Talk:Needham–Schroeder protocol

Cryptography: Computer science Mid‑importance

	This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.CryptographyWikipedia:WikiProject CryptographyTemplate:WikiProject CryptographyCryptography articles
Mid	This article has been rated as Mid-importance on the importance scale.
	This article is supported by WikiProject Computer science (assessed as Mid-importance).

Computing Mid‑importance

	This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles
Mid	This article has been rated as Mid-importance on the project's importance scale.

What about this "other Needham-Schroeder protocol" edit

Latest comment: 17 years ago2 comments2 people in discussion

Look at sec. 10.2 http://www.daimi.au.dk/~ivan/dSik/dSikw4.pdf, material for a course on security on Aarhus University, Denmark, written by Ivan Damgård. It describes another protocol suggested by Needham and Schroeder, which assumes that both users have a public key for the other, does not involve a server and is indeed insecure. And aparently the two concepts were both developed in 1978. How do these relate?

Velle 13:53, 27 August 2006 (UTC)Reply

Good point. There are two different protocols suggested in the same paper. I've written them both up here - arguably the entry could be split in two, if you can be bothered with the resulting disambiguation page.

--IanHarvey 12:13, 8 September 2006 (UTC)Reply

"Needham-Schroeder Symmetric Key Protocol, also known as the Needham-Schroeder Symmetric Key Protocol," That sentence seems a bit redundant. I would assume the "x" is also known as "x". :)

Fixing the attack seems to be imprecise for the symmetric protocol edit

Latest comment: 8 years ago1 comment1 person in discussion

I read the paper in the ref^[1], and after what I understood, it seems that the explanation in the paper and in the wikipedia article are not the same. Something like this seems to be more correct to me: The inclusion of this new nonce prevents the replaying of a compromised version of $\{K_{AB},A,\mathbf {N_{B}'} \}_{K_{BS}}$ , because the nonce $\mathbf {N_{B}'}$ is maintained by B, and accept it at most once before $B\rightarrow A:\{N_{B}\}_{K_{AB}}$ .

Could someone look into this?

I think you are right. You can change the description. Alexei Kopylov (talk) 09:22, 9 October 2015 (UTC)Reply

Asymmetric protocol complexity edit

Latest comment: 6 years ago1 comment1 person in discussion

Seems to me that any available public-key scheme can be used for both signing and encryption, thus the asymmetric protocol is unnecessarily complex.

smurfix (talk) 13:25, 28 March 2018 (UTC)Reply

^ Needham, R. M.; Schroeder, M. D. (1987). "Authentication revisited". ACM SIGOPS Operating Systems Review. 21 (1): 7. doi:10.1145/24592.24593.

Add topic

[1] Needham, R. M.; Schroeder, M. D. (1987). "Authentication revisited". ACM SIGOPS Operating Systems Review. 21 (1): 7. doi:10.1145/24592.24593.

[1]