Win Treese wrote: > > I'd like to close on the question of including shared-key > authentication in TLS. There has been little discussion > of the latest proposal from Barbara Fox, but I think we > went over the arguments pretty thoroughly a few weeks > ago. Is the latest proposal still vulnerable to this type of an attack: - Given a server with TLS/passauth and no attack detection - Attacker uses dictionary attack against an account, re-trying the Handshake with a dictionary of 65000 commonly used passphrases If the user's passphrase exists in the dictionary, then the effective security seems to be "16 bits" rather than "128 bits". -- Steve Petri petri@litronic.com Litronic, Inc. http://www.litronic.comReceived on Monday, 7 October 1996 17:08:51 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:17:12 UTC