Weaknesses of Lee-Li-Hwang's hash-based password authentication scheme

1 October 2003

journal article
Published by Association for Computing Machinery (ACM) in ACM SIGOPS Operating Systems Review

Vol. 37 (4), 19-25
https://doi.org/10.1145/958965.958967

Abstract

Many password authentication schemes employ hash functions as their basic building blocks to achieve better efficiency. In 2000, Peyravian and Zunic proposed a hash-based password authentication scheme that is efficient and can be easily implemented. Recently, Lee, Li, and Hwang demonstrated that Peyravian-Zunic's hash-based password authentication scheme is vulnerable to the off-line guessing attack, and then proposed an improved version. In this article, we show that their improved scheme is still vulnerable to the off-line guessing attack, the denial-of-service attack, and the stolen-verifier attack.

Keywords

This publication has 5 references indexed in Scilit:

A remote user authentication scheme using hash functions
ACM SIGOPS Operating Systems Review, 2002
Methods for Protecting Password Transmission
Computers & Security, 2000
Augmented encrypted key exchange
Published by Association for Computing Machinery (ACM) ,1993
The MD5 Message-Digest Algorithm
1992
Password authentication with insecure communication
Communications of the ACM, 1981

Cited by 26 articles