Pub. online:5 Aug 2022Type:Research ArticleOpen Access
Journal:Informatica
Volume 16, Issue 2 (2005), pp. 285–294
Abstract
Recently, Yang et al. proposed an improvement to Tseng et al.’s protected password changing scheme that can withstand denial of service attack. However, the improved scheme is still susceptible to stolen-verifier attack and denial of service attack. Accordingly, the current paper demonstrates the vulnerability of Yang et al.’s scheme to two simple attacks and presents an improved protected password change scheme to resolve such problems. In contrast to Yang et al.’s protected password changing scheme and the existing password change schemes using server’s public key, the proposed scheme can securely update user passwords without a complicated process and server’s public key.
Journal:Informatica
Volume 14, Issue 4 (2003), pp. 551–558
Abstract
Recently, Tseng et al. proposed an improvement on Peyravian and Zunic's protected password transmission scheme and protected changing scheme to remove some security flaws. However, as we will point out in this paper, any adversary can intercept the request for changing the password sent by a legal user and modify it with a wrong password. Furthermore, we shall also propose an improved version of their protected password changing scheme to help it out of the trouble.
Journal:Informatica
Volume 14, Issue 4 (2003), pp. 445–454
Abstract
An authenticated encryption allows the designated recipient to verify the authenticity while recovering the message. To protect the recipient's benefit in case of a later dispute, a convertible authenticated encryption scheme allows the recipient to convert the authenticated encryption into an ordinary signature so that it becomes a publicly verifiable. This paper shows a universal forgery attack on Araki et al.'s convertible authenticated encryption scheme, and proposes a new convertible authenticated encryption scheme. Without using any conventional one‐way function, the proposed scheme simplifies its security assumption on only a public hard problem – the discrete logarithm problem.
Journal:Informatica
Volume 12, Issue 3 (2001), pp. 469–476
Abstract
Peyravian and Zunic (2000) proposed a password transmission scheme and a password change scheme over an insecure network. Their proposed solutions do not require the use of any symmetric-key or public-key cryptosystems. However, this article points out that their schemes have several security flaws for practical applications. A slight improvement on their schemes is proposed in this paper to remove the security flaws.