IACR News item: 06 February 2013
Dylan Clarke, Feng Hao
ePrint Report
Dragonfly is a password authenticated key exchange protocol that has been submitted to the Internet Engineering Task Force as a candidate standard for general internet use. We analyzed the security of this protocol and devised an attack that is capable of extracting both the session key and password from an honest party. This attack was then implemented and experiments were performed to determine the time-scale required to successfully complete the attack.
Additional news items may be found on the IACR news page.