Weaknesses of Lee-Li-Hwang's hash-based password authentication scheme

Operating Systems Review (ACM)

Volumn 37, Issue 4, 2003, Pages 19-25

  Ku, Wei Chi ^a   Chen, Chien Ming ^a   Lee, Hui Lung ^a  

^a FU JEN CATHOLIC UNIVERSITY   (Taiwan)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER ARCHITECTURE; COMPUTER PROGRAMMING; CRYPTOGRAPHY; MATHEMATICAL MODELS; OPTIMIZATION; PUBLIC POLICY; SECURITY OF DATA;

DENIAL-OF-SERVICES ATTACK; GUESSING ATTACK; HASH FUNCTION; PASSWORD AUTHENTICATION; STOLEN-VERIFIER ATTACK;

COMPUTER OPERATING SYSTEMS;

EID: 7644232640     PISSN: 01635980     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/958965.958967     Document Type: Conference Paper

References (19)

1. S. Bellovin and M. Merritt, "Augmented encrypted key exchange: A password-based protocol secure against dictionary attacks and password-file compromise," in ACM Conference on Computer and Communications security, pp. 244-250, 1993.
2. C. M. Chen and W. C. Ku, "Stolen-verifier attack on two new strong-password authentication protocols," IEICE Transactions on Communications, vol. E58-B, no. 11, pp. 2519-2521, Nov. 2002.
3. Draft D2002-12-20 of IEEE P1363.2 (Standard specifications for public key cryptographic: password-based techniques), IEEE P1363 working group, 2002.
4. N. M. Haller, "A one-time password system," RFC 1704, 1994.
5. J. J. Hwang and T. C. Yeh, "Improvement on Peyravian-Zunic's password authentication schemes," IEICE Transactions on Communications, vol. E85-B, no. 4, pp. 823-825, 2002.
6. th International Conference on Computer Communications and Networks, pp. 105-112, 1995.
7. W. C. Ku and C. M. Chen, "Cryptanalysis of a one time password authentication protocols," in Proceedings of the 2001 National Computer Symposium, Taiwan, pp. F046-F050, Dec. 2001.
8. W. C. Ku, C. M. Chen, and H. L. Lee, "Cryptanalysis of a variant of Peyravian-Zunic's password authentication scheme', IEICE Transactions on Communications, vol. E86-B, no. 5, pp. 1682-1684, May 2003.
9. L. Lamport, "Password authentication with insecure communication," Communications of the ACM., vol. 24, no. 11, pp. 770-772, Nov. 1981.
10. C. C. Lee, L. H. Li, and M. S. Hwang, "A remote user authentication scheme using hash functions," ACM Operating Systems Review, vol. 36, no. 4, pp. 23-29, Oct. 2002.
11. C. L. Lin, H. M. Sun, and T. Hwang, "Attacks and solutions on strong-password authentication," IEICE Transactions on Communications, vol. E84-B, no. 9, pp. 2622-2627, Sept. 2001.
12. National Institute of Standards and Technology, "Secure hash standard," FIPS Publication 180-1, April 1995.
13. M. Peyravian and N. Zunic, "Methods for protecting password transmission," Computers & Security, vol. 19, no. 5, pp. 466-469, 2000.
14. R. Rivest, "The MD5 message-digest algorithm," RFC 1321, April 1992.
15. M. Sandirigama, A. Shimizu and M.T. Noda, "Simple and secure password authentication protocol (SAS)," IEICE Transactions on Communications, vol. E83-B, no. 6, pp. 1363-1365, June 2000.
16. A. Shimizu, "A dynamic password authentication method by one-way function," IEICE Transac tions, vol. J73-D-I, no. 7, pp. 630-636, July 1990.
17. A. Shimizu, T. Horioka and H. Inagaki, "A password authentication methods for contents communication on the internet', IEICE Transactions on Communications, vol. E81-B, no. 8, pp. 1666-1673, Aug. 1998.
18. W. Stallings, Cryptography and Network Security: Principles and Practice, Second Edition, Prentice-Hall, 1999.
19. T. Tsuji and A. Shimizu, "An impersonation attack on one-time password authentication protocol OSPA," to appear in IEICE Transactions on Communications, vol. E86-B, no. 7, July 2003.