Comment Re:Encryption (Score 1) 220
I'm assuming both client and server then exchange the Auth1 value to know if they can trust the other side: server would check for correct password, client would check for non-MITM server.
The supposed MITM would attempt to offline brute force the Passhash as they now know the inputs to the HMAC, and they know the correct Auth1 value?