INFORMATICA Informatica 1822-8844 0868-4952 0868-4952 Vilnius University Institute of Mathematics and Informatics Akademijos 4, LT-08663 Vilnius, Lithuania INFO577 10.15388/Informatica.2005.094 Research Article Weaknesses and Improvements of Yang–Chang–Hwang’s Password Authentication Scheme Ku Wei-Chi wcku@csie.fju.edu.tw Tsai Hao-Chuan Department of Computer Science and Information Engineering, Fu Jen Catholic University, 510 Chung Cheng Road, Hsinchuang, Taipei County, Taiwan 242, R.O.C. 2005 16 2 203 212 1 5 2004 © 2005 Institute of Mathematics and Informatics, Vilnius 2005 Open access article under the CC BY license.

In 2001, Tseng, Jan, and Chien proposed an improved version of Peyravian–Zunic’s password authentication scheme based on the Diffie–Hellman scheme. Later, Yang, Chang, and Hwang demonstrated that Tseng–Jan–Chien’s scheme is vulnerable to a modification attack, and then described an improved scheme. In this paper, we show that Yang–Chang–Hwang’s scheme is still vulnerable to a denial-of-service attack and a stolen-verifier attack. In addition, we also propose an improved scheme with better security.

 password authentication denial-of-service attack stolen-verifier attack