Cryptology ePrint Archive: Report 2008/400

Comments on two password based protocols

Yalin Chen and Hung-Min Sun and Chun-Hui Huang and Jue-Sam Chou

Abstract: Recently, M. Hölbl et al. and I. E. Liao et al. each proposed an user authentication protocol. Both claimed that their schemes can withstand password guessing attack. However, T. Xiang et al. pointed out I. E. Liao et al.'s protocol suffers three kinds of attacks, including password guessing attacks. We present an improvement protocol to get rid of password guessing attacks. In this paper, we first point out the security loopholes of M. Hölbl et al.'s protocol and review T. Xiang et al.'s cryptanalysis on I. E. Liao et al.'s protocol. Then, we present the improvements on M. Hölbl et al.'s protocol and I. E. Liao et al.'s protocol, respectively.

Category / Keywords: cryptographic protocols / hash functions, identification protocols, smart cards

Date: received 20 Sep 2008, last revised 24 Sep 2008

Contact author: d949702 at oz nthu edu tw

Available format(s): PDF | BibTeX Citation

Version: 20080924:105819 (All versions of this report)

Short URL: ia.cr/2008/400

Discussion forum: Show discussion | Start new discussion