Re: Exchanging simmetric key

<gino.fagiolino@xxxxxxxx> wrote:

I guess there are two possibilities for why you are playing with this
protocol. The first is that you are actually going to use it, in which
case the answer is: "Don't, use SSL." If you actually want to use this
protocol and you don't want to use SSL, then I can't help you.

The second possibility is that you are playing with it for fun or for
learning, in which case I've tried to give you a couple of hints for
what you should look at (replay attacks, offline password guessing)
as well as what seems odd (the client sends some data to the server and
the server sends the same data back to the client, why?).

Kristian Gjøsteen