info from the transcript of the session to perform this type of an attack. That is, it doesn't matter if the transcript is "weakly protected" or "strongly protected" -- without asym crypto, the attacker has the same info about the session as the valid participants. Not being a cryptographer, I apologize if this question is misguided. Regards, Steve Petri petri@litronic.com Litronic Industries (714)545-6649
Received on Monday, 5 August 1996 16:29:17 UTC