Security in Computer Networks

8.3.3 Authentication Protocol ap3.0
Home | Introduction | 8.1 What Is Network Security? | 8.2 Principles of Cryptography | 8.3 Authentication | 8.4 Integrity | 8.5 Key Distribution and Certification | 8.6 Access Control: Firewalls | 8.7 Attacks and Countermeasures | 8.8 Security in Many Layers: Case Studies

One classic approach to authentication is to use a secret password.  We have PINs to identify ourselves to automatic teller machines and login passwords for operating systems.  The password is a shared secret between the authenticatior and the person being authenticated. 
 
Since passwords are so widely used, we might suspect that protocol ap3.0 is fairly secure.  The security flaw here is clear.  If you eavesdrops on someones communication, then you can learn their password.  Someone connected to the Telnet client or server's LAN can possibly sniff all packets transmitted on the LAN and thus steal the login password.  This is a well-known approach for stealing passwords.

kurose_320719_c08f09.gif