This article is rated C-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||||||||||||||||
|
Delay attacks
editThere are many protocols where Mallory can do great damage if he can simply delay a message. If Mallory can for example delay the message 'open the door' until Alice has gone away, he can gain unauthorized access. I've included this delay attack in our definition of replay attacks, because defending against it implies defending against other replay attacks and the analysis is quite similar. -- Nroets 28 June 2005 08:52 (UTC)
Session Token vs. Nonce
editThe article does not really make clear the difference between a session token and a nonce, although it claims that they are handled differently. Actually, the authentication procedure described for session tokens is almost the same that is shown in the picture in the nonce article, the pic just adds a client nonce.
So why would a nonce need to be protected by a MAC, but not a token?
(In my mind, a session token is just a special application of the more general concept of a nonce.) —Preceding unsigned comment added by 84.177.187.77 (talk) 00:49, 14 January 2010 (UTC)
- It appears that the article was written on the basis that a nonce can be guessed by an attacker beforehand. If the attacker can pose as Bob and get Alice to use a nonce that he guessed, he can use the reply from Alice in a later exchange with Bob.
- A session token should contain sufficient randomness as to prevent this attack. -- Nic Roets (talk) 19:19, 4 January 2014 (UTC)
Unclear 'General countermeasure for all replay attacks'
editThis section (and possibly others) needs to be rewritten, as it is not understandable as is. For example, it does not become clear what the significance of 'interdependence' is. — Preceding unsigned comment added by 130.233.97.85 (talk • contribs) 03:29, 31 July 2019 (UTC)
This is an Eve?
editThe attac is active, therefore it's a Mallory. Polluks ★ 13:33, 13 March 2023 (UTC)