• 디지털산업정보학회논문지
• /
• 제7권4호
• /
• pp.23-30
• /
• 2011

Recently, Tsai proposed a remote user authentication scheme suited for multi-server environments, in which users can be authenticated using a single password shared with the registration center. Our analysis shows that Tsai et al's scheme does not achieve its fundamental goal of password security. We demonstrate this by mounting an undetectable on-line password guessing attack on Tsai et al.'s scheme.

• 한국정보통신설비학회:학술대회논문집
• /
• 한국정보통신설비학회 2008년도 정보통신설비 학술대회
• /
• pp.163-165
• /
• 2008

Recently, Lu and Cao proposed a password-authenticated key exchange protocol in the three party setting, and the authors claimed that their protocol works within three rounds. In this paper, we analyze the protocol and show the protocol cannot work within three rounds. We also find two security flaws in the protocol. The protocol is vulnerable to an undetectable password guessing attack and an off-line password guessing attack.