Secure RPC uses the Diffie-Hellman key generation method. Under this method, each user has a private/public key pair. A secret key, to be shared between the two users, is generated independently by each user. The key is generated by each user applying his own private key (known only to the owner) and the other user's public key. Fifty-six bits of this key are extracted and used as a DES key.
To perform a dictionary attack to decrypt the private key which is based on a user's password, the spoofer would have to send a request to a server to generate the session key and compare what the intruder generated with what the server generated. Hopefully, robust logging and monitoring procedures would not permit multiple failures from the many tries that this type of attack would produce.