01138nas a2200169 4500000000100000000000100001008004100002260000900043653002800052653003000080100001700110700002000127245006500147300001000212490000700222520073900229 2004 d c200410aPassword Authentication10aPassword Guessing Attacks1 aYa-Fen Chang1 aChin-Chen Chang00aAn Efficient and Practical Remote User Authentication Scheme a75-880 v153 a
In 2000, Peyravian and Zunic proposed a simple and efficient password authentication scheme based on the collision-resistant hash function. Later, Hwang and Yeh indicated that Peyravian and Zunic’s scheme is insecure and proposed an improvement by using the server’s public key. Nevertheless, in practice, services that do not use public keys are quite often superior to PKIs. At the same time, Lee, Li and Hwang indicated that Peyravian and Zunic’s scheme suffers from off-line password guessing attacks and presented an improved version. However, Lee-Li-Hwang’s proposed scheme is still vulnerable to the same attacks and denial-of-service attacks. Therefore, this article presents a secure and efficient improvement.