Informatica

In 1995, Wu proposed a remote login authentication scheme based on geometric approach. However, Chien, Jan and Tseng presented a cryptanalysis of Wu’s scheme to show that it is not secure. Moreover, they proposed a modified version of Wu’s scheme. This paper presents there is a serious weakness in this modified remote login authentication scheme. We show that an illegal user can easily forge a valid login request in the modified version proposed previously.

Smart card has been adopted to various applications. In 2000, Hwang and Li proposed a remote user authentication scheme, which is also using smart card. Nine months later, Chan and Cheng pointed out that there is a weakness in the remote authentication scheme proposed by Hwang and Li. In this paper, we show that Chan and Cheng's attack does not work well because they did not consider the format of user's identity. In addition, we propose several ways to solve the problem of Chan and Cheng's attack.

In an internet environment, such as UNIX, a remote user has to obtain the access right from a server before doing any job. The procedure of obtaining acess right is called a user authentication protocol. User authentication via user memorable password provides convenience without needing any auxiliary devices, such as smart card. A user authentication protocol via username and password should basically withstand the off‐line password guessing attack, the stolen verifier attack, and the DoS attack. Recently, Peyravian and Zunic proposed one password transmission protocol and one password change protocol. Later, Tseng et al. (2001) pointed out that Peyravian and Zunic's protocols can not withstand the off‐line password guessing attack, and therefore proposed an improved protocol to defeat the attack. Independently, Hwang and Yeh also showed that Peyravian and Zunic's protocols suffer from some secury flaws, and an improved protocol was also presented. In this paper, we show that both Peyravian and Zunic's protocols and Tseng et al.'s improved protocol are insecure against the stolen verifier attack. Moreover, we show that all Peyravian and Zunic's, Tseng et al.'s, and Hwang and Yeh's protocols are insecure against DoS attack.

This paper discusses a known-plaintext attack on a redundancy reducing cipher method which is proposed by Wayner. We also propose an extension of Wayner's redundancy reducing cipher scheme so that the security will be improved greatly.

Recently, Harn proposed an efficient scheme that can batch verification multiple RSA digital signatures. His scheme can reduce signature verification time. However, there is a weakness in his scheme. In this study, we present two methods to against his scheme.