Password-based challenge-response

Hello all,

I have this question, hope to get some guidance...

Fora simple password-based challenge-response protocol between a user A
and a server S, where Pa is A's password, n is a random nonce generated
by the server, and h is a known cryptographic hash function.

1. S -> A: E(Pa,n)
2. A -> S: E(Pa,h(n))

How to show that this protocol is vulnerable to an off-line password
guessing attack? and how would the attack take place ?. Under which
circumstances would the vulnerability not be a problem?

any references and views are appreciated-----
thanks again....!merry christmas !!!

re: password

Hi wonder if anyone can help me im using Comodo firewall version 3 and
wonder is there an option to set a password for it as i have recently opened
2 other accounts for my daughter and my son but the problem being they are
able to tamper with settings if they want to hence i want to know if there
is an option to set a password your help is much appreciated cheers.


ps im running win/xp home edition if its of any help.