Security in Computer Networks

8.3.4 Authentication Protocol ap3.1
Home | Introduction | 8.1 What Is Network Security? | 8.2 Principles of Cryptography | 8.3 Authentication | 8.4 Integrity | 8.5 Key Distribution and Certification | 8.6 Access Control: Firewalls | 8.7 Attacks and Countermeasures | 8.8 Security in Many Layers: Case Studies

Our next idea for fixing ap3.0 is naturally to encrypt the password.  By encrypting the password, we can prevent someone from learning your password.  If we assume people share a symmetric secret key, KA-B, then you can encrypt the password and send your identification message and your encrypted password to others.  They then decrypts the password and, assuming the password is correct, authenticates you.
 
While it is true that ap3.1 prevents others from learning your password, the use of cryptography here does not solve the authentication problem.  Your receiver is subject to a playback attack.
 
The use of an encrypted password in ap3.1 doesn't make the situation manifestly different from that of protocol ap3.0.