Weaknesses and Improvements of Yang–Chang–Hwang’s Password Authentication Scheme
Volume 16, Issue 2 (2005), pp. 203–212
Pub. online: 5 August 2022
Type: Research Article
Open Access
Received
1 May 2004
1 May 2004
Published
5 August 2022
5 August 2022
Abstract
In 2001, Tseng, Jan, and Chien proposed an improved version of Peyravian–Zunic’s password authentication scheme based on the Diffie–Hellman scheme. Later, Yang, Chang, and Hwang demonstrated that Tseng–Jan–Chien’s scheme is vulnerable to a modification attack, and then described an improved scheme. In this paper, we show that Yang–Chang–Hwang’s scheme is still vulnerable to a denial-of-service attack and a stolen-verifier attack. In addition, we also propose an improved scheme with better security.