Weaknesses of Lee-Li-Hwang's hash-based password authentication scheme
- 1 October 2003
- journal article
- Published by Association for Computing Machinery (ACM) in ACM SIGOPS Operating Systems Review
- Vol. 37 (4), 19-25
- https://doi.org/10.1145/958965.958967
Abstract
Many password authentication schemes employ hash functions as their basic building blocks to achieve better efficiency. In 2000, Peyravian and Zunic proposed a hash-based password authentication scheme that is efficient and can be easily implemented. Recently, Lee, Li, and Hwang demonstrated that Peyravian-Zunic's hash-based password authentication scheme is vulnerable to the off-line guessing attack, and then proposed an improved version. In this article, we show that their improved scheme is still vulnerable to the off-line guessing attack, the denial-of-service attack, and the stolen-verifier attack.Keywords
This publication has 5 references indexed in Scilit:
- A remote user authentication scheme using hash functionsACM SIGOPS Operating Systems Review, 2002
- Methods for Protecting Password TransmissionComputers & Security, 2000
- Augmented encrypted key exchangePublished by Association for Computing Machinery (ACM) ,1993
- The MD5 Message-Digest Algorithm1992
- Password authentication with insecure communicationCommunications of the ACM, 1981