HackerTrans
トップ新着トレンドコメント過去質問紹介求人

grempe

no profile record

コメント

grempe
·昨年·議論
Isn't the authentication unidirectional? Alice can confirm its Bob, or Bob can confirm its Alice, but they can't both be sure they are talking to the real person.

"Malice" could ask Bob for his code, and lie about it matching (or maybe Malice has no code at all and is pretending to match), lulling Bob into thinking that authentication was successful based on taking Malice's word for it.

Seems like you would need two codes for mutual authentication. One for Alice to Bob, and one for Bob to Alice.