YouTube

Got a YouTube account?

New: enable viewer-created translations and captions on your YouTube channel!

English subtitles

← 05-07 Eke Authentication Solution

Get Embed Code
1 Language

Showing Revision 1 created 06/29/2012 by Amara Bot.

  1. The answer is actually no.
  2. We haven't done enough yet to provide authentication.
  3. And as I've described it, it's not the full EKE protocol.
  4. The reason that it's not is the way to authenticate
  5. depends on proving that you have the same key.
  6. To authenticate, what Alice needs to prove to the server
  7. is that it knows the password, p, and the server needs to prove to Alice
  8. that it knows that password, p.
  9. Our assumption is that the password is shared between the client and the server--
  10. in this case, Alice and the server--
  11. and the way to authenticate is to prove knowledge of that password.
  12. In this case, that's not done--that we've just established a key.
  13. That doesn't prove anything.
  14. This message could have been anything.
  15. The fact that Alice can decrypt it using the password
  16. doesn't prove that Bob knew the password.
  17. To do that, we need to add an extra challenge to this.