> Alice: > Token = H(bob's PK XOR my PK + session key) > Send Token + H(bob's PK + token) > > Bob: > If gets it all right, accept it and send IV > If gets H(bob's PK + token) right (he sent token, we know our > own PK), we know he knows our key, so send a hangup byte (and go > to inbound neg with no known session) > If gets it all wrong, close the connection
What about replay attacks? Ian. -- Ian Clarke ian at locut.us Coordinator, The Freenet Project http://freenetproject.org/ Founder, Locutus http://locut.us/ Personal Homepage http://locut.us/ian/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20030315/25092807/attachment.pgp>
