I'll show you mine if you show me, er, mine
Dan Kaminsky
dan at doxpara.com
Thu Mar 3 16:43:21 PST 2005
>The description has virtually nothing to do with the actual algorithm
>proposed. Follow the link in the article - http://www.stealth-attacks.info/ -
>for an actual - if informal - description.
>
>
There is no actual description publically available (there are three
completely different protocols described in the press). I talked to the
author about this; he sent me a fourth, somewhat reasonable document.
At *best*, this is something akin to SRP with the server constantly
proving its true nature with every character (yes, shoulder surfers get
to attack keys one at a time). It could get pretty bad though, so
rather than support it or bash it, I'd just reserve judgement until it's
publically documented at Financial Crypto.
--Dan
More information about the Testlist
mailing list