Password-based challenge-response

- P
- popboyz69
  
  Contact options for registered users
posted
17 years ago

Wed, Dec 27, 2006 12:34 AM

Hello all,

I have this question, hope to get some guidance...

Fora simple password-based challenge-response protocol between a user A and a server S, where Pa is A's password, n is a random nonce generated by the server, and h is a known cryptographic hash function.

S -> A: E(Pa,n)
A -> S: E(Pa,h(n))

How to show that this protocol is vulnerable to an off-line password guessing attack? and how would the attack take place ?. Under which circumstances would the vulnerability not be a problem?

any references and views are appreciated----- thanks again....!merry christmas !!!

Loading thread data ...

XML Sitemap
Terms of Service
Privacy Policy
Contact

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.