Cryptology ePrint Archive: Report 2004/040

Cryptanalysis of a timestamp-based password authentication scheme

Lizhen Yang, Kefei Chen

Abstract: Recently, J.-J. Shen, C.-W. Lin and M.-S. Hwang (Computers & Security, Vol 22, No 7, pp 591-595, 2003) proposed a modified Yang-Shieh scheme to enhance security. They claimed that their modified scheme can withstand the forged login attack and also provide a mutual authentication method to prevent the forged server attack. In this paper, we show that the Shen-Lin-Hwang scheme cannot resist the forged login attack either. The intruder is able to forge a valid forge request of a legitimate user Ui and then successfully impersonate him by intercepting a login request sent by Ui and registering a smart card.

Category / Keywords: cryptographic protocols /

Publication Info: unpublicized

Date: received 13 Feb 2004

Contact author: yang-lz at cs sjtu edu cn

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20040216:095716 (All versions of this report)

Short URL: ia.cr/2004/040

Discussion forum: Show discussion | Start new discussion