The table below shows the authentication protocol, wherein pwd is Albert's password and K is a key derived from pwd. Can an attacker that can eavesdrop messages (but not intercept or spoof messages) obtain pwd by off-line password guessing? If you answer no, explain briefly. If you answer yes, describe the attack.

Albert (has pwd)	Bob (has K)
send [conn] to Bob
	generate random challenge Ram send [Ram]
compute K from pwd compute A encrypt(Ram) with key K send [A] to Bob
	compute B decrypt(A) with key K if B = Ram then Albert is authenticated