|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: DH-CHAPOn Fri, 12 Apr 2002, Yongge Wang wrote: > Thanks for all of your responses. > 1. First a small clarification: this kind of attack is easy to mount > than man-in-the-middle attack and is not a man-in-the-middle attack. How is this not a man-in-the-middle? Quoting your original note: > When the attacker Carol intercepts the first message from the initiator > to the target: "requesting for service". Carol will impersonate > target and send her g^x and r to target (which she knows x and r). ... > Now initiator will think that this g^x and r coming from the target > and will generate g^y and H(password, ID, H(r, ID, g^xy)) to target. Ahh.. It's not quite man-in-the-middle as you are impersonating the target. I'm not sure what to do about this. Take care, Bill
Home Last updated: Fri Apr 12 12:18:19 2002 9631 messages in chronological order |