How to Expose an Eavesdropper (1984)

Neat concept! This protocol appears to be a response to weaknesses in DH key exchange, which I understand to already be thoroughly broken. Can someone with more expertise perhaps explain if my understanding is correct, and whether this interlock technique is applicable or has been adopted anywhere?

For anyone interested in this, it&#x27;s worth also taking a look at a related follow-up paper discussing a weakness in the use of the interlock technique for authentication [0]. I recognised the title here and recalled reading this paper some time ago.<p>[0] Bellovin, Steven M., and Michael Merritt. &quot;An attack on the interlock protocol when used for authentication.&quot; IEEE Transactions on Information Theory 40.1 (1994): 273-275.<p>PDF at <a href="http:&#x2F;&#x2F;citeseerx.ist.psu.edu&#x2F;viewdoc&#x2F;download?doi=10.1.1.112.1529&amp;rep=rep1&amp;type=pdf" rel="nofollow">http:&#x2F;&#x2F;citeseerx.ist.psu.edu&#x2F;viewdoc&#x2F;download?doi=10.1.1.112...</a><p>From the abstract,<p>&gt; [...] We demonstrate that an active attacker can, at the cost of a timeout alarm, bypass the password exchange, and capture the passwords used. Furthermore, if the attack is from a terminal or workstation attempting to contact a computer, the attacker will have access before any alarm can be sounded.

Link to a regular PDF: <a href="https:&#x2F;&#x2F;people.csail.mit.edu&#x2F;rivest&#x2F;RivestShamir-HowToExposeAnEavesdropper.pdf" rel="nofollow">https:&#x2F;&#x2F;people.csail.mit.edu&#x2F;rivest&#x2F;RivestShamir-HowToExpose...</a>