B' is bad guy who can intercept all messages bound for B.
B' does NOT know any secrets.

A sends N_a to B and alas also to B' (conversation 1)

B' again impersonating B starts a new conversation with A, and sends N_a (where now supposedly N_a is the new nonce made up by B) (Conversation 2

In conversation 2 now A sends back {N_a, N'_a}k_ab.

Now in conversation 1, B' can send the
{N_a, N'_a}k_ab it just received, and B' has duped A into the believe that B' is in fact B.

Look Ma, no hands! I.e., B' never had the secret K_ab

-- Main.sloan - 02 Apr 2010

