A Simple Procedure for Finding Guessing Attacks

Security protocols that use weak passwords (e.g. human chosen) can be subject to guessing attacks [GLMS93]. Guessing attacks exist in two flavours: online and offline. In online guessing attacks the intruder is allowed to generate fake messages and to supply them to the honest agents, for instance for checking whether a certain guess is correct. In offline guessing attacks, on the other hand, the intruder first gathers some knowledge K from the protocol execution, and then proceeds offline to perform a password search.
∙:∙ If you have trouble viewing this document, please click the link below!
A Simple Procedure for Finding Guessing Attacks