We investigate protocols for athenticaged exchange of messages between two parties in communication network. Secure authenticated exchange is essential for network security. It is not difficult to design sirop!e and seemingly correct solutions for its however, roany such Csolutions' can be broken. We give some examples of such protocols tnd we show a useful methodology which cn be used to break many protocols. In particuhr, we brek a protocol that is being standardized by the I$O. We present a new authenticated exchange protocol which is both p'o,abll nd highii ici ad practica/. The security of the protocol is proven, bed on tn sumption about the the cryptosystero employed (nnely, that it is secure when used in CBC mode on a certain message spce). We think that this tssumption is quite retsonabte for mny cryptosystems, tnd furthermore it is often ssuroed in pr&ctical use of the DES cryptosystem. Our protocol cnnot be broken using the methodology we present (which w strong enough to catch tit protocol we found). The reduction to the security of the encryption mode, indeed ctptures the non-existence of the exposures thtt the methodology catches (specitli=ed to the actual use of encryption in our protocol). Furthermore, the protocol prevents chosen plaintext or ciphertext attacks on the cryptosystem. The proposed protocol is efficient ad practical in senertl spects. First, it uses only conventional cryptosrtphy (tike the DES, or ny printrely-shared one-wry function) and no public-key.,Second, the protocol does not require synchronized clocks or counter mnaement. Third, only a srodl number of encryption operations is needed (we use no decryption), tll with a sinsis shared Iey. In idition, only three messMss tre exchased durin$ the protocol, nd the size of these roesaes is r...