-- On 24 Feb 2005 at 2:29, Peter Gutmann wrote: > Isn't this a Crypto 101 mutual authentication mechanism (or > at least a somewhat broken reinvention of such)? If the > exchange to prove knowledge of the PW has already been > performed, why does A need to send the PW to B in the last > step? You either use timestamps to prove freshness or add an > extra message to exchange a nonce and then there's no need to > send the PW. Also in the above B is acting as an oracle for > password-guessing attacks, so you don't send back the > decrypted text but a recognisable-by-A encrypted response, or > garbage if you can't decrypt it, taking care to take the same > time whether you get a valid or invalid message to avoid > timing attacks. Blah blah Kerberos blah blah done twenty > years ago blah blah a'om bomb blah blah. > > (Either this is a really bad idea or the details have been > mangled by the Register).
It is a badly bungled implementation of a really old idea. An idea, which however, was never implemented on a large scale, resulting in the mass use of phishing attacks. Mutual authentication and password management should have been designed into SSH/PKI from the beginning, but instead they designed it to rely wholly on everyone registering themselves with a centralized authority, which of course failed. SSH/PKI is dead in the water, and causing a major crisis on internet transactions. Needs fixing - needs to be fixed by implementing cryptographic procedures that are so old that they are in danger of being forgetten. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG Dn3N69hcbr+mL/HUTw8OhGtKmD9rHYOMN4NTBkIY 47AOCXrb7e35xm5QBsHbFVr/jfm+XwTUvzdiytKpG