--
> > However, techniques that establish that the parties share a
> > weak secret without leaking that secret have been around
> > for years -- Bellovin and Merritt's DH-EKE, David Jablon's
> > SPEKE. And they don't require either party to send the
> > password itself at the end.
> They a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
* "James A. Donald" <[EMAIL PROTECTED]> [2005-03-08 12:25 -0800]:
> > > However, techniques that establish that the parties share a
> > > weak secret without leaking that secret have been around
> > > for years -- Bellovin and Merritt's DH-EKE, Dav
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
* "Whyte, William" <[EMAIL PROTECTED]> [2005-03-03 22:24 -0500]:
> I haven't read the original paper, and I have a great deal of
> respect for Markus Jakobsson. However, techniques that establish
> that the parties share a weak secret without leaking
y don't require either party to
send the password itself at the end.
William
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, February 23, 2005 7:30 AM
> To: cryptography@metzdowd.com; [EMAIL PROTECTED];
> [EMAIL PROTECTED]
&
| >Briefly, it works like this: point A transmits an encrypted message to point
| >B. Point B can decrypt this, if it knows the password. The decrypted text is
| >then sent back to point A, which can verify the decryption, and confirm that
| >point B really does know point A's password. Point A the
>The description has virtually nothing to do with the actual algorithm
>proposed. Follow the link in the article - http://www.stealth-attacks.info/ -
>for an actual - if informal - description.
>
>
There is no actual description publically available (there are three
completely different proto
On Thu, 24 Feb 2005, Peter Gutmann wrote:
> (Either this is a really bad idea or the details have been mangled by the
> Register).
No, it's just a really bad idea. A small group of us looked at this a few
weeks ago when it was announced, and while none of us are professional
cryptographers, we
Markus Jakobsson is a really smart guy who's done some cool stuff, so I
think this is probably better than it sounds in the article. His web
site is http://www.informatics.indiana.edu/markus/ but I don't see any
papers there that sound like what the article describes. I tried to
reverse engineer
--
On 24 Feb 2005 at 2:29, Peter Gutmann wrote:
> Isn't this a Crypto 101 mutual authentication mechanism (or
> at least a somewhat broken reinvention of such)? If the
> exchange to prove knowledge of the PW has already been
> performed, why does A need to send the PW to B in the last
> step?
<http://www.theregister.co.uk/2005/02/21/crypto_wireless/print.html>
The Register
Biting the hand that feeds IT
The Register » Security » Identity »
Original URL: http://www.theregister.co.uk/2005/02/21/crypto_wireless/
I'll show you mine if you show me, er, mine
By Lu
"R.A. Hettinga" <[EMAIL PROTECTED]> forwarded:
>Briefly, it works like this: point A transmits an encrypted message to point
>B. Point B can decrypt this, if it knows the password. The decrypted text is
>then sent back to point A, which can verify the decryption, and confirm that
>point B really d
11 matches
Mail list logo