Start with the fact that both parties have already agreed on a password.
In the first part of the protocol, both parties generate a random number and use some neat mathematical data related to this and a password to agree on a randomized shared secret. This is done so that every time (despite the fact that the password is the same), no one listens to the wire, cannot determine the shared secret, and it only works if both parties know the password. (The math applied is based on the discrete logarithm problem, closely related to Diffie-Hellman.)
Then the parties continue to prove to each other that they both agree with the same shared secret (that is, they both know the password), again without revealing it to anyone who is listening. This requires more (different) neat mathematicians.
If both parties are satisfied that they have the same shared secret, they can then extract session keys from it and start communication of their choice of encryption.
crazyscot
source share