An improvement of the Yang-Shieh password authentication schemes

摘要

Recently, Yang and Shieh proposed two password authentication schemes by employing smart cards. One is a timestamp-based password authentication scheme and the other is a nonce-based password authentication scheme. In 2002, Chan and Cheng pointed out that Yang and Shieh's timestamp-based password authentication scheme was vulnerable to the forgery attack. However, in 2003, Sun and Yeh pointed out that Chan and Cheng's attack was unreasonable. At the same time, Sun and Yeh pointed out that Yang and Shieh's password authentication schemes were still vulnerable to the forgery attack. In this paper, we shall improve Yang and Shieh's schemes to resist Sun and Yeh's attack.