There is a problem with the authentication. Bob isn't sure he is talking to Alice at all. Anybody can record the first message that Alice sends and then later send it to Bob. Bob thinks the message comes from Alice (after all, the authentication checked), and finishes the protocol, thinking he shares a key k with Alice. The attacker doesn't learn k, as he doesn't know x, and without k the attacker cannot break into the rest of the system that uses k. But Bob's logs will show a completed authenticated protocol with Alice, and that is a problem by itself, as it provides erroneous information to investigating administrators. Bob's problem is called a lack of "liveness." He isn't sure that Alice is "alive," and that he's not talking to a replaying ghost. The traditional way to solve this is to make sure that Alice 's authenticator covers a random element chosen by Bob.

Give a concrete example where providing erroneous information to investigating administrators could be a problem.