Abstract
Yeh et al. (2003) proposed a password-authenticated key exchange protocol which is claimed to be an improvement of Zhu et al.'s (2002) password-authenticated key exchange protocol to defend against the so-called undetectable on-line password guessing attack. In this paper, we show that the improved protocol of Yeh et al. is insecure. In fact, an adversary can recover the password, off-line, by executing a single run of the improved protocol. We also point out the misconception of the so-called undetectable on-line password guessing attack.
Full Text 
Sign-in/Register to access full text options
Sign-in/Register to access full text options 
Published version (
Free)
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
