Handbook of Applied Cryptography
Handbook of Applied Cryptography
Securing passwords against dictionary attacks
Proceedings of the 9th ACM conference on Computer and communications security
CompChall: Addressing Password Guessing Attacks
ITCC '05 Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume I - Volume 01
Off-line password-guessing attack to Peyravian-Jeffries's remote user authentication protocol
Computer Communications
Security flaws of remote user access over insecure networks
Computer Communications
Secure remote user access over insecure networks
Computer Communications
New directions in cryptography
IEEE Transactions on Information Theory
Protecting poorly chosen secrets from guessing attacks
IEEE Journal on Selected Areas in Communications
Hi-index | 0.24 |
Recently, Holbl et al. [M. Holbl, T. Welzer, B. Brumen, Improvement of the Peyravian-Jeffries's user authentication protocol and password change protocol, Computer Communications 31 (2008) 1945-1951] have proposed an improvement of Peyravian-Jeffries's user authentication protocol and password change protocol [M. Peyravian, C. Jeffries, Secure remote user access over insecure networks, Computer Communications 29 (5-6) (2006) 660-667]. Peyravian-Jeffries's scheme suffers from an active off-line password-guessing attack [J. Munilla, A. Peinado, Off-line password-guessing attack to Peyravian-Jeffries's remote user authentication protocol, Computer Communications 30 (1) (2006) 52-54], and Holbl et al. state that their improved protocol overcomes this weakness. However, we show in this paper that although this proposed protocol prevents this active attack, it remains vulnerable to a passive (simpler) off-line password-guessing attack.