论文信息 - Cryptanalysis of a user authentication scheme using hash functions

Cryptanalysis of a user authentication scheme using hash functions

Recently, Lee et al. proposed an improved scheme, called LLH scheme, to solve a security problem of guessing attack in the Peyravian-Zunic password scheme. The scheme comprises a password authentication protocol and a password change protocol. However, we discuss that the LLH scheme has several security problems: the scheme is still vulnerable to the guessing attack; the scheme cannot also prevent the stolen-verifier attack; the password change protocol in scheme is vulnerable to a denial of service attack.

Kee-Young Yoo | Sung-Woon Lee | Hyun-Sung Kim

[1] Min-Shiang Hwang. A remote password authentication scheme based on the digital signature method , 1999, Int. J. Comput. Math..

[2] Min-Shiang Hwang,et al. A new remote user authentication scheme using smart cards , 2000, IEEE Trans. Consumer Electron..

[3] Chin-Chen Chang,et al. Using smart cards to authenticate remote passwords , 1993 .

[4] Cheng-Chi Lee,et al. A remote user authentication scheme using hash functions , 2002, OPSR.

[5] Min-Shiang Hwang,et al. Cryptanalysis of a remote login authentication scheme , 1999, Comput. Commun..

[6] Nevenko Zunic,et al. Methods for Protecting Password Transmission , 2000, Comput. Secur..

[7] Cheng-Chi Lee,et al. A flexible remote user authentication scheme using smart cards , 2002, OPSR.

[8] Wen-Yuan Liao,et al. A remote password authentication scheme based upon ElGamal's signature scheme , 1994, Comput. Secur..