On Tue, 28 Dec 2004, Leonard Isham wrote:
With normal cryptography where you have access to both the chipertext and
plaintext you can easily do an off-line brute-force attack, but as I have
understood it, with a properly designed password authentication protocol,
it is not possible to sniff the traffic and do an off-line brute-force
attack on this data, is this correct?
I've been reading up on this matter, and found this internet draft
describing diffrent authentication mechanisms pretty interesting. Maybe
someone else is interested...
Openvpn-users mailing list