Abstract
Recently, Peyravian and Jeffries [M. Peyravian, C. Jeffries, Secure remote user access over insecure networks, Computer Communications 29 (2006) 660–667] have proposed two set of protocols to perform remote user authentication and password change in a secure manner. The first set of protocols is based on hash functions, where no symmetric or asymmetric encryption scheme is applied. As Peyravian and Jeffries claim, these protocols suffer from an off-line password-guessing attack. They propose a second set of protocols based on Diffie–Hellman key agreement scheme to overcome the mentioned weakness. However, we show in this paper that this second set of protocols suffers also from the off-line password-guessing attack when a server impersonation attack is performed.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.