Paper 2004/040

Cryptanalysis of a timestamp-based password authentication scheme

Lizhen Yang and Kefei Chen

Abstract

Recently, J.-J. Shen, C.-W. Lin and M.-S. Hwang (Computers & Security, Vol 22, No 7, pp 591-595, 2003) proposed a modified Yang-Shieh scheme to enhance security. They claimed that their modified scheme can withstand the forged login attack and also provide a mutual authentication method to prevent the forged server attack. In this paper, we show that the Shen-Lin-Hwang scheme cannot resist the forged login attack either. The intruder is able to forge a valid forge request of a legitimate user Ui and then successfully impersonate him by intercepting a login request sent by Ui and registering a smart card.

Metadata
Available format(s)
PDF PS
Category
Cryptographic protocols
Publication info
Published elsewhere. unpublicized
Contact author(s)
yang-lz @ cs sjtu edu cn
History
2004-02-16: received
Short URL
https://ia.cr/2004/040
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2004/040,
      author = {Lizhen Yang and Kefei Chen},
      title = {Cryptanalysis of a timestamp-based password authentication scheme},
      howpublished = {Cryptology {ePrint} Archive, Paper 2004/040},
      year = {2004},
      url = {https://eprint.iacr.org/2004/040}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.