Cryptology ePrint Archive: Report 2009/338

Security weaknesses in two multi-server password based authentication protocols

*Jue-Sam Chou1, Chun-Hui Huang2, Cheng-Chung Ding3

Abstract: In 2004 and 2005, Tsaur et al. proposed a smart card based password authentication schemes for multi-server environments, respectively. They claimed that their protocols are safe and can withstand various kinds of attacks. However, after analysis, we found their schemes each have some secure loopholes. In this article, we will show the security flaws in these two protocols.

Category / Keywords: multi-server, remote password authenticationl, smart card, key agreement,

Date: received 8 Jul 2009

Contact author: jschou at mail nhu edu tw

Available formats: PDF | BibTeX Citation

Version: 20090713:020450 (All versions of this report)

Discussion forum: Show discussion | Start new discussion