INFORMATICA Informatica 1822-8844 0868-4952 0868-4952 Vilnius University Institute of Mathematics and Informatics Akademijos 4, LT-08663 Vilnius, Lithuania INFO581 10.15388/Informatica.2005.099 Research Article Attacks and Solutions of Yang et al.’s Protected Password Changing Scheme Yoon Eun-Jun ejyoon@infosec.knu.ac.kr Ryu Eun-Kyung ekryu@infosec.knu.ac.kr Yoo Kee-Young yook@knu.ac.kr Department of Computer Engineering, Kyungpook National University, 1370 Sankyuk-dong, Buk-gu, Daegu 702-701, South Korea 2005 16 2 285 294 1 1 2004 © 2005 Institute of Mathematics and Informatics, Vilnius 2005 Open access article under the CC BY license.

Recently, Yang et al. proposed an improvement to Tseng et al.’s protected password changing scheme that can withstand denial of service attack. However, the improved scheme is still susceptible to stolen-verifier attack and denial of service attack. Accordingly, the current paper demonstrates the vulnerability of Yang et al.’s scheme to two simple attacks and presents an improved protected password change scheme to resolve such problems. In contrast to Yang et al.’s protected password changing scheme and the existing password change schemes using server’s public key, the proposed scheme can securely update user passwords without a complicated process and server’s public key.

 cryptography password authentication discrete logarithm hash function