• Title/Summary/Keyword: Undetectable On-line Password Guessing Attack

Search Result 2, Processing Time 0.018 seconds

Security Improvement to a Remote User Authentication Scheme for Multi-Server Environment (Multi-Server 환경에서의 사용자 인증 스킴의 안전성 향상)

  • Lee, Young Sook;Kim, Jee Yeon;Won, Dong Ho
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.7 no.4
    • /
    • pp.23-30
    • /
    • 2011
  • Recently, Tsai proposed a remote user authentication scheme suited for multi-server environments, in which users can be authenticated using a single password shared with the registration center. Our analysis shows that Tsai et al's scheme does not achieve its fundamental goal of password security. We demonstrate this by mounting an undetectable on-line password guessing attack on Tsai et al.'s scheme.

Cryptanalysis on Lu-Cao's Key Exchange Protocol (Lu-Cao 패스워드기반 키 교환 프로토콜의 안전성 분석)

  • Youn, Taek-Young;Cho, Sung-Min;Park, Young-Ho
    • 한국정보통신설비학회:학술대회논문집
    • /
    • 2008.08a
    • /
    • pp.163-165
    • /
    • 2008
  • Recently, Lu and Cao proposed a password-authenticated key exchange protocol in the three party setting, and the authors claimed that their protocol works within three rounds. In this paper, we analyze the protocol and show the protocol cannot work within three rounds. We also find two security flaws in the protocol. The protocol is vulnerable to an undetectable password guessing attack and an off-line password guessing attack.

  • PDF