eprint.iacr.org will be offline for approximately an hour for routine maintenance at 11pm UTC on Tuesday, April 16. We lost some data between April 12 and April 14, and some authors have been notified that they need to resubmit their papers.

Paper 2009/338

Security weaknesses in two multi-server password based authentication protocols

Jue-Sam Chou, Chun-Hui Huang, and Cheng-Chung Ding

Abstract

In 2004 and 2005, Tsaur et al. proposed a smart card based password authentication schemes for multi-server environments, respectively. They claimed that their protocols are safe and can withstand various kinds of attacks. However, after analysis, we found their schemes each have some secure loopholes. In this article, we will show the security flaws in these two protocols.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Unknown where it was published
Keywords
multi-serverremote password authenticationlsmart cardkey agreement
Contact author(s)
jschou @ mail nhu edu tw
History
2009-07-13: received
Short URL
https://ia.cr/2009/338
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2009/338,
      author = {Jue-Sam Chou and Chun-Hui Huang and Cheng-Chung Ding},
      title = {Security weaknesses in two multi-server password based authentication protocols},
      howpublished = {Cryptology ePrint Archive, Paper 2009/338},
      year = {2009},
      note = {\url{https://eprint.iacr.org/2009/338}},
      url = {https://eprint.iacr.org/2009/338}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.