Single roundtrip authentication

added by DotNetKicks
4/10/2017 9:49:32 AM

1 Kicks, 282 Views

A bad actor can pretend to be a server and fool a client into sending the authentication request using the bad actor's public key, instead of the server. This is done because we don't have trust chains. The result is that the bad actor now has the hash of the password with the public key of the client (which is also known).