INFORMATICA

Informatica

0868-49520868-4952

INF12308

10.3233/INF-2001-12308

Research article

On the Security of Methods for Protecting Password Transmission^✩

Tseng

Yuh-Min

tym@bear.nkjc.edu.twJan

Jinn-Ke

Chien

Hung-Yu

Department of Information Management, Nan-Kai College of Technology and Commerce, Nantou, Taiwan 542, R.O.CInstitute of Applied Mathematics, National Chung Hsing University, Taichung, Taiwan 402, R.O.C.

^✩

This research was partially supported by National Science Council, Taiwan, R.O.C., under contract no. NSC89–2213-E-252–008.

01012001

12346947601102000

Peyravian and Zunic (2000) proposed a password transmission scheme and a password change scheme over an insecure network. Their proposed solutions do not require the use of any symmetric-key or public-key cryptosystems. However, this article points out that their schemes have several security flaws for practical applications. A slight improvement on their schemes is proposed in this paper to remove the security flaws.

Keywordscryptographypasswordhash functiondiscrete logarithm