Security of Improvement on Methods for Protecting Password Transmission

Authors:
Chou-Chen Yang;Ting-Yi Chang;Min-Shiang Hwang
Affiliations:
Department of Management Information System, National Chung Hsing University, 250 Kuo Kuang Road, 402 Taichung, Taiwan, R.O.C.;Department of Computer and Information Science, National Chiao Tung University, 1001 Ta Hsueh Road, Hsinchu, Taiwan, R.O.C.;Department of Management Information System, National Chung Hsing University, 250 Kuo Kuang Road, 402 Taichung, Taiwan, R.O.C., e-mail: mshwang@nchu.edu.tw
Venue:
Informatica
Year:
2003

Citing 7
Cited 4

Password authentication without using a password table

Information Processing Letters
Undetectable on-line password guessing attacks

ACM SIGOPS Operating Systems Review
Strong password-only authenticated key exchange

ACM SIGCOMM Computer Communication Review
A method for obtaining digital signatures and public-key cryptosystems

Communications of the ACM
A flexible remote user authentication scheme using smart cards
An ElGamal-Like Cryptosystem for Enciphering Large Messages

IEEE Transactions on Knowledge and Data Engineering
A remote password authentication scheme for multiserver architecture using neural networks

IEEE Transactions on Neural Networks

A new method for using hash functions to solve remote user authentication

Computers and Electrical Engineering
Weaknesses and Improvements of Yang-Chang-Hwang's Password Authentication Scheme

Informatica
Attacks and Solutions of Yang et al.'s Protected Password Changing Scheme

Informatica
A communication-efficient three-party password authenticated key exchange protocol

Information Sciences: an International Journal

Quantified Score

Hi-index	0.00

Visualization

Abstract

Recently, Tseng et al. proposed an improvement on Peyravian and Zunic's protected password transmission scheme and protected changing scheme to remove some security flaws. However, as we will point out in this paper, any adversary can intercept the request for changing the password sent by a legal user and modify it with a wrong password. Furthermore, we shall also propose an improved version of their protected password changing scheme to help it out of the trouble.