Handbook of Applied Cryptography
Handbook of Applied Cryptography
Securing passwords against dictionary attacks
Proceedings of the 9th ACM conference on Computer and communications security
Secure remote user access over insecure networks
Computer Communications
New directions in cryptography
IEEE Transactions on Information Theory
Protecting poorly chosen secrets from guessing attacks
IEEE Journal on Selected Areas in Communications
Security flaw of Hölbl et al.'s protocol
Computer Communications
Improvement of Hölbl et al. user authentication protocol and password change protocol
Proceedings of the 11th International Conference on Information Integration and Web-based Applications & Services
| Hi-index | 0.24 |
Recently, Peyravian and Jeffries [M. Peyravian, C. Jeffries, Secure remote user access over insecure networks, Computer Communications 29 (2006) 660-667] have proposed two set of protocols to perform remote user authentication and password change in a secure manner. The first set of protocols is based on hash functions, where no symmetric or asymmetric encryption scheme is applied. As Peyravian and Jeffries claim, these protocols suffer from an off-line password-guessing attack. They propose a second set of protocols based on Diffie-Hellman key agreement scheme to overcome the mentioned weakness. However, we show in this paper that this second set of protocols suffers also from the off-line password-guessing attack when a server impersonation attack is performed.