[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pre-shared key v RSA encryption or RSA signature authentication modes
On Monday 25 March 2002 11:08, Stephen Kent wrote:
> I'm glad you mentioned what I consider to be a significant downside
> of pre-shared secrets, although we come to very different
> conclusions. It is not too hard to imagine an attack in which the
> initiator connects to the wrong address, e.g., via some form of DNS
> attack, and the fake responder collects the initiator's secret, then
> drops the connection.
I thought this authentication method is YEARS gone? A-la HTTP Basic
Authentication?
Isn't practically everybody today using some form of challenge-response
auth with pre-shared secrets? [real-life examples would be helpful.]
--
Regards,
Uri
-=-=-<>-=-=-
<Disclaimer>