For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Stolen-Verifier Attack on Two New Strong-Password Authentication Protocols
Chien-Ming CHEN Wei-Chi KU
IEICE TRANSACTIONS on Communications
Publication Date: 2002/11/01
Print ISSN: 0916-8516
Type of Manuscript: LETTER
Category: Fundamental Theories
cryptographic hash function, strong-password authentication, stolen-verifier attack, replay attack,
Full Text: PDF(112.2KB)>>
Recently, Lin et al. addressed two weaknesses of a new strong-password authentication scheme, the SAS protocol, and then proposed an improved one called the OSPA (Optimal Strong-Password Authentication) protocol. However, we find that both the OSPA protocol and the SAS protocol are vulnerable to the stolen-verifier attack.