m 23.08.2008 um 00:20 schrieb Dirk Meyer:
Woudln't that mean an attacker could chose the question and chose one to which he knows the answer because it's not so secret? If anattacker does that with both ends, he has won, because he selected thequestion. Correct me if I'm wrong.No correction, you are right. The riddle is a stupid idea.
So we should go for SAS, I think. Having a 32-bit SAS encoded with Mnemonics (like already suggested here) really sounds like a great idea. I'd even prefer that to the way it's done in ESessions now :รพ.
-- Jonathan
PGP.sig
Description: This is a digitally signed message part
