Weaknesses of Lee-Li-Hwang's hash-based password authentication scheme-Reference-Cited by-同舟云学术

Weaknesses of Lee-Li-Hwang's hash-based password authentication scheme

Published:2003-10 Issue:4 Volume:37 Page:19-25
ISSN:0163-5980
Container-title:ACM SIGOPS Operating Systems Review
language:en
Short-container-title:SIGOPS Oper. Syst. Rev.

Author:

Ku Wei-Chi¹,Chen Chien-Ming¹,Lee Hui-Lung¹

Affiliation:

1. Fu Jen Catholic University, Hsinchuang, Taipei County, Taiwan, R.O.C.

Abstract

Many password authentication schemes employ hash functions as their basic building blocks to achieve better efficiency. In 2000, Peyravian and Zunic proposed a hash-based password authentication scheme that is efficient and can be easily implemented. Recently, Lee, Li, and Hwang demonstrated that Peyravian-Zunic's hash-based password authentication scheme is vulnerable to the off-line guessing attack, and then proposed an improved version. In this article, we show that their improved scheme is still vulnerable to the off-line guessing attack, the denial-of-service attack, and the stolen-verifier attack.

Publisher

Association for Computing Machinery (ACM)

Link

https://dl.acm.org/doi/pdf/10.1145/958965.958967

Reference19 articles.

1. S. Bellovin and M. Merritt "Augmented encrypted key exchange: A password-based protocol secure against dictionary attacks and password-file compromise " in ACM Conference on Computer and Communications security pp. 244--250 1993.]] 10.1145/168588.168618 S. Bellovin and M. Merritt "Augmented encrypted key exchange: A password-based protocol secure against dictionary attacks and password-file compromise " in ACM Conference on Computer and Communications security pp. 244--250 1993.]] 10.1145/168588.168618

2. Stolen-verifier attack on two new strong-password authentication protocols;Chen C. M.;IEICE Transactions on Communications,2002

3. A one-time password system;Haller N. M.;RFC,1994

4. Improvement on Peyravian-Zunic's password authentication schemes;Hwang J. J.;IEICE Transactions on Communications,2002

Cited by 22 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Engagement of the e-commerce industry in the US, according to Twitter in the period of the COVID-19 pandemic;Heliyon;2023-07

2. On the Security of a Three Factor Remote User Authentication Scheme Using Fuzzy Extractor;Recent Advances in Intelligent Information Hiding and Multimedia Signal Processing;2018-11-11

3. Cryptanalysis and improvement of a biometrics-based authentication and key agreement scheme for multi-server environments;PLOS ONE;2018-03-13

4. Design of Mutually Authenticated Key Agreement Protocol Resistant to Impersonation Attacks for Multi-Server Environment;IEEE Access;2017

5. A Three-Party Password Authenticated Key Exchange Protocol Resistant to Stolen Smart Card Attacks;Advances in Intelligent Information Hiding and Multimedia Signal Processing;2016-11-22