On Fri, Aug 08, 2003 at 12:03:01AM +0900, Hugh Sasse Staff Elec Eng wrote:
> Server generates nonce (as a function of whatever. ($$, time, current
> England cricket score, or something)).
> Client sees nonce (world sees nonce, too)
> Client sticks passwd on the end of nonce, and hashes the whole thing.
> Client sends hash back to server.
> Server sees response from client, and reconstructs the hash in the
> same way as the client.  If they agree all is OK.
> The hash function makes it hard for Eve to guess the passwd, and
> impossible to directly calculate it because information is
> destroyed.

OK. That lets B authenticate A. The main weakness is that if the nonce and
response are sniffed, the password is subject to an off-line dictionary
attack.

And of course, this exchange does not protect the rest of the data in
transit. An active attacker could allow this authentication exchange to take
place, and then substitute the subsequent session data with something else.

Regards,

Brian.