Hi All, When a symmetric key based challenge response is used, an attacker can perform a reflection attack by starting a second instance of a protocol and having the server answer its own questions.
To guard against the attack, is it sufficient to ensure all challenges sent from server to client are equal to 1 mod 2; and all client to server challenges are equal to 0 mod 2? Is it enough to break the symmetry? Jeff _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography