You are looking at a specific version 20111015:125330 of this paper. See the latest version.

Paper 2011/527

Security Weaknesses of password-only authenticated key establishment protocol without public key cryptography

Mohsen Toorani and Maryam Saeed

Abstract

In 2005, Laih et al. proposed a password-based authentication key exchange protocol that is not based on public key cryptography but uses human ability to extract strings from distorted images. In this letter, it is shown that Laih et al.’s protocol is vulnerable to password compromise impersonation, malicious server, offline password guessing, undetectable online password guessing, stolen-verifier, and Unknown Key-Share (UKS) attacks and it does not provide forward secrecy and key confirmation.

Metadata
Available format(s)
-- withdrawn --
Publication info
Published elsewhere. Unknown where it was published
Keywords
Cryptographic protocolsPAKECAPTCHASecurity analysisAttacks
Contact author(s)
mohsen toorani @ ii uib no
History
2011-10-15: withdrawn
2011-09-28: received
See all versions
Short URL
https://ia.cr/2011/527
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.