Novel forgery method based on some password authentication schemes

The password scheme using smart cards is a very practical solution to remote authentication. Recently, Yang, Wang, and Chang proposed two password authentication schemes to resist Sun-Yeh's forgery attacks. This paper aims to report a new and generalized forgery method on this kind of password authentication schemes. As a paradigm to demonstrate the new method, it is shown that Yang-Wang-Chang's schemes still suffer from impersonation attacks. Only from the obtained public information, an adversary is able to construct a valid login or authentication message to impersonate any legal user. It is expected that this cryptanalysis results will enlighten the development of secure schemes, which are more suitable for real-life cryptographic applications than previous versions.