lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 10 Sep 2014 22:47:31 -0700
From: Alex Elsayed <>
Subject: Re: Re: Re: Re: Re: Re: Second factor (was A review per day - Schvrch)

Alex Elsayed wrote:

Augh, just realized I screwed up here:

> Given token T holding secret X, user U holding password P, and server S:
> U -> T: H(P)
> T -> U: Y = E(k=X, H(P))
> T -> S: R_t = PAKE(X)
> U -> S: R_u = PAKE(E(k=Y,P))
# Still need to latch P rather than H(P)
U -> S: R_u = PAKE(E(k=Y,P))
> T -> U: R_t
> U: K = R_t ^ R_u


Powered by blists - more mailing lists