Guess what? Here is a new tool that finds some new guessing attacks (Extended Abstract)

R.J. Corin, Sreekanth Malladi, Jim Alves-Foss, Sandro Etalle

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    122 Downloads (Pure)


    If a protocol is implemented using a poor password, then the password can be guessed and verified from the messages in the protocol run. This is termed as a guessing attack. Published design and analysis efforts always lacked a general definition for guessing attacks. Further, they never considered possible type-flaws in the protocol runs or using messages from other protocols. In this paper, we provide a simple and general definition for guessing attacks. We explain how we implemented our definition in a tool based on constraint solving. Finally, we demonstrate some new guessing attacks that use type-flaws and multiple protocols which we found using our tool.
    Original languageUndefined
    Title of host publicationIFIP WG 1.7 and ACM SIGPLAN Workshop on Issues in the Theory of Security (WITS)
    EditorsR. Gorrieri, R. Lucchi
    Place of PublicationItaly
    PublisherUniversity of Bologna
    Number of pages10
    ISBN (Print)not assigned
    Publication statusPublished - Apr 2003
    EventWorkshop on Issues in the Theory of Security 2003 - Warsaw, Poland, Warsaw, Poland
    Duration: 5 Apr 20036 Apr 2003

    Publication series

    PublisherDpt. di Scienze dell'Informazione Universita di Bologna


    ConferenceWorkshop on Issues in the Theory of Security 2003
    Abbreviated titleWITS 2003
    Internet address


    • EWI-821
    • SCS-Cybersecurity
    • METIS-214055
    • IR-41375

    Cite this