Consider the SSH protocol in Figure 10.1. One variant of the protocol allows us to replace Alice's certificate, certificate^, with Alice's password, password^. Then we must also remove SA from the final message. This modification yields a version of SSH where Alice is authenticated based on a password.
a. What does Bob need to know so that he can authenticate Alice?
b. Based on Problem 1, part b, we see that Trudy, as an active attacker, can establish a shared symmetric key K with Alice. Assuming this is the case, can Trudy then use K to determine Alice's password?
c. What are the significant advantages and disadvantages of this version of SSH, as compared to the version in Figure 10.1, which is based on certificates?
Already registered? Login
Not Account? Sign up
Enter your email address to reset your password
Back to Login? Click here