[cryptography] Reflection Attacks in Challenge/Response Protocols

Jeffrey Walton noloader at gmail.com
Sat Aug 24 03:32:55 EDT 2013

Hi All,

When a symmetric key based challenge response is used, an attacker can
perform a reflection attack by starting a second instance of a
protocol and having the server answer its own questions.

To guard against the attack, is it sufficient to ensure all challenges
sent from server to client are equal to 1 mod 2; and all client to
server challenges are equal to 0 mod 2? Is it enough to break the


More information about the cryptography mailing list