Stolen-Verifier Attack on Two New Strong-Password Authentication Protocols

Chien-Ming CHEN  Wei-Chi KU  

Publication
IEICE TRANSACTIONS on Communications   Vol.E85-B   No.11   pp.2519-2521
Publication Date: 2002/11/01
Online ISSN: 
DOI: 
Print ISSN: 0916-8516
Type of Manuscript: LETTER
Category: Fundamental Theories
Keyword: 
cryptographic hash function,  strong-password authentication,  stolen-verifier attack,  replay attack,  

Full Text: PDF(112.2KB)>>
Buy this Article




Summary: 
Recently, Lin et al. addressed two weaknesses of a new strong-password authentication scheme, the SAS protocol, and then proposed an improved one called the OSPA (Optimal Strong-Password Authentication) protocol. However, we find that both the OSPA protocol and the SAS protocol are vulnerable to the stolen-verifier attack.