Security of the IM2000 session authentication mechanisms

Brute force attacks against authentication

Authentication transactions in the IM2000 protocols are designed to prevent leakage of information in the event of an authentication failure. The client is not informed of the exact reason for the authentication failure, preventing attacks whereby clients can guess account names without having to supply passwords.

Servers may employ mechanisms that

© Copyright 2004-2004 Jonathan de Boyne Pollard. All rights reserved. "Moral" rights asserted.
Permission is hereby granted to copy and to distribute this web page in its original, unmodified form as long as its last modification datestamp information is preserved.