A password-based method is described which modifies the Diffie-Hellman key
agreement protocol to provide user authentication. It is simpler than previ
ously published schemes, prevents the man-in-the-middle attack and requires
only two packets to agree on the secret session key. An optional exchange
of two more packets allows the key agreement to be verified.