>The description has virtually nothing to do with the actual algorithm >proposed. Follow the link in the article - http://www.stealth-attacks.info/ - >for an actual - if informal - description. > > There is no actual description publically available (there are three completely different protocols described in the press). I talked to the author about this; he sent me a fourth, somewhat reasonable document. At *best*, this is something akin to SRP with the server constantly proving its true nature with every character (yes, shoulder surfers get to attack keys one at a time). It could get pretty bad though, so rather than support it or bash it, I'd just reserve judgement until it's publically documented at Financial Crypto.
--Dan