Paper 2008/400

Comments on two password based protocols

Yalin Chen, Hung-Min Sun, Chun-Hui Huang, and Jue-Sam Chou

Abstract

Recently, M. Hölbl et al. and I. E. Liao et al. each proposed an user authentication protocol. Both claimed that their schemes can withstand password guessing attack. However, T. Xiang et al. pointed out I. E. Liao et al.'s protocol suffers three kinds of attacks, including password guessing attacks. We present an improvement protocol to get rid of password guessing attacks. In this paper, we first point out the security loopholes of M. Hölbl et al.'s protocol and review T. Xiang et al.'s cryptanalysis on I. E. Liao et al.'s protocol. Then, we present the improvements on M. Hölbl et al.'s protocol and I. E. Liao et al.'s protocol, respectively.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Keywords
hash functionsidentification protocolssmart cards
Contact author(s)
d949702 @ oz nthu edu tw
History
2008-09-24: revised
2008-09-24: received
See all versions
Short URL
https://ia.cr/2008/400
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2008/400,
      author = {Yalin Chen and Hung-Min Sun and Chun-Hui Huang and Jue-Sam Chou},
      title = {Comments on two password based protocols},
      howpublished = {Cryptology ePrint Archive, Paper 2008/400},
      year = {2008},
      note = {\url{https://eprint.iacr.org/2008/400}},
      url = {https://eprint.iacr.org/2008/400}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.