So say Eve wants to steal my email account, but I know that so I encrypt my password before sending it in a way that only I and the email provider knows how to decrypt. What prevents Eve from just copying all the bytes I send and send them as they are to login?
In: 18
You’re right – this is called a [replay attack](https://en.wikipedia.org/wiki/Replay_attack) and there are ways to protect against it.
One way is to add a random factor. The server sends you a random string, and you add it to the password before encrypting (or simply hashing). The next time Eve tries to login with your username, the server will send her a different random string, so she can’t just use the same bytes that you sent.
Latest Answers