- From: Steve Petri <petri@litronic.com>
- Date: Mon, 07 Oct 1996 14:07:54 -0700
- To: Win Treese <treese@OpenMarket.com>
- Cc: ietf-tls@w3.org
Win Treese wrote: > > I'd like to close on the question of including shared-key > authentication in TLS. There has been little discussion > of the latest proposal from Barbara Fox, but I think we > went over the arguments pretty thoroughly a few weeks > ago. Is the latest proposal still vulnerable to this type of an attack: - Given a server with TLS/passauth and no attack detection - Attacker uses dictionary attack against an account, re-trying the Handshake with a dictionary of 65000 commonly used passphrases If the user's passphrase exists in the dictionary, then the effective security seems to be "16 bits" rather than "128 bits". -- Steve Petri petri@litronic.com Litronic, Inc. http://www.litronic.com
Received on Monday, 7 October 1996 17:08:51 UTC