[2165] in cryptography@c2.net mail archive
More attacks on SRP?
daemon@ATHENA.MIT.EDU (Marcus Leech)
Mon Feb 23 20:54:57 1998
Date: Mon, 23 Feb 1998 14:29:19 -0500
From: "Marcus Leech" <Marcus.Leech.mleech@nt.com>
To: cryptography@c2.net
Gosh, I'm having fun with this:
I can record a completed session, then use it to run a dictionary attack
based on
the final exchange values, either M1 or M2.
I can simply run my dictionary generator, generating values for 'x', and
plugging values
from the recorded exchange into:
S = (B - g^x)^(a+ux)
K = H(S)
When I can get H(A,B,K) to match the recorded exchange value, then I
probably have the
correct value for 'x', and thus the correct value for 'v'. This adds
only one more
hash computation to the attack scenario.
Is my logic flawed?
--
----------------------------------------------------------------------
Marcus Leech Mail: Dept 8M86, MS 012, FITZ
Systems Security Architect Phone: (ESN) 393-9145 +1 613
763 9145
Messaging and Security Infrastructure Fax: (ESN) 395-1407 +1 613
765 1407
Nortel Technology mleech@nortel.ca
-----------------Expressed opinions are my own, not my employer's------
