Abstract
In 1988, Laih, Harn and Huang proposed a password authentication scheme using quadratic residues. In their scheme, the user's password is effectively bound to the user's identification, regardless of the state of the password file. Furthermore, passwords are not stored in the system directory, and the password file is replaced by a public verification table. This research note shows that Laih et al.'s scheme is breakable. Also, a possible attack on Laih et al.'s scheme is discussed.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have