Paper 2009/338

Security weaknesses in two multi-server password based authentication protocols

Jue-Sam Chou, Chun-Hui Huang, and Cheng-Chung Ding

Abstract

In 2004 and 2005, Tsaur et al. proposed a smart card based password authentication schemes for multi-server environments, respectively. They claimed that their protocols are safe and can withstand various kinds of attacks. However, after analysis, we found their schemes each have some secure loopholes. In this article, we will show the security flaws in these two protocols.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Unknown where it was published
Keywords
multi-serverremote password authenticationlsmart cardkey agreement
Contact author(s)
jschou @ mail nhu edu tw
History
2009-07-13: received
Short URL
https://ia.cr/2009/338
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2009/338,
      author = {Jue-Sam Chou and Chun-Hui Huang and Cheng-Chung Ding},
      title = {Security weaknesses in two multi-server password based authentication protocols},
      howpublished = {Cryptology {ePrint} Archive, Paper 2009/338},
      year = {2009},
      url = {https://eprint.iacr.org/2009/338}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.