1-3hit |
Yeh, Shen, and Hwang recently proposed a secure one-time password authentication scheme using smart cards. They modified the famous S/KEY scheme to achieve security against preplay attacks and off-line dictionary attacks. However, this article shows that their scheme is vulnerable to preplay attacks.
Recently, Yeh, Shen and Hwang proposed an one-time password authentication scheme, which enhances the S/KEY scheme to resist server spoofing attacks, preplay attacks and off-line dictionary attacks. In this letter, the weaknesses and inconveniences of their scheme are demonstrated.
Wei-Chi KU Hao-Chuan TSAI Maw-Jinn TSAUR
Recently, Yeh, Shen, and Hwang proposed a smartcard-based one-time password authentication scheme as an improved version of S/KEY, and claimed that their scheme is superior to other similar schemes in security and efficiency. In this letter, we show that Yeh-Shen-Hwang's scheme is still vulnerable to a stolen-verifier attack that may cause serious security problems.