How do you obtain perfect forward secrecy

How do you obtain perfect forward secrecy if i have the followings?
Right now if the attacker is able to obtain the password which is 6 characters.


A -> B: EH(PW)(NA)
B -> A: E H(PW)(NB)
(Protocol used)

Host (Alice):
extract Password(PW) (e.g. 123456) from PW file
H(PW) hash the PW using SHA-1 (160 bits)
generate NA (160-bit)
encrypt NA using H(PW) as key using RC4
send EH(PW)(NA) to Client (Bob)

receive EH(PW)(NB) from Bob
decrypt EH(PW)(NB) using H(PW), get NB

compute NA||NB
compute K = H(NA||NB) hash using SHA-1


Step 2:

get M from user input
compute K||M||K
compute h = Hash(K||M||K) using SHA-1
compute M||h
encrypt (M||h) using K (RC4)
send C = EK(M||h) to Bob

Client (Bob):
decrypt C using K, obtain M||h using RC4
split M and H
compute h' = Hash(K||M||K)
checks h = h' if True Bob accepts M, else Bob rejects ciphertext
Last edited on
Topic archived. No new replies allowed.