Attacks and Solutions of Yang et al. ’s Protected Password Changing Scheme
Volume 16, Issue 2 (2005), pp. 285–294
Pub. online: 5 August 2022
Type: Research Article
Open Access
Received
1 January 2004
1 January 2004
Published
5 August 2022
5 August 2022
Abstract
Recently, Yang et al. proposed an improvement to Tseng et al.’s protected password changing scheme that can withstand denial of service attack. However, the improved scheme is still susceptible to stolen-verifier attack and denial of service attack. Accordingly, the current paper demonstrates the vulnerability of Yang et al.’s scheme to two simple attacks and presents an improved protected password change scheme to resolve such problems. In contrast to Yang et al.’s protected password changing scheme and the existing password change schemes using server’s public key, the proposed scheme can securely update user passwords without a complicated process and server’s public key.