In 2000, Peyravian and Zunic proposed a simple and efficient password authentication scheme based on the collision-resistant hash function. Later, Hwang and Yeh indicated that Peyravian and Zunic’s scheme is insecure and proposed an improvement by using the server’s public key. Nevertheless, in practice, services that do not use public keys are quite often superior to PKIs. At the same time, Lee, Li and Hwang indicated that Peyravian and Zunic’s scheme suffers from off-line password guessing attacks and presented an improved version. However, Lee-Li-Hwang’s proposed scheme is still vulnerable to the same attacks and denial-of-service attacks. Therefore, this article presents a secure and efficient improvement.
BT - Information & Security: An International Journal DA - 2004 DO - http://dx.doi.org/10.11610/isij.1505 IS - 1 LA - eng N2 -In 2000, Peyravian and Zunic proposed a simple and efficient password authentication scheme based on the collision-resistant hash function. Later, Hwang and Yeh indicated that Peyravian and Zunic’s scheme is insecure and proposed an improvement by using the server’s public key. Nevertheless, in practice, services that do not use public keys are quite often superior to PKIs. At the same time, Lee, Li and Hwang indicated that Peyravian and Zunic’s scheme suffers from off-line password guessing attacks and presented an improved version. However, Lee-Li-Hwang’s proposed scheme is still vulnerable to the same attacks and denial-of-service attacks. Therefore, this article presents a secure and efficient improvement.
PY - 2004 SP - 75 EP - 88 T2 - Information & Security: An International Journal TI - An Efficient and Practical Remote User Authentication Scheme VL - 15 ER -