Abstract
The password scheme using smart cards is a very practical solution to remote authentication. Recently, Yang, Wang, and Chang proposed two password authentication schemes to resist Sun-Yeh's forgery attacks. This paper aims to report a new and generalized forgery method on this kind of password authentication schemes. As a paradigm to demonstrate the new method, it is shown that Yang-Wang-Chang's schemes still suffer from impersonation attacks. Only from the obtained public information, an adversary is able to construct a valid login or authentication message to impersonate any legal user. It is expected that this cryptanalysis results will enlighten the development of secure schemes, which are more suitable for real-life cryptographic applications than previous versions.
| Original language | English |
|---|---|
| Pages (from-to) | 471-475 |
| Number of pages | 5 |
| Journal | Journal of Computational Information Systems |
| Volume | 1 |
| Issue number | 3 |
| State | Published - Sep 2005 |
| Externally published | Yes |
Keywords
- Authentication
- Cryptanalysis
- Extended euclidean algorithm
- Forgery
- Impersonation
- Password