PAK: Password-Authenticated Key Exchange for iSCSI
Lucent Technologies
This draft describes a password-authenticated key exchange protocol called PAK [PAK,PAK-Orig] that is secure against both a passive eavesdropper and an active attacker, i.e., one who may insert, block, or modify messages sent over a network. In particular, it does not allow either type of attacker to obtain any information that would enable an off-line dictionary attack on the password. We discuss how this password-authenticated key exchange protocol may be used with iSCSI [iSCSI].