4 Mar
2005
4 Mar
'05
3:56 a.m.
The description has virtually nothing to do with the actual algorithm proposed. Follow the link in the article - http://www.stealth-attacks.info/ - for an actual - if informal - description.
There is no actual description publically available (there are three completely different protocols described in the press). I talked to the author about this; he sent me a fourth, somewhat reasonable document. At *best*, this is something akin to SRP with the server constantly proving its true nature with every character (yes, shoulder surfers get to attack keys one at a time). It could get pretty bad though, so rather than support it or bash it, I'd just reserve judgement until it's publically documented at Financial Crypto. --Dan