ملخص: In this letter, we show that for the SPEKE password-authenticated key exchange protocol, an adversary is able to test multiple possible passwords using a single impersonation attempt. In particular, when passwords are short Personal Identification Numbers (PINs), we show that a fully-constrained SPEKE is susceptible to password guessing attack. Our analysis contradicts the claim that the SPEKE protocol appears to be at least as strong as the Bellovin-Merritt EKE protocol. For EKE, an adversary can gain information about at most one possible password in each impersonation attempt.

لغة: إنجليزية