Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Password authentication with insecure communication
Communications of the ACM
A remote user authentication scheme using hash functions
ACM SIGOPS Operating Systems Review
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
A secure user authentication scheme using hash functions
ACM SIGOPS Operating Systems Review
Weaknesses of Yoon-Ryu-Yoo's hash-based password authentication scheme
ACM SIGOPS Operating Systems Review
Provably secure password-authenticated key exchange using Diffie-Hellman
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
| Hi-index | 0.00 |
Recently, Jeong-Won-Kim proposed a hash-based strong-password authentication protocol and claimed that the protocol is secure against guessing attack, stolen-verifier attack, replay attack, and impersonation attack. However, we show that their protocol has two vulnerabilities, password guessing attack and authentication answer guessing attack. Furthermore, we present a secure hash-based password authentication protocol using smartcards to cope with the vulnerabilities. Security analysis shows that our protocol provides better security properties than the other related authentication protocols with the similar computational complexity with others.