Hello all,
I have this question, hope to get some guidance...
Fora simple password-based challenge-response protocol between a user A
and a server S, where Pa is A's password, n is a random nonce generated
by the server, and h is a known cryptographic hash function.
- S -> A: E(Pa,n)
- A -> S: E(Pa,h(n))
How to show that this protocol is vulnerable to an off-line password
guessing attack? and how would the attack take place ?. Under which
circumstances would the vulnerability not be a problem?
thanks for reading...
cheers.