8Tem
benefits of a common session key over a common password
Password-authenticated key exchange (PAKE) is a method in which two or more parties, based on their knowledge of a shared password, establish a cryptographic key using an exchange of messages, such that an unauthorized party (one who controls the communication channel but does not possess the password) cannot participate in the method and is constrained as much as possible from brute-force guessing the password.
Could someone please explain why the parties want to establish a common session key, why is knowing a common password not enough?
